v1.5.0

What's Changed

• [SINT-1547] Add NPM confusion analyzer by @jamessteel123 in #283
• Fix Sarif format regression by @juliendoutre in #286

New Contributors

• @jamessteel123 made their first contribution in #283

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• Add new NPM metadata detector to catch dependencies fetched from URLs by @juliendoutre in #279

New Contributors

• @juliendoutre made their first contribution in #279

v1.3.0

What's Changed

Features:

• [SINT-1438] Add Clipboard Paste Rule to Guarddog by @Claire-Thib in #272

Bug fixes:

• Fixed Sometimes Failing PyPI potentially_compromised_email_domain by @Claire-Thib in #268
• Fixed Sometimes Failing PyPI repository_integrity_mismatch by @Claire-Thib in #269
• Fix permission error in Docker image (closes #276) by @christophetd in #277

Chores:

• Bump click from 8.1.3 to 8.1.4 by @dependabot in #265

New Contributors

• @Claire-Thib made their first contribution in #268

Full Changelog: v1.2.1...v1.3.0

v1.2.1

What's Changed

Enhancements:

• The GuardDog Docker image is now available for ARM, contributed by @AngellusMortis in #253

Full Changelog: v1.2...v1.2.1

v1.2

What's Changed

Features:

• Add new heuristics for the download-executable module by @romain-dd in #214

Enhancements:

• Create tests to evaluate the number of false positives and false negatives by @romain-dd in #222
• Do not use strict version constraints in pyproject.toml by @AngellusMortis in #245
• Optimize docker container by @AngellusMortis in #252

Bug fixes:

• Fix: Only one result per sourcecode rule is shown #187 by @H4dr1en in #250
• Fixes unclosed file by @AngellusMortis in #260

Chores:

• Bump pygit2 from 1.11.1 to 1.12.0 by @dependabot in #216
• Bump setuptools from 67.6.0 to 67.6.1 by @dependabot in #215
• Bump pytest from 7.2.2 to 7.3.0 by @dependabot in #219
• Bump prettytable from 3.6.0 to 3.7.0 by @dependabot in #218
• Bump pytest from 7.3.0 to 7.3.1 by @dependabot in #224
• Bump termcolor from 2.2.0 to 2.3.0 by @dependabot in #225
• Bump setuptools from 67.6.1 to 67.7.2 by @dependabot in #226
• Bump platformdirs from 3.2.0 to 3.5.0 by @dependabot in #228
• Bump requests from 2.28.2 to 2.29.0 by @dependabot in #227
• Bump docker from 6.0.1 to 6.1.1 by @dependabot in #235
• Cleanup Unused Deps by @AngellusMortis in #246
• Bump setuptools from 67.7.2 to 68.0.0 by @dependabot in #248
• Bump mypy from 1.4.0 to 1.4.1 by @dependabot in #255
• Bump pytest from 7.3.2 to 7.4.0 by @dependabot in #256
• Bump pygit2 from 1.11.1 to 1.12.2 by @dependabot in #254

New Contributors

• @AngellusMortis made their first contribution in #245
• @H4dr1en made their first contribution in #250

Full Changelog: v1.1.4...v1.2

v1.1.4

What's Changed

Minor enhancements and bug fixes:

• Detect when join(...) is used in exec/eval/... functions by @romain-dd in #207
• Bump tarsafe version to benefit from a performance improvement by @christophetd in #209
• Allow specifying a location where to cache top packages by @christophetd in #213

Chores:

• Bump platformdirs from 3.0.0 to 3.1.1 by @dependabot in #203
• Bump urllib3 from 1.26.14 to 1.26.15 by @dependabot in #201
• Bump setuptools from 67.4.0 to 67.6.0 by @dependabot in #202
• Bump typing-extensions from 4.3.0 to 4.5.0 by @dependabot in #200
• Bump pathspec from 0.11.0 to 0.11.1 by @dependabot in #208
• Bump platformdirs from 3.1.1 to 3.2.0 by @dependabot in #211

New Contributors

• @romain-dd made their first contribution in #207

Full Changelog: v1.1.3...v1.1.4

v1.1.3

What's Changed

Bug fixes:

• Fix integrity rule crash when a project does not have a homepage URL set (#190) by @christophetd in #199
• Fix 'potentially_compromised_email_domain' behavior when a package on… by @christophetd in #198

Chores:

• Bump colorama from 0.4.5 to 0.4.6 by @dependabot in #193
• Bump flake8 from 5.0.4 to 6.0.0 by @dependabot in #196
• Bump pytest from 7.2.1 to 7.2.2 by @dependabot in #192
• Bump tqdm from 4.64.0 to 4.65.0 by @dependabot in #194
• Bump pathspec from 0.9.0 to 0.11.0 by @dependabot in #195

Full Changelog: v1.1.2...v1.1.3

v1.1.2

What's Changed

Bug fixes:

• Fix JSON output (#188)

Chores:

• Bump python-dotenv from 0.20.0 to 1.0.0 by @dependabot in #184
• Bump setuptools from 67.3.2 to 67.4.0 by @dependabot in #185
• Bump charset-normalizer from 2.1.0 to 2.1.1 by @dependabot in #181
• Bump wcmatch from 8.4 to 8.4.1 by @dependabot in #183

Full Changelog: v1.1.1...v1.1.2

v1.1.1

What's Changed

Enhancements:

• Catch code execution through exec(...(zlib.decompress(xxx)) by @christophetd in #164
• Remove incorrect double quotes from semgrep rule for code-execution (closes #178) by @christophetd in #179

Bug fixes:

• Fix duplicate bug in NPM typosquatting algorithm (fixes #131) by @christophetd in #165
• Consider 'guarddog xxx scan .' a local target (fixes #175) by @christophetd in #176

Chores:

• Bump setup-python versions and remove unused files by @christophetd in #167
• Bump setuptools from 65.7.0 to 67.3.2 by @dependabot in #173
• Bump urllib3 from 1.26.11 to 1.26.14 by @dependabot in #171
• Bump mypy-extensions from 0.4.3 to 1.0.0 by @dependabot in #172

Full Changelog: v1.1.0...v1.1.1

v1.1.0

What's Changed

New features:

• Create new heuristic to identify PyPI packages with a single Python file (closes #160) by @christophetd in #162

Enhancements:

• Catch dynamic execution of base64-encoded code through __import__ (fixes #157) by @christophetd in #158

Bug fixes:

• Don't run Semgrep when no sourcecode rule should be run (fixes #161) by @christophetd in #163
• Fix package extraction for namespaced npm packages (fixes #155) by @christophetd in #156

Chores:

• Bump click-option-group from 0.5.3 to 0.5.5 by @dependabot in #152
• Bump docker from 6.0.0b1 to 6.0.1 by @dependabot in #149
• Bump idna from 3.3 to 3.4 by @dependabot in #151
• Bump platformdirs from 2.5.2 to 3.0.0 by @dependabot in #150
• Sync requirements.txt by @christophetd in #154

Full Changelog: v1.0.2...v1.1.0