Skip to content

Release v1.90.0
Compare
Choose a tag to compare
@semgrep-ci semgrep-ci released this 26 Sep 01:41
· 20 commits to main since this release
v1.90.0
bc03844
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

1.90.0 - 2024-09-25

Added

  • Expanded support for requirement lockfiles. Semgrep will now find any *requirement*.txt
    file and lockfiles in a requirements folder (**/requirements/*.txt). This functionality
    will be gated behind the --enable-experimental-requirements CLI flag. (sc-1752)

Changed

  • Security update for code snippet storage & access methods. (gh-2038)

Fixed

  • Errors that occur in semgrep scans with jobs > 1 will now have more detail (SAF-1628)
  • Dockerfile matching: CMD $...ARGS now behaves like CMD ... and matches
    any CMD instruction that uses the array syntax such as CMD ["ls"]. This
    fix also applies to the other command-like instructions RUN
    and ENTRYPOINT. (gh-9726)
  • Pro Engine: There is now improved type inference in Kotlin and Scala. Constructor invocations like
    Foo() will now be inferred properly to be of type Foo. (saf-1537)
Assets 3
Loading