Bump semgrep from 1.85.0 to 1.95.0

[dependabot]

Bumps semgrep from 1.85.0 to 1.95.0.

Release notes

Sourced from semgrep's releases.

Release v1.95.0

1.95.0 - 2024-10-31

Changed

• Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

• osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
• Fixed bug where semgrep would crash if --trace was passed (saf-tracing)

Release v1.94.0

1.94.0 - 2024-10-30

Fixed

• pro: taint-mode: Semgrep should no longer confuse a return in a lambda with a return in its enclosing function.

  E.g. In the example below the return value of foo is NOT tainted:

  function foo() {
      bar(() => taint);
      return ok;
  } (code-7657)
  

• OCaml: matching will now recognized "local open" so that a pattern like Foo.bar ... will now correctly match code such as let open Foo in bar 1 or Foo.(bar 1) in addition to the classic Foo.bar 1. (local_open)

• Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598)

• Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672)

• semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681)

Release v1.93.0

1.93.0 - 2024-10-23

Added

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.95.0 - 2024-10-31

Changed

• Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

• osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
• Fixed bug where semgrep would crash if --trace was passed (saf-tracing)

1.94.0 - 2024-10-30

Fixed

• pro: taint-mode: Semgrep should no longer confuse a return in a lambda with a return in its enclosing function.

  E.g. In the example below the return value of foo is NOT tainted:

  function foo() {
      bar(() => taint);
      return ok;
  } (code-7657)
  

• OCaml: matching will now recognized "local open" so that a pattern like Foo.bar ... will now correctly match code such as let open Foo in bar 1 or Foo.(bar 1) in addition to the classic Foo.bar 1. (local_open)

• Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598)

• Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672)

• semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681)

1.93.0 - 2024-10-23

Added

... (truncated)

Commits

• 4472baa chore: release version 1.95.0
• e09d3e3semgrep/semgrep-proprietary#2533
• f982784 fix(sca): lowercase python packages when parsing from rule (semgrep/semgrep-p...
• 84bd900semgrep/semgrep-proprietary#2530
• b3cd676 chore(sca): remove --enable-experimental-requirements flag (semgrep/semgrep...
• fadc8f1 fix(osemgrep): enable proprietary parsers in osemgrep-pro (semgrep/semgrep-pr...
• bf1847c chore(dep-resolution): update interfaces for new manifest kinds (semgrep/semg...
• 33f320esemgrep/semgrep-proprietary#2527
• 459dd34semgrep/semgrep-proprietary#2524
• d48d887semgrep/semgrep-proprietary#2523
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.