semgrep{,-core}: Update to 0.108.0

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: semgrep{,-core}: Update to 0.108.0
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Thu, 04 Aug 2022 17:54:11 +0000

Module Name:	pkgsrc-wip
Committed By:	Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By:	leot
Date:		Thu Aug 4 19:54:11 2022 +0200
Changeset:	08c4516a00d812b2a620c9d2aa71e6535bf54360

Modified Files:
	semgrep-core/Makefile
	semgrep/Makefile
	semgrep/PLIST
	semgrep/distinfo

Log Message:
semgrep{,-core}: Update to 0.108.0

Changes:
- Metrics now include language-aggregated parse rates (files,
  bytes). The purpose of this is to help drive parsing improvements more
  intelligently.

- Updated SCA finding generation so that the following hold:
  - One SCA finding per vulnerable dependency. If one rule matches
    multiple dependencies in one lockfile, that will produce multiple
    findings. This still needs to be codified in the typed interface
  - No findings in files that were not targeted. If foo.py depends on
    Pipfile.lock, and foo.py is targeted but Pipfile.lock is not, then we can
    produce reachable findings in foo.py but not non-reachable findings in
    Pipfile.lock. If Pipfile.lock is included in our targets then we can
    produce non-reachable findings inside of it
  - No massive single scan for lockfiles.

- Fixed issue when scan fails due to pending changes in submodule.
- Semgrep CI now accepts more formats of git url for metadata
  provided to semgrep.dev and lets the user provide a fallback for
  repo name (SEMGREP_REPO_NAME) and repo url (SEMGREP_REPO_URL) if
  they are undefined by CI.
- Fixed a crash that occurred when reporting results when join mode and taint
  mode were used together
- JS: Allowed decorators to appear in Semgrep patterns for class methods and
  fields.
- Quick fix for a regression introduced in 0.107.0 (presumably by taint labels)
  that could cause some taint rules to crash Semgrep with:

      Invalid_argument "output_value: abstract value (Custom)"

- Increase timeout for network calls to semgrep.dev from 30s to 60s (timeout-1)

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=08c4516a00d812b2a620c9d2aa71e6535bf54360

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 semgrep-core/Makefile | 2 +-
 semgrep/Makefile      | 2 +-
 semgrep/PLIST         | 6 ++++++
 semgrep/distinfo      | 6 +++---
 4 files changed, 11 insertions(+), 5 deletions(-)

diffs:
diff --git a/semgrep-core/Makefile b/semgrep-core/Makefile
index a475ede9cf..f3b806b905 100644
--- a/semgrep-core/Makefile
+++ b/semgrep-core/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	semgrep-core-0.107.0
+DISTNAME=	semgrep-core-0.108.0
 PKGREVISION=	0
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_GITHUB:=returntocorp/}
diff --git a/semgrep/Makefile b/semgrep/Makefile
index 5f4314a509..ead6849829 100644
--- a/semgrep/Makefile
+++ b/semgrep/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	semgrep-0.107.0
+DISTNAME=	semgrep-0.108.0
 CATEGORIES=	devel python
 MASTER_SITES=	${MASTER_SITE_PYPI:=s/semgrep/}
 
diff --git a/semgrep/PLIST b/semgrep/PLIST
index 1bcff54034..ec36508109 100644
--- a/semgrep/PLIST
+++ b/semgrep/PLIST
@@ -118,6 +118,9 @@ ${PYSITELIB}/semgrep/error_handler.pyo
 ${PYSITELIB}/semgrep/external/__init__.py
 ${PYSITELIB}/semgrep/external/__init__.pyc
 ${PYSITELIB}/semgrep/external/__init__.pyo
+${PYSITELIB}/semgrep/external/git_url_parser.py
+${PYSITELIB}/semgrep/external/git_url_parser.pyc
+${PYSITELIB}/semgrep/external/git_url_parser.pyo
 ${PYSITELIB}/semgrep/external/junit_xml.py
 ${PYSITELIB}/semgrep/external/junit_xml.pyc
 ${PYSITELIB}/semgrep/external/junit_xml.pyo
@@ -206,6 +209,9 @@ ${PYSITELIB}/semgrep/output.pyo
 ${PYSITELIB}/semgrep/output_from_core.py
 ${PYSITELIB}/semgrep/output_from_core.pyc
 ${PYSITELIB}/semgrep/output_from_core.pyo
+${PYSITELIB}/semgrep/parsing_data.py
+${PYSITELIB}/semgrep/parsing_data.pyc
+${PYSITELIB}/semgrep/parsing_data.pyo
 ${PYSITELIB}/semgrep/profile_manager.py
 ${PYSITELIB}/semgrep/profile_manager.pyc
 ${PYSITELIB}/semgrep/profile_manager.pyo
diff --git a/semgrep/distinfo b/semgrep/distinfo
index 4755a3c2ea..620e836f7a 100644
--- a/semgrep/distinfo
+++ b/semgrep/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (semgrep-0.107.0.tar.gz) = 95bd94d6e76b968f4cd2aa1607feee6781668a934523ecf0086d464667bcfa8b
-SHA512 (semgrep-0.107.0.tar.gz) = 2bfafe68dbae9c8ee87819c7ba5699ccb0d70c6c689f91ce6c97c220ceda2ae3d9c83806e5f6ce6e0f8e49157137b4a4459b6a687b7d303c0931b1d0ace5f2cf
-Size (semgrep-0.107.0.tar.gz) = 183597 bytes
+BLAKE2s (semgrep-0.108.0.tar.gz) = 649948ffb4a0783ccd714ea9cde2cc02239f5ba00084b88f86fa005d28c0c39c
+SHA512 (semgrep-0.108.0.tar.gz) = 7a8e40f4be1e3a36675ba46ae208c31f6a29b06d5f4e2f045d75ad23bc5fa217b98b2499139d0accea966c330004d6a9c887346f058acf072667eec541371e88
+Size (semgrep-0.108.0.tar.gz) = 187632 bytes

Prev by Date: jitsi-meet: update to 2.0.7577
Next by Date: py-fastcluster: Import 1.2.6
Previous by Thread: jitsi-meet: update to 2.0.7577
Next by Thread: py-fastcluster: Import 1.2.6
Indexes:

Home | Main Index | Thread Index | Old Index