Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency semgrep to v1.96.0 #84

Merged
merged 1 commit into from
Nov 8, 2024
Merged

chore(deps): update dependency semgrep to v1.96.0 #84

merged 1 commit into from
Nov 8, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 7, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semgrep 1.95.0 -> 1.96.0 age adoption passing confidence

Release Notes

returntocorp/semgrep (semgrep)

v1.96.0

Compare Source

Added

  • The pro engine now handles duplicate function names in C. When duplicate
    functions are found, we assume that any of the duplicated functions could be
    called. For example, if the function foo is defined in two different files,
    taint errors will be reported for both instances:

    // "a/test.h"
void foo(int x) {
    //deepruleid: dup-symbols
    sink(x);
}

// "b/test.h"
void foo(int x) {
    //deepruleid: dup-symbols
    sink(x);
}

// "main.c"
#ifdef HEADER_A
    #include "a/test.h"
#else
    #include "b/test.h"
#endif

int main() {
    int x = source();
    foo(x);
}
``` (code-7654)
Changed
  • Reduced memory allocations while processing nosemgrep comments, improving memory use and time for scans with a large number of findings. (nosem-mem)
Fixed
  • Optimized taint-mode (only in Pro) to scale better when there is a large number
    of matches of sources/propagators/sanitizers/sinks within a function. (flow-83)
  • Fixed a bug in the supply chain scanner's gradle lockfile parser. Previously, semgrep would fail to parse
    any gradle lockfile which did not start with a specific block comment. Now, semgrep will parse gradle
    lockfiles correctly by ignoring the comment (allowing any or no comment at all to exist). (gh-10508)
  • Exceptions thrown during the processing of a target should not fail
    the whole scan anymore (regression introduced in 1.94.0). The scan will
    have an exit code of 0 instead of 2 (unless the user passed --strict in which
    case it will exit with code 2). (incid-110)
  • Fix exponential parsing time with generic mode on input containing many
    unclosed braces on the same line. (saf-1667)
  • Fix regexp parsing error occurring during ReDoS analysis when encountering
    a character class starting with [: such as [:a-z]. (saf-1693)
  • Fix in semgrep scan: anchored semgrepignore patterns for folders such
    as /tests are now honored properly. Such patterns had previously no
    effect of target file filtering. (semgrepignore-anchored-dirs)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@Zebradil Zebradil merged commit 0a93378 into master Nov 8, 2024
6 checks passed
@Zebradil Zebradil deleted the renovate/semgrep-1.x-lockfile branch November 8, 2024 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zebradil Zebradil Zebradil approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Zebradil