Improvements

• Elixir: Parse short function form (def f(), do: ...) by @maciejpirog in #605
• VB parser updates: no sentinel strings, better handling of compiler directives and attributes by @maciejpirog in #603
• Allow --semgrepignore-filename to be an absolute path by @dimitris-m in #608

Full Changelog: v1.16.2...v1.16.3

Improvements

• Python CLI: Optimize --exclude and .semgrepignore to ignore directories without listing their content by @maciejpirog in #596

Full Changelog: v1.16.1...v1.16.2

Improvements

• Pin Nuitka to 2.8.9 across all build workflows by @dimitris-m in #594
• Remove redundant pip and Nuitka dependencies by @dimitris-m in #573
• Support split rule/target directories in test subcommand by @qkaiser in #576

Benchmarking

• New benchmarking using hyperfine by @dimitris-m in #557 and #579

Bug fixes

• Allow multiple logical operators in metavariable comparison by @maciejpirog in #590
• In --experimental, don't report git untracked files as skipped with --use-git-ignore by @maciejpirog in #577
• C#: Add primary constructor arguments to base class by @maciejpirog in #589
• Dockerfile: Add missing buildkit constructs by @maciejpirog in #581
• Dockerfile: Fix CRLF and comment-in-continuation parsing by @abezdina in #586
• Rust: Fix taint propagation through variable shadowing by @dimitris-m in #572
• TS/TSX: Add support for the satisfies construct by @maciejpirog in #592

Installation

• Add Windows install script (pwsh) by @dimitris-m in #569
• Ensure that install.ps1 works on ARM by @dimitris-m in #571
• Fix: handle unparseable cosign version in install.sh by @dimitris-m in #580

Documentation

• Improve the README by @dimitris-m in #570

New Contributors

• @qkaiser made their first contribution in #576
• @abezdina made their first contribution in #586

Full Changelog: v1.16.0...v1.16.1

Improvements

• Dart: Add typed metavariabless by @maciejpirog in #551
• Dart: Use case of identifier to guess call vs new by @maciejpirog in #555
• Go: Enable goroutines in taint tracking by @maciejpirog in #559
• Add taint propagation via "for" comprehensions by @maciejpirog in #564

Bug Fixes

• Rust: Missing Rust type alias translation by @smith-xyz in #549
• Fix: Ensure that linux binaries have 8mb stack size (musl) by @dimitris-m in #563
• Fixed a perf regression by removing system calls and improving the reachability graph and the callee lookup by @corneliuhoffman in #556
• Fixed intrafile bug introduced by a superfluous fallback by @corneliuhoffman in #567
• Ruby: Always translate or and and to expression by @maciejpirog in #562
• Bash: Allow redirects before command arguments by @maciejpirog in #548

Internal Improvements

• Add show dump-intrafile-graph and show dump-taint-signatures commands by @corneliuhoffman in #552
• Improve tainting code by @maciejpirog in #546
• Graph refactoring by @corneliuhoffman in #553

New Contributors

• @smith-xyz made their first contribution in #549

Full Changelog: v1.15.1...v1.16.0

Bug fixes

• Clojure translation improvements by @dimitris-m in #534

Full Changelog: v1.15.0...v1.15.1

What's Changed

• Clojure translation part III by @dimitris-m in #527
• Php modernisation by @corneliuhoffman in #529
• Intrafile tainting with variadic functions by @maciejpirog in #538
• C#: The field implicit parameter can be skipped in a pattern by @maciejpirog in #525
• C#: Add conditional array access (?[...]) to l-values by @maciejpirog in #535
• C#: Collection expressions vs attributes with targets (parser fix) by @maciejpirog in #539
• Add noopengrep to the default nosem patterns by @dimitris-m in #533

Full Changelog: v1.14.1...v1.15.0

Improvements

• Clojure translation part II by @dimitris-m in #517
• C#: Allow implicit variables in properties to be taint sources by @maciejpirog in #516
• Add core flags dump_rule and dump_patterns_of_rule as options in the show command by @maciejpirog in #519

Bug fixes

• Fix: pass signature databaseb to lambda analysis, handle method mutation tainting by @corneliuhoffman in #520

Tech debt

• Fix CHANGELOG.md, OPENGREP.md, remove unused files by @dimitris-m in #523

Full Changelog: v1.14.0...v1.14.1

Improvements

• Support for higher-order functions in intrafile taint analysis by @corneliuhoffman in #469 and #513
• Clojure: Improved support for Clojure (incl. tainting) by @dimitris-m in #501
• Dart: Improved support for Dart by @maciejpirog in #508
• C#: Better handing of extension methods and extension blocks by @maciejpirog in #514

Fixes

• Bump cygwin install action by @dimitris-m in #503 and #509

Full Changelog: v1.13.2...v1.14.0

Improvements

• C#: Add matching on function argument modifiers (ref, in, scoped, etc.) by @maciejpirog in #494
• C#: Support extension blocks by @maciejpirog in #496

Release process

• Validate tag input on release by @lae in #493

Full Changelog: v1.13.1...v1.13.2

Improvements

• Improve handling of patterns and AST_to_IL translation by @dimitris-m in #483
• Improve rust tainting by @dimitris-m in #485
• Dump generic AST to HTML by @maciejpirog in #484
• Modernise C# by @maciejpirog in #487

Bug fixes

• Fix for kotlin double-annotation bug by @maciejpirog in #480
• Fix PCRE2 test making OSX build fail by @dimitris-m in #486
• Fix: in LetPattern(pat, e), e should be visited first by @dimitris-m in #488

CI fixes

• Force python 3.13 for osx binary workflow by @dimitris-m in #490

Notes

• Version 1.13.0 (#489) intentionally skipped due to CI errors, fixed in #490.

Full Changelog: v1.12.1...v1.13.1