semgrep{,-core}: 1.74.0 -> 1.104.0 #355763
Conversation
NixOSInfra
added
the
12. first-time contribution
| # we're in cli | ||
| # replace old semgrep with wrapped one | ||
| rm ./bin/semgrep | ||
| ln -s $out/bin/semgrep ./bin/semgrep |
There was a problem hiding this comment.
(The postInstall still mentions a $out/bin/semgrep.)
There was a problem hiding this comment.
Yeah, the preCheck was failing because there is no ./bin directory or ./bin/semgrep file but $out/bin/semgrep is still being built.
|
Hey @ambroisie @06kellyjac I wanted to check if there is anything needed on my end to get this PR approved? Thanks 😄 |
|
I'd like @06kellyjac to take a look as well before merging. |
|
There was a problem hiding this comment.
[nix-shell:~/.cache/nixpkgs-review/pr-355763]$ semgrep scan --metrics=off --config 'r/generic.unicode.security.bidi.contains-bidirectional-characters'
┌──── ○○○ ────┐
│ Semgrep CLI │
└─────────────┘
Traceback (most recent call last):
File "/nix/store/2dv3sdczmkg6wjkn5ama5lgzrzhvj22v-python3.11-semgrep-1.96.0/bin/.pysemgrep-wrapped", line 9, in <module>
sys.exit(main())
^^^^^^
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/console_scripts/pysemgrep.py", line 52, in main
sys.exit(semgrep.main.main())
^^^^^^^^^^^^^^^^^^^
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/main.py", line 115, in main
from semgrep.cli import cli
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/cli.py", line 5, in <module>
from semgrep.commands.ci import ci
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/commands/ci.py", line 21, in <module>
import semgrep.app.auth as auth
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/app/auth.py", line 8, in <module>
from semgrep.state import get_state
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/state.py", line 13, in <module>
from semgrep.metrics import Metrics
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/metrics.py", line 36, in <module>
from semgrep.rule import Rule
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/rule.py", line 17, in <module>
from semgrep.rule_lang import EmptySpan
File "/nix/store/4h5y43skn5ra645n818176zdqs17c0b4-python3.12-semgrep-1.96.0/lib/python3.12/site-packages/semgrep/rule_lang.py", line 19, in <module>
import jsonschema.exceptions
File "/nix/store/pw8i005sif9wi9v539x7hlyll9f0ykcn-python3.12-jsonschema-4.23.0/lib/python3.12/site-packages/jsonschema/__init__.py", line 13, in <module>
from jsonschema._format import FormatChecker
File "/nix/store/pw8i005sif9wi9v539x7hlyll9f0ykcn-python3.12-jsonschema-4.23.0/lib/python3.12/site-packages/jsonschema/_format.py", line 11, in <module>
from jsonschema.exceptions import FormatError
File "/nix/store/pw8i005sif9wi9v539x7hlyll9f0ykcn-python3.12-jsonschema-4.23.0/lib/python3.12/site-packages/jsonschema/exceptions.py", line 15, in <module>
from referencing.exceptions import Unresolvable as _Unresolvable
File "/nix/store/qh6pxc98061rqx2v6rs057s6c5dbcw4q-python3.12-referencing-0.35.1/lib/python3.12/site-packages/referencing/__init__.py", line 5, in <module>
from referencing._core import Anchor, Registry, Resource, Specification
File "/nix/store/qh6pxc98061rqx2v6rs057s6c5dbcw4q-python3.12-referencing-0.35.1/lib/python3.12/site-packages/referencing/_core.py", line 9, in <module>
from rpds import HashTrieMap, HashTrieSet, List
File "/nix/store/qbpa6qshrwiljpqszmf4ppv0zbnjfhyk-python3.12-rpds-py-0.18.1/lib/python3.12/site-packages/rpds/__init__.py", line 1, in <module>
from .rpds import *
ModuleNotFoundError: No module named 'rpds.rpds'
Do we need to add rpds-py?
Edit: ah it's rpds-py which is broken based on the stack trace
cc: @fabaff
andrew-myer
force-pushed
the
semgrep_update
branch
from
0ffe136 to
2265dad
Compare
|
Result of 13 packages built:
|
|
There is a message in the existing live version, 1.74.0, that it will stop working tomorrow, Jan 10 2025: |
|
@06kellyjac I looked at this again. Looks like that |
andrew-myer
force-pushed
the
semgrep_update
branch
2 times, most recently
from
16adcc5 to
347ee17
Compare
|
Result of 13 packages built:
|
andrew-myer
force-pushed
the
semgrep_update
branch
from
347ee17 to
f02cfe1
Compare
|
Thanks for pushing this forwards @andrew-myer What are your thoughts on just getting this 1.96.0 update merged as-is to get something out there vs trying to update to 1.104.0 now in this PR? Also FYI https://www.opengrep.dev/ |
Let me see if
Thats awesome, really excited about this project! |
andrew-myer
force-pushed
the
semgrep_update
branch
from
8597131 to
d5809c8
Compare
|
Result of 13 packages built:
|
andrew-myer
changed the title
|
For some reason the python312Packages.semgrep is still getting the |
|
If you rebase on the latest copy of master it might introduce the issue for your build which is working. If it continues to work I'm not sure how else the issue could be occurring Also sorry to be a pain but your other commits should either be squashed together or prefixed with |
andrew-myer
force-pushed
the
semgrep_update
branch
from
d5809c8 to
61a0533
Compare
Update semgrep to 1.96.0
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.