Bump the pip group across 1 directory with 18 updates

[dependabot]

Updates the requirements on autogen[anthropic,together], together, fastapi-code-generator, websockets, mkdocs-material, pillow, mypy, ruff, bandit, semgrep, pytest-mypy-plugins, coverage[toml], pytest, pytest-asyncio, pytest-rerunfailures, pydantic-settings, watchfiles and pyjwt to permit the latest version.
Updates autogen[anthropic,together] to 0.6.1

Release notes

Sourced from autogen[anthropic,together]'s releases.

v0.6.1

Highlights

🚀🔧 CaptainAgent's team of agents can now use 3rd party tools!

• Notebook
• If you're new to CaptainAgent, check out our video and blog post

🚀🔉 RealtimeAgent fully supports OpenAI's latest Realtime API and refactored to support real-time APIs from other providers

• Notebook
• If you're new to RealtimeAgent, check out our demo video and blog post

♥️ Thanks to all the contributors and collaborators that helped make release 0.6.1!

New Contributors

• @​hakantapanyigit made their first contribution in ag2ai/ag2#289
• @​abossenbroek made their first contribution in ag2ai/ag2#304

What's Changed

• Update mcts blog image by @​BabyCNM in ag2ai/ag2#265
• Google Gemini Client fixes by @​marklysze in ag2ai/ag2#264
• Notebook Fix for the ReasoningAgent by @​Hk669 in ag2ai/ag2#247
• Set up redirects from gh-pages to new domain by @​harishmohanraj in ag2ai/ag2#269
• fix: ReasoningAgent blog links by @​Hk669 in ag2ai/ag2#268
• remove unnecessary log file from main by @​Hk669 in ag2ai/ag2#273
• Added the youtube videos to the Blogs by @​Hk669 in ag2ai/ag2#272
• Add youtube video to 2024-12-06-FalkorDB-Structured blog by @​AgentGenie in ag2ai/ag2#270
• Fix failing notebook test by @​rjambrecic in ag2ai/ag2#275
• Add call method to Tool by @​rjambrecic in ag2ai/ag2#276
• [Docs] Fix broken links by @​harishmohanraj in ag2ai/ag2#277
• Fix outdated contributor guide by @​harishmohanraj in ag2ai/ag2#284
• [Docs] Update links by @​harishmohanraj in ag2ai/ag2#285
• Refactoring of tool mechanism by @​davorrunje in ag2ai/ag2#274
• [Docs] Fix broken links by @​harishmohanraj in ag2ai/ag2#291
• chore: updated blog assets and optimized images by @​hakantapanyigit in ag2ai/ag2#289
• Add authors to blog pages and fix header case in API reference by @​harishmohanraj in ag2ai/ag2#297
• [Docs] Resolve Broken Links in Documentation by @​harishmohanraj in ag2ai/ag2#303
• fix: MDX callout, notebook code error, and Mintlify CSS update by @​hakantapanyigit in ag2ai/ag2#302
• fix: adds missing import for gemini by @​abossenbroek in ag2ai/ag2#304
• [CaptainAgent] Add executor injected with tools. by @​LeoLjl in ag2ai/ag2#307
• Initilized Property Graph Index with llm parameter by @​Eric-Shang in ag2ai/ag2#305
• Integrating Tools from other frameworks into CaptainAgent by @​LeoLjl in ag2ai/ag2#310
• [Docs] Fix Broken Links and Improve Example Formatting in Docstrings by @​harishmohanraj in ag2ai/ag2#317
• Clean up Docusaurus related files by @​harishmohanraj in ag2ai/ag2#318
• [Docs] Add Image to Application Gallery Page and Update Its Contribution Guide by @​harishmohanraj in ag2ai/ag2#319
• Swarm Asynchronous initiate_swarm_chat by @​marklysze in ag2ai/ag2#315
• Refactoring of PR 281 (RealtimeAgent) by @​davorrunje in ag2ai/ag2#313
• Integrate OpenAI realtime API by @​sternakt in ag2ai/ag2#281
• Add new Realtime notebook with websocket API by @​davorrunje in ag2ai/ag2#322
• Fix broken links by @​davorrunje in ag2ai/ag2#324
• Bump version to 0.6.1 by @​marklysze in ag2ai/ag2#325

... (truncated)

Commits

• 417672f Merge pull request #325 from ag2ai/version0-6-1
• 0df847f Update test_websockets.py formatting
• cb3823e Update test_websockets.py missed import
• d86ee94 Update test_websockets.py
• 22bbb85 Update test_websockets.py
• 2f75203 Update WebSockets test
• da5337a Update version.py to 0.6.1
• edb5a4b Merge pull request #324 from ag2ai/fix-broken-links
• aa958bd Fix broken links
• 719db53 Merge pull request #322 from ag2ai/update-realtime-docs
• Additional commits viewable in compare view

Updates together to 1.3.11

Release notes

Sourced from together's releases.

v1.3.11

What's Changed

• Fix empty messages by @​artek0chumak in togethercomputer/together-python#229

Full Changelog: togethercomputer/together-python@v1.3.10...v1.3.11

Commits

• 5cd3742 Merge pull request #229 from togethercomputer/artem/fix-empty-messages
• ac770fb style
• a430dfb upgrade version
• 4782275 Fix empty messages
• 298901e Remove the default LoRA rank warning
• bc307c5 Update to 1.3.10
• 18fbb74 Remove the default LoRA rank warning
• fa58e5b Bump the dependencies group across 1 directory with 10 updates (#222)
• 8270f9b Merge pull request #223 from togethercomputer/artem/change_lora_ft_default
• 953359b update version
• Additional commits viewable in compare view

Updates fastapi-code-generator from 0.5.1 to 0.5.2

Release notes

Sourced from fastapi-code-generator's releases.

0.5.2

What's Changed

• Fix target_python_version by @​chantera in koxudaxi/fastapi-code-generator#445
• Fix parameter field name by @​chantera in koxudaxi/fastapi-code-generator#446
• Add --model-template-dir option by @​chantera in koxudaxi/fastapi-code-generator#447

New Contributors

• @​chantera made their first contribution in koxudaxi/fastapi-code-generator#445

Full Changelog: koxudaxi/fastapi-code-generator@0.5.1...0.5.2

Commits

• 5ef88e7 Merge pull request #447 from chantera/add-model_template_dir-option
• 6238ff8 Merge pull request #449 from koxudaxi/pre-commit-ci-update-config
• e48f987 Merge branch 'master' into add-model_template_dir-option
• 7801309 Merge pull request #446 from chantera/fix-parameter-field-name
• f0a94d6 Merge pull request #445 from chantera/fix-target_python_version
• 36ccde4 Merge pull request #440 from koxudaxi/dependabot/pip/certifi-2024.7.4
• 0f23fc0 Merge pull request #438 from koxudaxi/dependabot/pip/pydantic-2.8.2
• 1064bab Merge pull request #418 from koxudaxi/dependabot/pip/freezegun-1.5.1
• 314720e Merge pull request #413 from koxudaxi/dependabot/pip/jinja2-3.1.4
• 69d31ad Merge pull request #412 from koxudaxi/dependabot/pip/typer-0.12.3
• Additional commits viewable in compare view

Updates websockets to 14.1

Release notes

Sourced from websockets's releases.

14.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• 0403823 Release version 14.1.
• d0015c9 Fix refactoring error in a78b5546.
• 7438b8e Stop testing on PyPy 3.9.
• 1f19487 Add changelog for previous commit.
• de2e7fb Add close_code and close_reason to new implementations.
• 9a2f39f Support max_queue=None like the legacy implementation.
• 3034834 Support recv() after the connection is closed.
• bdfc8cf Uniformize comments.
• f17c11a Keep queued messages after abort.
• 86bf0c5 Remove unnecessary branch.
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.48 to 9.5.49

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.49

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.49 (2024-12-16)

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

mkdocs-material-9.5.48 (2024-12-08)

• Fixed #7774: Disabling social cards doesn't work

mkdocs-material-9.5.47 (2024-12-01)

• Fixed #7750: Numeric tags break search
• Fixed #7748: Blog plugin breaks when using future drafts (9.5.45 regression)

mkdocs-material-9.5.46 (2024-11-25)

• Added support for removing preload hints in privacy plugin
• Fixed #7734: Code blocks in h5 headlines are uppercased
• Fixed #7725: Blog plugin crashing on missing timezone (9.5.45 regression)

mkdocs-material-9.5.45 (2024-11-20)

• Reduced size of Docker image through multi-stage build
• Fixed #7708: Blog plugin crashing on YAML dates with timezones

mkdocs-material-9.5.44 (2024-11-05)

• Fixed #7672: Font CSS 404's when using privacy plugin (9.5.43 regression)

mkdocs-material-9.5.43 (2024-10-31)

• Added support for external images in SVGs in privacy plugin
• Fixed #7651: Privacy plugin doesn't handle quoted URLs in CSS

mkdocs-material-9.5.42 (2024-10-20)

• Fixed #7625: Invalid encoding of boolean attributes in privacy plugin
• Fixed #7624: Crash when disabling privacy plugin (9.5.41 regression)

mkdocs-material-9.5.41 (2024-10-15)

• Fixed #7619: Improved tooltip on logo disappears after instant navigation
• Fixed #7616: Race condition in built-in privacy plugin when inlining assets
• Fixed #7615: Comments and "Was this page helpful?" visible when printing

mkdocs-material-9.5.40 (2024-10-10)

• Updated Latvian translations
• Fixed #7597: Social cards not using site name on home page

... (truncated)

Commits

• f947bbe Prepare 9.5.49 release
• 968fbe1 Fixed privacy plugin interop with generated files
• c97270c Updated dependencies
• 7fb3a39 Documentation (#7794)
• 1ee1115 Updated dependencies
• b368cee Fixed diagram title not switching color in dark mode
• 0f97a8d Documentation (#7784)
• See full diff in compare view

Updates pillow to 11.1.0

Release notes

Sourced from pillow's releases.

11.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.1.0.html

Documentation

• Added release notes for writing XMP bytes to JPEG and MPO #8627 [@​radarhere]
• Added release notes for using zlib-ng instead of zlib #8599 [@​radarhere]
• Replace python-pillow.org with python-pillow.github.io #8586 [@​hugovk]
• ImageFile tile is never None #8582 [@​radarhere]
• Only use start year in copyright, remove end years #8577 [@​hugovk]
• Python 3.12 is tested on MinGW #8575 [@​radarhere]
• Use brew formula to install libraqm #8574 [@​radarhere]
• Added link to GitHub releases in CHANGES #8571 [@​radarhere]
• Release drafter: move removals, deprecations, documentation up, and uncategorised changes last #8570 [@​hugovk]
• Updated macOS tested Pillow versions #8538 [@​radarhere]
• Use test image filename #8534 [@​radarhere]
• Update Windows 11 Arm64 tested versions #8523 [@​nulano]
• Move MPO into "Fully supported formats" #8504 [@​radarhere]
• Update license to MIT-CMU #8490 [@​radarhere]

Dependencies

• Update dependency mypy to v1.14.1 #8643 [@​renovate]
• Update dependency mypy to v1.14.0 #8613 [@​renovate]
• Updated libwebp to 1.5.0 #8612 [@​radarhere]
• Updated libXau to 1.0.12 #8598 [@​radarhere]
• Updated libjpeg-turbo to 3.1.0 #8595 [@​radarhere]
• Updated harfbuzz to 10.1.0 #8533 [@​radarhere]
• Updated openjpeg to 2.5.3 #8591 [@​radarhere]
• Update dependency cibuildwheel to v2.22.0 #8580 [@​renovate]
• Update codecov/codecov-action action to v5 #8557 [@​renovate]
• Migrate renovate config #8527 [@​renovate]
• Update dependency mypy to v1.13.0 #8491 [@​renovate]
• Update dependency mypy to v1.12.1 #8487 [@​renovate]

Testing

• Added CentOS Stream 10 #8646 [@​radarhere]
• Use monkeypatch #8628 [@​radarhere]
• Pass file handle to ContainerIO #8625 [@​radarhere]
• Use register_handler #8499 [@​radarhere]
• Use monkeypatch #8626 [@​radarhere]
• Test libjpeg-turbo on macOS #8596 [@​radarhere]
• Test 3.13t (free-threaded) from Quansight-Labs/setup-python on Linux and macOS #8565 [@​hugovk]
• Run gcc problem matcher on Python 3.13 #8541 [@​radarhere]
• Add trove-classifiers>=2024.10.12 to 'tests' extra and use for Windows CI #8514 [@​hugovk]
• Apply security fixes to GitHub Actions #8526 [@​hugovk]
• Remove unused gcov: true for codecov-action@v4 #8521 [@​hugovk]
• Added Fedora 41 #8520 [@​radarhere]
• Do not repeatedly save to the same path #8512 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.1.0 and newer

See GitHub Releases:

• https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

• Update licence to MIT-CMU #8460 [hugovk]

• Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

• Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

• Do not close provided file handles with libtiff when saving #8458 [radarhere]

• Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

• Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

• Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

• Use transparency when combining P frames from APNGs #8443 [radarhere]

• Support all resampling filters when resizing I;16* images #8422 [radarhere]

• Free memory on early return #8413 [radarhere]

• Cast int before potentially exceeding INT_MAX #8402 [radarhere]

• Check image value before use #8400 [radarhere]

• Improved copying imagequant libraries #8420

... (truncated)

Commits

• 4c1aed8 11.1.0 version bump
• dfb368a Merge pull request #8651 from radarhere/blp
• 5d998d3 Improved coverage
• 6b75e06 Do not reread start of header in decoder
• b89cc09 Corrected BLP1 alpha depth handling
• aa0f412 Merge pull request #8646 from radarhere/centos
• e344271 Added CentOS Stream 10
• 17f09f3 Merge pull request #8644 from radarhere/c99
• d42f22b Added release notes
• c7026d9 Merge pull request #8642 from radarhere/bigtiff
• Additional commits viewable in compare view

Updates mypy from 1.13.0 to 1.14.1

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Drop Support for Python 3.8

Mypy no longer supports running with Python 3.8, which has reached end-of-life. When running mypy with Python 3.9+, it is still possible to type check code that needs to support Python 3.8 with the --python-version 3.8 argument. Support for this will be dropped in the first half of 2025!

Contributed by Marc Mueller (PR 17492).

Mypyc accelerated mypy wheels for aarch64

Mypy can compile itself to C extension modules using mypyc. This makes mypy 3-5x faster than if mypy is interpreted with pure Python. We now build and upload mypyc accelerated mypy wheels for manylinux_aarch64 to PyPI, making it easy for users on such platforms to realise this speedup.

Contributed by Christian Bundy (PR mypy_mypyc-wheels#76)

--strict-bytes

By default, mypy treats an annotation of bytes as permitting bytearray and memoryview. PEP 688 specified the removal of this special case. Use this flag to disable this behavior. --strict-bytes will be enabled by default in mypy 2.0.

Contributed by Ali Hamdan (PR 18137) and Shantanu Jain (PR 13952).

Improvements to partial type handling in loops

This change results in mypy better modelling control flow within loops and hence detecting several issues it previously did not detect. In some cases, this change may require use of an additional explicit annotation of a variable.

Contributed by Christoph Tyralla (PR 18180).

(Speaking of partial types, another reminder that mypy plans on enabling --local-partial-types by default in mypy 2.0).

Mypy 1.14

We’ve just uploaded mypy 1.14 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

... (truncated)

Commits

• 251d12f Remove +dev from version for release 1.14.1
• 667e5f7 Revert "Remove redundant inheritances from Iterator in builtins" (#18324)
• 67f673a Fix enum truthiness for StrEnum (#18379)
• 3755abb Fix getargs argument passing (#18350)
• b9fa8ee Update version to 1.14.1+dev for point release
• 6f37859 Remove +dev from version for release 1.14
• 5a6a754 Minor updates to 1.14 changelog (#18310)
• 9772d48 Update changelog for release 1.14 (#18301)
• 92473c8 Warn about --follow-untyped-imports (#18249)
• e6ce8be PEP 702 (@​deprecated): descriptors (#18090)
• Additional commits viewable in compare view

Updates ruff from 0.7.4 to 0.8.6

Release notes

Sourced from ruff's releases.

0.8.6

Release Notes

Preview features

• [format]: Preserve multiline implicit concatenated strings in docstring positions (#15126)
• [ruff] Add rule to detect empty literal in deque call (RUF025) (#15104)
• [ruff] Avoid reporting when ndigits is possibly negative (RUF057) (#15234)

Rule changes

• [flake8-todos] remove issue code length restriction (TD003) (#15175)
• [pyflakes] Ignore errors in @no_type_check string annotations (F722, F821) (#15215)

CLI

• Show errors for attempted fixes only when passed --verbose (#15237)

Bug fixes

• [ruff] Avoid syntax error when removing int over multiple lines (RUF046) (#15230)
• [pyupgrade] Revert "Add all PEP-585 names to UP006 rule" (#15250)

Contributors

• @​AlexWaygood
• @​InSyncWithFoo
• @​Lee-W
• @​MichaReiser
• @​augustelalande
• @​charliermarsh
• @​dcreager
• @​dylwil3
• @​mdbernard
• @​sharkdp
• @​w0nder1ng

Install ruff 0.8.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.8.6/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/ruff/releases/download/0.8.6/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.6

Preview features

• [format]: Preserve multiline implicit concatenated strings in docstring positions (#15126)
• [ruff] Add rule to detect empty literal in deque call (RUF025) (#15104)
• [ruff] Avoid reporting when ndigits is possibly negative (RUF057) (#15234)

Rule changes

• [flake8-todos] remove issue code length restriction (TD003) (#15175)
• [pyflakes] Ignore errors in @no_type_check string annotations (F722, F821) (#15215)

CLI

• Show errors for attempted fixes only when passed --verbose (#15237)

Bug fixes

• [ruff] Avoid syntax error when removing int over multiple lines (RUF046) (#15230)
• [pyupgrade] Revert "Add all PEP-585 names to UP006 rule" (#15250)

0.8.5

Preview features

• [airflow] Extend names moved from core to provider (AIR303) (#15145, #15159, #15196, #15216)
• [airflow] Extend rule to check class attributes, methods, arguments (AIR302) (#15054, #15083)
• [fastapi] Update FAST002 to check keyword-only arguments (#15119)
• [flake8-type-checking] Disable TC006 and TC007 in stub files (#15179)
• [pylint] Detect nested methods correctly (PLW1641) (#15032)
• [ruff] Detect more strict-integer expressions (RUF046) (#14833)
• [ruff] Implement falsy-dict-get-fallback (RUF056) (#15160)
• [ruff] Implement unnecessary-round (RUF057) (#14828)

Rule changes

• Visit PEP 764 inline TypedDict keys as non-type-expressions (#15073)
• [flake8-comprehensions] Skip C416 if comprehension contains unpacking (#14909)
• [flake8-pie] Allow cast(SomeType, ...) (PIE796) (#15141)
• [flake8-simplify] More precise inference for dictionaries (SIM300) (#15164)
• [flake8-use-pathlib] Catch redundant joins in PTH201 and avoid syntax errors (#15177)
• [pycodestyle] Preserve original value format (E731) (#15097)
• [pydocstyle] Split on first whitespace character (D403) (#15082)
• [pyupgrade] Add all PEP-585 names to UP006 rule (#5454)

Configuration

• [flake8-type-checking] Improve flexibility of runtime-evaluated-decorators (#15204)
• [pydocstyle] Add setting to ignore missing documentation for *args and **kwargs parameters (D417) (#15210)

... (truncated)

Commits

• 6b907c1 Ruff 0.8.6 (#15253)
• f319531 Make unreachable a test rule for now (#15252)
• e4d9fe0 Revert "Add all PEP-585 names to UP006 rule" (#15250)
• baf0d66 Update salsa (#15243)
• bde8ecd [red-knot] Remove unneeded branch in Type::is_equivalent_to() (#15242)
• 842f882 [ruff] Avoid reporting when ndigits is possibly negative (RUF057) (#15234)
• 75015b0 Attribute panics to the mdtests that cause them (#15241)
• 706d87f Show errors for attempted fixes only when passed --verbose (#15237)
• 0837cdd [RUF] Add rule to detect empty literal in deque call (RUF025) (#15104)
• 0dbfa8d TD003: remove issue code length restriction (#15175)
• Additional commits viewable in compare view

Updates bandit from 1.7.10 to 1.8.0

Release notes

Sourced from bandit's releases.

1.8.0

What's Changed

• Bump docker/build-push-action from 6.7.0 to 6.9.0 by @​dependabot in PyCQA/bandit#1178
• Rename doc file to match proper bandit ID by @​ericwb in PyCQA/bandit#1183
• Removal of Python 3.8 support by @​ericwb in PyCQA/bandit#1174
• Add more insecure cryptography cipher algorithms by @​ericwb in PyCQA/bandit#1185
• Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in PyCQA/bandit#1186
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in PyCQA/bandit#1187
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1162
• No need to check httpx client without timeout defined by @​ericwb in PyCQA/bandit#1177
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1191
• Mark Python 3.13 as officially supported by @​ericwb in PyCQA/bandit#1192
• Update project urls with added links by @​ericwb in PyCQA/bandit#1193
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1196
• Add a JSON to seek funding from the FLOSS/fund by @​ericwb in PyCQA/bandit#1194
• Remove Sentry as a sponsor by @​ericwb in PyCQA/bandit#1198
• Remove more leftover OpenStack references by @​ericwb in PyCQA/bandit#1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

Commits

• 8fd258a Remove more leftover OpenStack references (#1195)
• a19b072 Remove Sentry as a sponsor (#1198)
• 48e0258 Add a JSON to seek funding from the FLOSS/fund (#1194)
• 5300a21 [pre-commit.ci] pre-commit autoupdate (#1196)
• 0b249d9 Update project urls with added links (#1193)
• 4be653d Mark Python 3.13 as officially supported (#1192)
• 8e6dc1b [pre-commit.ci] pre-commit autoupdate (#1191)
• 071386b No need to check httpx client without timeout defined (#1177)
• 9b4d480 [pre-commit.ci] pre-commit autoupdate (#1162)
• ddf9b48 Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#1187)
• Additional commits viewable in compare view

Updates semgrep from 1.97.0 to 1.101.0

Release notes

Sourced from semgrep's releases.

Release v1.101.0

1.101.0 - 2024-12-18

Added

• Improved pnpm-lock.yaml parsing. (gh-2663)

Changed

• Re-ordered some terminal output of semgrep ci to allow semgrep-app to block scans based on specific findings (SECW-2740)
• A few fields in the JSON output (e.g., "fingerprint", "metavars") require now the user to be logged in to see them. See https://semgrep.dev/docs/semgrep-appsec-platform/json-and-sarif#json for more information. (json)
• We're renaming semgrep OSS to Semgrep Community Edition. See https://semgrep.dev/blog/2024/important-updates-to-semgrep-oss/ for more information. (rename)
• A few fields in the SARIF output (e.g., "fingerprints") require now the user to be logged in to see them. See https://semgrep.dev/docs/semgrep-appsec-platform/json-and-sarif#sarif for more information. (sarif)

Fixed

• pro: Improved inter-file tracking of tainted global variables. (code-7054)

• Python (pro-only): Taint now correctly tracks through calls to class methods within a class, via the cls parameter.

  So for instance, we would be able to determine a source-to-sink vulnerability in the following code snippet:

  class A:
    def foo(self, x):
      sink(x)
  @​classmethod
  
  def bar(cls):
  
  cls.foo(source)
  </code></pre>
  </li>
  <li>
  <p>pro: Fixed bug when generating inter-procedural taint traces, that it could
  cause a call-step to be missing in the trace. (saf-1783)</p>
  </li>
  <li>
  <p>Restored the &quot;rules&quot; field in the SARIF output, even when logged out. (saf-1794)</p>
  </li>
  </ul>
  <h2>Release v1.100.0</h2>
  <!-- raw HTML omitted -->
  </blockquote>
  <p>... (truncated)</p>
  </details>
  <details>
  <summary>Changelog</summary>
  &lt...
  Description has been truncated