chore: Bump version to 1.72.0

semgrep · May 8, 2024 · 994254e · 994254e
1 parent 9e8a161
commit 994254e
Show file tree

Hide file tree

Showing 11 changed files with 37 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,37 @@
 
 <!-- insertion point -->
 
+## [1.72.0](https://github.com/returntocorp/semgrep/releases/tag/v1.72.0) - 2024-05-08
+
+
+### Fixed
+
+
+- Dockerfile support: Avoid a silent parsing error that was possibly accompanied
+  with a segfault when parsing Dockerfiles that lack a trailing newline
+  character. (gh-10084)
+- Fixed bug that was preventing the use of `metavariable-pattern` with
+  the aliengrep engine of the generic mode. (gh-10222)
+- Added support for function declarations on object literals in the dataflow analysis.
+
+  For example, previously taint rules would not have matched the
+  following javascript code but now would.
+  ```
+  let tainted = source()
+  let o = {
+      someFuncDecl(x) {
+          sink(tainted)
+      }
+  }
+  ``` (saf-1001)
+- Osemgrep only:
+
+  When rules have metavariable-type, they don't show up in the SARIF output. This change fixes that.
+
+  Also right now dataflow traces are always shown in SARIF even when --dataflow-traces is not passed. This change also fixes that. (saf-1020)
+- Fixed bug in rule parsing preventing patternless SCA rules from being validated. (saf-1030)
+
+
 ## [1.71.0](https://github.com/returntocorp/semgrep/releases/tag/v1.71.0) - 2024-05-03
 
 

diff --git a/changelog.d/gh-10084.fixed b/changelog.d/gh-10084.fixed
diff --git a/changelog.d/gh-10222.fixed b/changelog.d/gh-10222.fixed
diff --git a/changelog.d/saf-1001.fixed b/changelog.d/saf-1001.fixed
diff --git a/changelog.d/saf-1020.fixed b/changelog.d/saf-1020.fixed
diff --git a/changelog.d/saf-1030.fixed b/changelog.d/saf-1030.fixed
diff --git a/cli/setup.py b/cli/setup.py
@@ -135,7 +135,7 @@ def find_executable(env_name, exec_name):
 
 setuptools.setup(
     name="semgrep",
-    version="1.71.0",
+    version="1.72.0",
     author="Semgrep Inc.",
     author_email="support@semgrep.com",
     description="Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.",

diff --git a/cli/src/semgrep/__init__.py b/cli/src/semgrep/__init__.py
@@ -1 +1 @@
-__VERSION__ = "1.71.0"
+__VERSION__ = "1.72.0"
diff --git a/dune-project b/dune-project
@@ -21,7 +21,7 @@
 (generate_opam_files)
 
 ;; set here so the semgrep package below can use it and we can easily bump it
-(version 1.71.0)
+(version 1.72.0)
 
 ;; Default attributes of opam packages
 (source (github semgrep/semgrep))

diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name="semgrep_pre_commit_package",
-    version="1.71.0",
-    install_requires=["semgrep==1.71.0"],
+    version="1.72.0",
+    install_requires=["semgrep==1.72.0"],
     packages=[],
 )
diff --git a/src/core/Version.ml b/src/core/Version.ml
@@ -3,4 +3,4 @@
 
   Automatically modified by scripts/release/bump.
 *)
-let version = "1.71.0"
+let version = "1.72.0"