semgrep{,-core}: Update to 0.111.1

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: semgrep{,-core}: Update to 0.111.1
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Wed, 24 Aug 2022 18:35:34 +0000
Module Name:	pkgsrc-wip
Committed By:	Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By:	leot
Date:		Wed Aug 24 20:35:34 2022 +0200
Changeset:	1f0cd5f0031e903574c4d0e7c226bebad5f7735b

Modified Files:
	semgrep-core/Makefile
	semgrep/Makefile
	semgrep/PLIST
	semgrep/distinfo

Log Message:
semgrep{,-core}: Update to 0.111.1

Changes:
0.111.1
-------
Changed
  * Previously, the following error message appears when metrics are not
    uploaded within the set timeout timeframe:
     Error in send: HTTPSConnectionPool(host='metrics.semgrep.dev', port=443): Read timed out. (read timeout=3)
    As this causes users confusion when running the CLI, the log level of the
    message is reduced to appear for development and debugging purposes only.
    Note that metrics are still successfully uploaded, but the success status
    is not sent in time for the curent timeout set. (app-1398)

Fixed
  * taint-mode: Fixed the translation from Generic to IL for expressions like
    "some string".concat(x). Previously, when x was tainted, the concat
    expression was not recognized as tainted and this caused false negatives. (
    pa-1787)

0.111.0
-------
Added
  * Introduced experimental support for Swift (gh-2232)
  * Add configuration options for using a tree-sitter library installed
    anywhere
    on the system. (gh-5944)
  * Updated the supply chain finding API:
      + The API is now typed and defined entirely in semgrep_output_v0.atd
      + Supply chain findings now have only one dependency match, not a list,
        and only one resolved url
      + Supply chain findings now have a field called reachable and
        reachability_rule,
        which indicate if the finding is reachable, and whether or not it was
        generated
        by a reachability rule (rule that had a semgrep pattern)
      + Supply chain findings now include a schema version
      + The complete finding information sent to semgrep app now includes a
        mapping from lockfile
        paths to the number of dependencies that were present in that lockfile
        (sca-197)

Fixed
  * When a YAML rule file had a string that contained an ISO timestamp, that
    would be parsed as a datetime object, which would then be rejected by
    Semgrep's rule schema validator. This is now fixed by keeping strings that
    contain an ISO timestamp as strings. (app-2157)
  * When parsing PHP with tree-sitter, parse $this similar to pfff, as an
    IdSpecial. This makes it possible to match $this when the pattern is parsed
    with pfff and the program with tree-sitter. (gh-5594)
  * Parse die() as exit() in tree-sitter PHP. This makes pfff and tree-sitter
    parse die() in the same way. (gh-5880)
  * All: Applied a fix so that qualified identifiers can unify with
    metavariables. Notably, this
    affected Python decorators, among others. (pa-1700)
  * Fixed a regression in DeepSemgrep after the experimental taint labels
    feature
    was introduced in 0.106.0. This prevented DeepSemgrep from reporting taint
    findings when e.g. the sink was wrapped by another function. (pa-1750)
  * Fixed metavariable unification in JSON when one of the patterns is a single
    field. (pa-1763)
  * Changed symbolic propagation such that "redundant" matches are no
    longer reported as findings. For instance:
    def foo():
      x = g(5)
      f(x)
    If we are looking for the pattern g(5), we should not match on line 3,
    since we will match on line 2 anyways, and this is just repeating
    information that
    we already know.
    This patch changes it so that we do not match on line 3 anymore. (pa-1772)
  * Semgrep now passes -j to DeepSemgrep engine so --deep became noticeably
    faster. (pa-1776)
  * taint-mode: Due to a mistake in the instantiation of a visitor, named
    function
    definitions were being analyzed twice! This is now fixed and you may
    observe
    significant speed ups in some cases. (pa-1778)
  * Extract mode: fixed a possible exception in normal usage introduced due to
    changes in handling of search/taint rules. (pa-1786)
  * Changed the fail-open message body (pm-194)

0.110.0
-------
Changed
  * Parse several built-in PHP functions in the same way in pfff and
    tree-sitter. This makes it possible to match exit, eval, empty and isset,
    even if the pattern is parsed with pfff and the PHP file with tree-sitter.
    (gh-5382)

Fixed
  * Skip fail-open for exit code 1 (app-2073)

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=1f0cd5f0031e903574c4d0e7c226bebad5f7735b

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 semgrep-core/Makefile | 2 +-
 semgrep/Makefile      | 2 +-
 semgrep/PLIST         | 6 ------
 semgrep/distinfo      | 6 +++---
 4 files changed, 5 insertions(+), 11 deletions(-)

diffs:
diff --git a/semgrep-core/Makefile b/semgrep-core/Makefile
index 4d81571d28..bb6e42ff9f 100644
--- a/semgrep-core/Makefile
+++ b/semgrep-core/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	semgrep-core-0.109.0
+DISTNAME=	semgrep-core-0.111.1
 PKGREVISION=	0
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_GITHUB:=returntocorp/}
diff --git a/semgrep/Makefile b/semgrep/Makefile
index 5bcfae981d..7f0e640a73 100644
--- a/semgrep/Makefile
+++ b/semgrep/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	semgrep-0.109.0
+DISTNAME=	semgrep-0.111.1
 CATEGORIES=	devel python
 MASTER_SITES=	${MASTER_SITE_PYPI:=s/semgrep/}
 
diff --git a/semgrep/PLIST b/semgrep/PLIST
index ec36508109..2bdce4bcd8 100644
--- a/semgrep/PLIST
+++ b/semgrep/PLIST
@@ -6,9 +6,6 @@ ${PYSITELIB}/semdep/__init__.pyo
 ${PYSITELIB}/semdep/find_lockfiles.py
 ${PYSITELIB}/semdep/find_lockfiles.pyc
 ${PYSITELIB}/semdep/find_lockfiles.pyo
-${PYSITELIB}/semdep/models.py
-${PYSITELIB}/semdep/models.pyc
-${PYSITELIB}/semdep/models.pyo
 ${PYSITELIB}/semdep/package_restrictions.py
 ${PYSITELIB}/semdep/package_restrictions.pyc
 ${PYSITELIB}/semdep/package_restrictions.pyo
@@ -163,9 +160,6 @@ ${PYSITELIB}/semgrep/git.pyo
 ${PYSITELIB}/semgrep/ignores.py
 ${PYSITELIB}/semgrep/ignores.pyc
 ${PYSITELIB}/semgrep/ignores.pyo
-${PYSITELIB}/semgrep/job_postings.py
-${PYSITELIB}/semgrep/job_postings.pyc
-${PYSITELIB}/semgrep/job_postings.pyo
 ${PYSITELIB}/semgrep/join_rule.py
 ${PYSITELIB}/semgrep/join_rule.pyc
 ${PYSITELIB}/semgrep/join_rule.pyo
diff --git a/semgrep/distinfo b/semgrep/distinfo
index b9649a374c..0119cd8b23 100644
--- a/semgrep/distinfo
+++ b/semgrep/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (semgrep-0.109.0.tar.gz) = d7d8e72f6aee9aa9e87da31a3a84b1e00859d0e5c496a661a32599779ce600e5
-SHA512 (semgrep-0.109.0.tar.gz) = 3fc5f0aa11d39e2ca18dc572f5ffe407773465fc4c8e0a25532170c0c03d9ee46332f98321895de93d34e8286a27c53f5d494d3b70d4aeb1d7632b5e026e33dc
-Size (semgrep-0.109.0.tar.gz) = 187691 bytes
+BLAKE2s (semgrep-0.111.1.tar.gz) = ec203d73e2c56846b7f4e7e1e2e3743a3e9760bbe95213e0f192b84938522ad2
+SHA512 (semgrep-0.111.1.tar.gz) = 57216bc20f4db559e3f6d7fe17ed80c3c0c411c0cb2968a1f3c6bf0f6f54a7c548f33f4d042ad3e7ee5665ae9894897fde4e4faeae7d748f40aafa22bd2231bd
+Size (semgrep-0.111.1.tar.gz) = 187717 bytes
Prev by Date: py-parsedmarc: add incomplete package
Next by Date: py-partd: Upgrade to 1.3.0
Previous by Thread: py-parsedmarc: add incomplete package
Next by Thread: py-partd: Upgrade to 1.3.0
Indexes:
Home | Main Index | Thread Index | Old Index