From d5e8f145a8dd61915f195e8adfe7dca0cc96980d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Dec 2024 08:25:47 +0000
Subject: [PATCH] chore(deps-dev): bump semgrep from 1.99.0 to 1.100.0 (#12)
Bumps [semgrep](https://github.com/returntocorp/semgrep) from 1.99.0 to 1.100.0.
Release notes
Sourced from semgrep's releases.
Release v1.100.0
Added
- Pro engine now correctly distinguishes overloaded Scala methods based on their
arity and parameter types, e.g.,
foo(x: Int, y: String) vs. foo(x: String, y: Int). (code-7870)
Changed
- The minimum Python version for semgrep is now 3.9.
We are dropping support for Python 3.8 (python)
Fixed
-
pro: Fixed a bug in interprocedural index-sensitive taint analysis that caused
false negatives when a function updated an arbitrary index, e.g.:
var x = {};
function foo(k) {
x[k] = source();
}
function test(k) {
foo(k);
sink(x); // finding here!
} (CODE-7838)
-
Fixed bug affecting taint tracking through static fields when mixing accesses
using the class name and using an instance object, e.g.:
class C {
static String s;
}
...
C o = new C();
C.s = taint;
sink(o.s); // finding ! (CODE-7871)
-
No more RPC error when using --sarif with some join-mode rules.
Moreover, regular rules without the 'languages:' field will be skipped
instead of aborting the whole scan. (gh-10723)
Changelog
Sourced from semgrep's changelog.
Added
- Pro engine now correctly distinguishes overloaded Scala methods based on their
arity and parameter types, e.g.,
foo(x: Int, y: String) vs. foo(x: String, y: Int). (code-7870)
Changed
- The minimum Python version for semgrep is now 3.9.
We are dropping support for Python 3.8 (python)
Fixed
-
pro: Fixed a bug in interprocedural index-sensitive taint analysis that caused
false negatives when a function updated an arbitrary index, e.g.:
var x = {};
function foo(k) {
x[k] = source();
}
function test(k) {
foo(k);
sink(x); // finding here!
} (CODE-7838)
-
Fixed bug affecting taint tracking through static fields when mixing accesses
using the class name and using an instance object, e.g.:
class C {
static String s;
}
...
C o = new C();
C.s = taint;
sink(o.s); // finding ! (CODE-7871)
-
No more RPC error when using --sarif with some join-mode rules.
Moreover, regular rules without the 'languages:' field will be skipped
instead of aborting the whole scan. (gh-10723)
Commits
2a5266d chore: release version 1.100.0f598c5dsemgrep/semgrep-proprietary#2786e8219f9 chore: Remove check-builtin-literals pre-commit from OSS (semgrep/semgrep-pro...28b6672semgrep/semgrep-proprietary#27738da1b56semgrep/semgrep-proprietary#277877cd7a6 Fix osemgrep target selection bugs for reg file and symlinks on the command l...0dc9518 Add format_context to SARIF RPC and gate some fields (semgrep/semgrep-proprie...75361cbsemgrep/semgrep-proprietary#2605dd81e79semgrep/semgrep-proprietary#276347faae9semgrep/semgrep-proprietary#2762- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
---
poetry.lock | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/poetry.lock b/poetry.lock
index 3d9d8ae..a64fc8e 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1231,13 +1231,13 @@ files = [
[[package]]
name = "ruamel-yaml"
-version = "0.17.40"
+version = "0.18.6"
description = "ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map key order"
optional = false
-python-versions = ">=3"
+python-versions = ">=3.7"
files = [
- {file = "ruamel.yaml-0.17.40-py3-none-any.whl", hash = "sha256:b16b6c3816dff0a93dca12acf5e70afd089fa5acb80604afd1ffa8b465b7722c"},
- {file = "ruamel.yaml-0.17.40.tar.gz", hash = "sha256:6024b986f06765d482b5b07e086cc4b4cd05dd22ddcbc758fa23d54873cf313d"},
+ {file = "ruamel.yaml-0.18.6-py3-none-any.whl", hash = "sha256:57b53ba33def16c4f3d807c0ccbc00f8a6081827e81ba2491691b76882d0c636"},
+ {file = "ruamel.yaml-0.18.6.tar.gz", hash = "sha256:8b27e6a217e786c6fbe5634d8f3f11bc63e0f80f6a5890f28863d9c45aac311b"},
]
[package.dependencies]
@@ -1260,6 +1260,7 @@ files = [
{file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f66efbc1caa63c088dead1c4170d148eabc9b80d95fb75b6c92ac0aad2437d76"},
{file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:22353049ba4181685023b25b5b51a574bce33e7f51c759371a7422dcae5402a6"},
{file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:932205970b9f9991b34f55136be327501903f7c66830e9760a8ffb15b07f05cd"},
+ {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:a52d48f4e7bf9005e8f0a89209bf9a73f7190ddf0489eee5eb51377385f59f2a"},
{file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win32.whl", hash = "sha256:3eac5a91891ceb88138c113f9db04f3cebdae277f5d44eaa3651a4f573e6a5da"},
{file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win_amd64.whl", hash = "sha256:ab007f2f5a87bd08ab1499bdf96f3d5c6ad4dcfa364884cb4549aa0154b13a28"},
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:4a6679521a58256a90b0d89e03992c15144c5f3858f40d7c18886023d7943db6"},
@@ -1268,6 +1269,7 @@ files = [
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:811ea1594b8a0fb466172c384267a4e5e367298af6b228931f273b111f17ef52"},
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:cf12567a7b565cbf65d438dec6cfbe2917d3c1bdddfce84a9930b7d35ea59642"},
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:7dd5adc8b930b12c8fc5b99e2d535a09889941aa0d0bd06f4749e9a9397c71d2"},
+ {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1492a6051dab8d912fc2adeef0e8c72216b24d57bd896ea607cb90bb0c4981d3"},
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win32.whl", hash = "sha256:bd0a08f0bab19093c54e18a14a10b4322e1eacc5217056f3c063bd2f59853ce4"},
{file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win_amd64.whl", hash = "sha256:a274fb2cb086c7a3dea4322ec27f4cb5cc4b6298adb583ab0e211a4682f241eb"},
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:20b0f8dc160ba83b6dcc0e256846e1a02d044e13f7ea74a3d1d56ede4e48c632"},
@@ -1276,6 +1278,7 @@ files = [
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:749c16fcc4a2b09f28843cda5a193e0283e47454b63ec4b81eaa2242f50e4ccd"},
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bf165fef1f223beae7333275156ab2022cffe255dcc51c27f066b4370da81e31"},
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:32621c177bbf782ca5a18ba4d7af0f1082a3f6e517ac2a18b3974d4edf349680"},
+ {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:b82a7c94a498853aa0b272fd5bc67f29008da798d4f93a2f9f289feb8426a58d"},
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win32.whl", hash = "sha256:e8c4ebfcfd57177b572e2040777b8abc537cdef58a2120e830124946aa9b42c5"},
{file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win_amd64.whl", hash = "sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4"},
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:4c8c5d82f50bb53986a5e02d1b3092b03622c02c2eb78e29bec33fd9593bae1a"},
@@ -1284,6 +1287,7 @@ files = [
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:96777d473c05ee3e5e3c3e999f5d23c6f4ec5b0c38c098b3a5229085f74236c6"},
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_i686.whl", hash = "sha256:3bc2a80e6420ca8b7d3590791e2dfc709c88ab9152c00eeb511c9875ce5778bf"},
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:e188d2699864c11c36cdfdada94d781fd5d6b0071cd9c427bceb08ad3d7c70e1"},
+ {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4f6f3eac23941b32afccc23081e1f50612bdbe4e982012ef4f5797986828cd01"},
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win32.whl", hash = "sha256:6442cb36270b3afb1b4951f060eccca1ce49f3d087ca1ca4563a6eb479cb3de6"},
{file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win_amd64.whl", hash = "sha256:e5b8daf27af0b90da7bb903a876477a9e6d7270be6146906b276605997c7e9a3"},
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:fc4b630cd3fa2cf7fce38afa91d7cfe844a9f75d7f0f36393fa98815e911d987"},
@@ -1292,6 +1296,7 @@ files = [
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e2f1c3765db32be59d18ab3953f43ab62a761327aafc1594a2a1fbe038b8b8a7"},
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:d85252669dc32f98ebcd5d36768f5d4faeaeaa2d655ac0473be490ecdae3c285"},
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:e143ada795c341b56de9418c58d028989093ee611aa27ffb9b7f609c00d813ed"},
+ {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2c59aa6170b990d8d2719323e628aaf36f3bfbc1c26279c0eeeb24d05d2d11c7"},
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win32.whl", hash = "sha256:beffaed67936fbbeffd10966a4eb53c402fafd3d6833770516bf7314bc6ffa12"},
{file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win_amd64.whl", hash = "sha256:040ae85536960525ea62868b642bdb0c2cc6021c9f9d507810c0c604e66f5a7b"},
{file = "ruamel.yaml.clib-0.2.12.tar.gz", hash = "sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f"},
@@ -1326,16 +1331,16 @@ files = [
[[package]]
name = "semgrep"
-version = "1.99.0"
+version = "1.100.0"
description = "Lightweight static analysis for many languages. Find bug variants with patterns that look like source code."
optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
files = [
- {file = "semgrep-1.99.0-cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311-none-macosx_10_14_x86_64.whl", hash = "sha256:50ab31116d90dcf6e4a460c1ae622dc7ad80a30c7c042fbdf06f6826454ba6f5"},
- {file = "semgrep-1.99.0-cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311-none-macosx_11_0_arm64.whl", hash = "sha256:98d6b99c38accc1a6c4af02ee9cd7f4d0110005f45c77ccf3aa87fa3ba0f91b7"},
- {file = "semgrep-1.99.0-cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311-none-musllinux_1_0_aarch64.manylinux2014_aarch64.whl", hash = "sha256:af48f9f7b3cafb1a2c6739ee6a3b01f21b08c634f090e9dfe3c2803d755e2ca3"},
- {file = "semgrep-1.99.0-cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311-none-musllinux_1_0_x86_64.manylinux2014_x86_64.whl", hash = "sha256:da843a107beccc4e8e67038898c0600b8028085157da2697e23b8637e06428fb"},
- {file = "semgrep-1.99.0.tar.gz", hash = "sha256:3055a7365baf0d63d27eef4d9ad9e3728137da1c273cbf5c4f6f4e28c694f612"},
+ {file = "semgrep-1.100.0-cp39.cp310.cp311.py39.py310.py311-none-macosx_10_14_x86_64.whl", hash = "sha256:c2ac42a60f913ef6057921df4808ebadb81a7f37ab2f80b88725a60fddb22d79"},
+ {file = "semgrep-1.100.0-cp39.cp310.cp311.py39.py310.py311-none-macosx_11_0_arm64.whl", hash = "sha256:faf1e290d05e7e2b8c2cec208e93032633dffea9b4c5071f24277cee45ac8ccd"},
+ {file = "semgrep-1.100.0-cp39.cp310.cp311.py39.py310.py311-none-musllinux_1_0_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bf3333aa83cfc1f22cb67a36736b13af0c6b05ac3256f7e8c1f63b2ca733cb46"},
+ {file = "semgrep-1.100.0-cp39.cp310.cp311.py39.py310.py311-none-musllinux_1_0_x86_64.manylinux2014_x86_64.whl", hash = "sha256:13a55457577d59daee1b1068832102f1da96bbaef84ed238e64f24af96918ec2"},
+ {file = "semgrep-1.100.0.tar.gz", hash = "sha256:cd71d52f54105763f70631e64e5bf72083e2ee8ab5bc7c0e39e3bcab73d9b4f5"},
]
[package.dependencies]
@@ -1356,7 +1361,7 @@ packaging = ">=21.0"
peewee = ">=3.14,<4.0"
requests = ">=2.22,<3.0"
rich = ">=13.5.2,<13.6.0"
-"ruamel.yaml" = ">=0.16.0,<0.18"
+"ruamel.yaml" = ">=0.18.5"
tomli = ">=2.0.1,<2.1.0"
typing-extensions = ">=4.2,<5.0"
urllib3 = ">=2.0,<3.0"