Update semgrep requirement from ~=1.45.0 to ~=1.46.0

[dependabot]

Updates the requirements on semgrep to permit the latest version.

Release notes

Sourced from semgrep's releases.

Release v1.46.0

1.46.0 - 2023-10-24

Added

• semgrep install-semgrep-pro now takes an optional --custom-binary flag to install the specified semgrep-core-proprietary binary rather than downloading it. (custom-pro-binary)

Fixed

• pyproject.toml parser now handles optional newlines right after section headers. (gh-10879)

• Updated the parsers for poetry.lock, pipfile.lock, and requirements.txt to ignore case sensitivity from package names. This matches their respective specifications. Test cases were added to account for this change. (gh-8984)

• Reduced the limits for the prefilter optimization so that rules that cause computing the prefilter to blow up will abort more quickly. This improves performance by 2-3 seconds for each of the slowest rules. May cause a slowdown if a rule that previously could be filtered out no longer will be, but based on testing this is unlikely. (gh-9040)

• Fixed issue where conditional expressions aren't handled properly in expression based language.

  Rust example:

  Before:

  fn expr_stmt_if(c) {
    y = 0;
    x = if c { y = 1 };
  // Before: this matches when it shouldn't because y is not always 1.
  // After: this does not match, which is the correct behavior.
  y == 1;
  }
  </code></pre>
  </li>
  <li>
  <p>Fixed type error in creation of DependencyParserError object in the pnpm-lock.yaml parser (sc-1115)</p>
  </li>
  </ul>
  </blockquote>
  </details>
  <details>
  <summary>Changelog</summary>
  <p><em>Sourced from <a href="https://github.com/returntocorp/semgrep/blob/develop/CHANGELOG.md&quot;&gt;semgrep's changelog</a>.</em></p>
  <blockquote>
  <h2><a href="https://github.com/returntocorp/semgrep/releases/tag/v1.46.0&quot;&gt;1.46.0&lt;/a> - 2023-10-24</h2>
  <h3>Added</h3>
  <ul>
  <li><code>semgrep install-semgrep-pro</code> now takes an optional <code>--custom-binary</code> flag to install the specified <code>semgrep-core-proprietary</code> binary rather than downloading it. (custom-pro-binary)</li>
  </ul>
  <h3>Fixed</h3>
  <ul>
  <li>
  <p>pyproject.toml parser now handles optional newlines right after section headers. (<a href="https://redirect.github.com/returntocorp/semgrep/issues/10879&quot;&gt;gh-10879&lt;/a&gt;)&lt;/p>
  </li>
  <li>
  <p>Updated the parsers for poetry.lock, pipfile.lock, and requirements.txt to ignore case sensitivity from package names.
  This matches their respective specifications. Test cases were added to account for this change. (<a href="https://redirect.github.com/returntocorp/semgrep/issues/8984&quot;&gt;gh-8984&lt;/a&gt;)&lt;/p>
  </li>
  <li>
  <p>Reduced the limits for the prefilter optimization so that rules that cause
  computing the prefilter to blow up will abort more quickly. This improves
  performance by 2-3 seconds for each of the slowest rules. May cause a
  slowdown if a rule that previously could be filtered out no longer will be,
  but based on testing this is unlikely. (<a href="https://redirect.github.com/returntocorp/semgrep/issues/9040&quot;&gt;gh-9040&lt;/a&gt;)&lt;/p>
  </li>
  <li>
  <p>Fixed issue where conditional expressions aren't handled properly in expression based language.</p>
  <p>Rust example:</p>
  <p>Before:</p>
  <pre lang="rust"><code>fn expr_stmt_if(c) {
  y = 0;
  x = if c { y = 1 };
  // Before: this matches when it shouldn't because y is not always 1.
  // After: this does not match, which is the correct behavior.
  y == 1;
  }
  &lt;/code&gt;&lt;/pre&gt;
  &lt;/li&gt;
  &lt;li&gt;
  &lt;p&gt;Fixed type error in creation of DependencyParserError object in the pnpm-lock.yaml parser (sc-1115)&lt;/p&gt;
  &lt;/li&gt;
  &lt;/ul&gt;
  &lt;h2&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/releases/tag/v1.45.0&quot;&gt;1.45.0&lt;/a&gt; - 2023-10-18&lt;/h2&gt;
  &lt;h3&gt;Changed&lt;/h3&gt;
  &lt;ul&gt;
  &lt;li&gt;
  &lt;p&gt;Previously, to ignore a finding from rule 'foo.bar.my-rule' we only accepted
  &lt;code&gt;nosemgrep: foo.bar.my-rule&lt;/code&gt;, now we also accept &lt;code&gt;nosemgrep: my-rule&lt;/code&gt;. (pa-3094)&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
  &lt;p&gt;[Breaking Change] Improved Matching of C++ Constructors&lt;/p&gt;
  &lt;p&gt;In this update, we've enhanced Semgrep's ability to match C++ constructors more
  accurately. C++ introduces a syntactic ambiguity between function and variable
  definitions, particularly with constructors. The C++ compiler determines how to
  interpret an expression based on contextual information, such as whether the
  immediate parent scope is a function or a class, and whether the identifiers
  within the parentheses represent variables or types. Due to this complexity,&lt;/p&gt;
  &lt;/li&gt;
  &lt;/ul&gt;
  &lt;!-- raw HTML omitted --&gt;
  &lt;/blockquote&gt;
  &lt;p&gt;... (truncated)&lt;/p&gt;
  &lt;/details&gt;
  &lt;details&gt;
  &lt;summary&gt;Commits&lt;/summary&gt;
  
  &lt;ul&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/8479f8f92f5d58e6856123e4f4c0f07210bfb071&quot;&gt;&lt;code&gt;8479f8f&lt;/code&gt;&lt;/a&gt; chore: Bump version to 1.46.0&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/5b78796ce3aecb812a378519ba98b3c8dbb1bf93&quot;&gt;&lt;code&gt;5b78796&lt;/code&gt;&lt;/a&gt; fix(perf): reduce time spent on prefilter computation (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9053&quot;&gt;#9053&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/c0ade0bd25c511b4ac736ba06c56129a0b5e3d95&quot;&gt;&lt;code&gt;c0ade0b&lt;/code&gt;&lt;/a&gt; Log the source PCRE pattern in case of an error. (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9045&quot;&gt;#9045&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/16bb08cd30629a0bf62b2296541413016267d910&quot;&gt;&lt;code&gt;16bb08c&lt;/code&gt;&lt;/a&gt; Add comment on test-e2e-semgrep-ci workflow (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9073&quot;&gt;#9073&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/33a0405a008cd0c3dd0a294ae333adb04a787c17&quot;&gt;&lt;code&gt;33a0405&lt;/code&gt;&lt;/a&gt; feat!(secrets): rename allow-untrusted-postprocessors (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9068&quot;&gt;#9068&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/3ea957fa9da332087ccc429103e40717c427d5d9&quot;&gt;&lt;code&gt;3ea957f&lt;/code&gt;&lt;/a&gt; fix: properly handle conditional stmt_exprs (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9060&quot;&gt;#9060&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/efc8d1594f603ec21ae0da710fc7fc3578e2085d&quot;&gt;&lt;code&gt;efc8d15&lt;/code&gt;&lt;/a&gt; Revert &amp;quot;fix: Refuse to run out of date semgrep-core-proprietary&amp;quot; (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9070&quot;&gt;#9070&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/17f8b5461c641bf95de512aa77d6217c3261c195&quot;&gt;&lt;code&gt;17f8b54&lt;/code&gt;&lt;/a&gt; removing case sensitivity for package names (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/8984&quot;&gt;#8984&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/5b878349a2167ddebb5ed578ec3dfc8bd377e534&quot;&gt;&lt;code&gt;5b87834&lt;/code&gt;&lt;/a&gt; add metrics for diff scans (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9061&quot;&gt;#9061&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/returntocorp/semgrep/commit/f63dd221d672855ef34b7b34bd0c6c4c42a3bec8&quot;&gt;&lt;code&gt;f63dd22&lt;/code&gt;&lt;/a&gt; remove oncall_email (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9065&quot;&gt;#9065&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;Additional commits viewable in &lt;a href=&quot;https://github.com/returntocorp/semgrep/compare/v1.45.0...v1.46.0&quot;&gt;compare view&lt;/a&gt;&lt;/li&gt;
  &lt;/ul&gt;
  &lt;/details&gt;
  
  &lt;br /&gt;
  </code></pre>
  
  
  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
  
  [//]: # (dependabot-automerge-start)
  [//]: # (dependabot-automerge-end)
  
  ---
  
  <details>
  <summary>Dependabot commands and options</summary>
  <br />
  
  You can trigger Dependabot actions by commenting on this PR:
  - `@dependabot rebase` will rebase this PR
  - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
  - `@dependabot merge` will merge this PR after your CI passes on it
  - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
  - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
  - `@dependabot reopen` will reopen this PR if it is closed
  - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
  - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  
  
  </details>

[codecov]

Codecov Report

Merging #96 (139aa23) into main (ac628f1) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #96   +/-   ##
=======================================
  Coverage   95.22%   95.22%           
=======================================
  Files          51       51           
  Lines        2285     2285           
=======================================
  Hits         2176     2176           
  Misses        109      109