Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update returntocorp/semgrep docker tag to v1.54.3 #576

Merged
merged 1 commit into from
Dec 22, 2023
Merged

chore(deps): update returntocorp/semgrep docker tag to v1.54.3 #576

merged 1 commit into from
Dec 22, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 22, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Type Update Change
returntocorp/semgrep container patch 1.54.2 -> 1.54.3

Release Notes

semgrep/semgrep (returntocorp/semgrep)

v1.54.3

Compare Source

Added

  • Pro only: taint-mode: Added experimental at-exit: true option for sinks, that
    makes a sink spec only apply on the "exit" instructions/statements of a function.
    That is, the instructions after which the control-flow exits the function. This is
    useful for writing rules to find "leaks", such as checking that file descriptors
    are being closed within the same function where they were opened.

    For example, given this taint rule:

    pattern-sources:
  - by-side-effect: true
    patterns:
      - pattern: $FILE = open(...)
      - focus-metavariable: $FILE
pattern-sanitizers:
  - by-side-effect: true
    patterns:
      - pattern: $FILE.close(...)
      - focus-metavariable: $FILE
pattern-sinks:
  - at-exit: true
    pattern: |
      def $FUN(...):
        ...

    Semgrep will report a finding in the code below since at print(content), after
    which the control flow reaches the exit of the function, the file has not yet
    been closed:

    def test():
    file = open("test.txt")
    content = file.read()
    print(content) # FINDING
``` (pa-3266)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot enabled auto-merge December 22, 2023 21:42
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 22, 2023
edited
Loading

Test results

6 tests  ±0   6 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 614e5a9. ± Comparison against base commit a5b5bfb.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 22, 2023
edited
Loading

Pull Request Test Coverage Report for Build 7304410680

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 82.54%
Totals Coverage Status
Change from base Build 7304078337: 0.0%
Covered Lines: 104
Relevant Lines: 126
💛 - Coveralls

@renovate renovate bot force-pushed the renovate/returntocorp-semgrep-1.x branch from 19bd51a to 614e5a9 Compare December 22, 2023 22:38
@renovate renovate bot merged commit 9ad9b78 into main Dec 22, 2023
16 checks passed
@renovate renovate bot deleted the renovate/returntocorp-semgrep-1.x branch December 22, 2023 22:41
@kristof-mattei
Copy link
Owner

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kristof-mattei