Releases: Bearer/bearer
Releases · Bearer/bearer
v1.18.0
Changelog
- 3aa17a6 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1151)
- 46ef8f9 chore(deps): bump github.com/hhatto/gocloc from 0.5.0 to 0.5.1 (#1154)
- 056d8a3 chore(deps): bump github.com/open-policy-agent/opa from 0.54.0 to 0.55.0 (#1153)
- 2c11eba chore(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 (#1152)
- 3d9ebac chore: update detector type when classification (#1149)
- 48bae74 docs(rules): fix broken source link (#1165)
- 489f454 docs(rules): update rules page (#1157)
- 02ce920 feat(output): show outdated fingerprints (#1147)
- 6c36304 feat: add flag to ignore report failures (#1145)
- 2fa6faa feat: add sign-up link to report output (#1159)
- e756629 feat: base branch diff (#1158)
- 8ff548f feat: show rule count per language (#1156)
- f8c0e00 fix: fetching and checkout of base branch (#1167)
- cd3e7ec fix: honor quiet flag in diff logic (#1168)
- f7f1dad fix: repository lookup errors and diff git file scanning (#1163)
- fed0bea fix: typo in sign up url in security report message (#1161)
v1.17.0
Changelog
- 56a6919 chore(deps): bump actions/upload-pages-artifact from 1 to 2 (#1124)
- 3618d59 chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1115)
- 327b83f chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1138)
- 997099e chore(deps): bump github.com/weppos/publicsuffix-go from 0.30.0 to 0.30.1 (#1123)
- 6017ffa chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1117)
- 4eae0c6 feat(output): add fingerprints info (#1143)
- e96d808 feat: improve code extract to be consistent (#1137)
- f3f96fa feat: improve local development (#1142)
- b075a89 feat: scan profiling (#1112)
- 032af85 feat: show warnings in html summary (#1140)
- 917da47 fix: improve memory usage (#1113)
- fc5f2e3 fix: missing cached data warning for security and privacy reports (#1121)
- a4b6b5a fix: respect gitignore syntax in skip-path (#1134)
- d76fd1f fix: update telephone classification (#1139)
- 0401ded perf: use a single tree sitter query per language (#1141)
v1.16.0
v1.15.0
Changelog
- 9917a57 chore: add local_variable_declaration (#1089)
- 663c495 chore: include file in errors in dataflow (#1101)
- c8c9457 feat(java): improve variable support (#1100)
- 94c4fc6 feat: better handle rule loading failures and give more information (#1099)
- 38df8c6 feat: fix min number of workers to 2 (#1090)
- c822697 feat: html output (#1061)
- c0ff775 fix: fingerprint generation (#1102)
v1.14.0
Changelog
- 359e301 chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.16.4 to 8.17.0 (#1074)
- 6b5f2f5 chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1073)
- 08c586b chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1072)
- 7b14c72 docs(chore): update cloud link (#1069)
- b0fca63 feat(java): better catch support (#1082)
- 81ee5e8 feat(java): support resource blocks (#1086)
- 68a0d32 feat: add dependency check (#1076)
- fa6b8f6 feat: string assign-equals support (#1077)
- 497a4b7 feat: support filters when referencing rules (#1080)
- 11a6fc8 fix: check node type for root variable patterns (#1085)
- 50c9d8f fix: fatal logging (#1081)
- 844afe3 fix: improve gitlab sast report output (#1078)
- 0e93c56 fix: java variables (#1079)
- 4a7e938 fix: support variables in js imports (#1083)
- f9575a9 perf: various performance enhancements (#1075)
v1.13.1
v1.13.0
Changelog
- e5c55df chore(deps): bump github.com/open-policy-agent/opa from 0.53.0 to 0.53.1 (#1052)
- 56b4189 chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.16.3 to 8.16.4 (#1053)
- 751614b chore: add cloud note (#1066)
- c66ff3a chore: ignore -min.js as well as .min.js files (#1060)
- f5da6b8 feat: changes to support JS dangerous html rule (#1054)
- dad1b2d feat: use all cores (#1058)
- 406033e fix: activate java ruleset (#1057)
- eb03adb fix: allow string regex filter to match against empty string literals (#1062)
v1.12.0
Changelog
- 35bcf41 chore: add profiling flag (#1040)
- 06a4a9e docs(ci): add reviewdog examples (#1048)
- 94d33dd feat(java): string concatenation (#1044)
- ad0d811 fix(java): add try statement as unanchored pattern (#1049)
- 18cfdb0 fix: Java string detector (strip quotes) (#1043)
- 8f8c5d7 fix: classify internal or external depending on reason (#1050)
- 16c1c84 fix: datatype detector including invalid results (#1045)
v1.11.0
Changelog
- f66e303 chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1031)
- c47378f chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1032)
- 3d28318 feat(output): add reviewdog output format for security report (#1028)
- b612a19 feat: add data types to saas report (#1030)
- ba142fa fix(recipe): type processed incorrectly (#1038)
- 5ec7c12 fix: add import_specifier to js match node containers (#1029)
- 0cc1d54 fix: switch back to yaml v3 for report (#1036)
- 7a95485 fix: use new package name for reviewdog (#1033)
v1.10.0
Highlights
- Performance improvements - Bearer is now about 4x as fast! #1017 #1025
- Improved import detection in JS - This will allow us to more accurately detected loaded libs #1027
Changelog
- 179ccae chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1013)
- c466049 chore(deps): bump github.com/open-policy-agent/opa from 0.52.0 to 0.53.0 (#1014)
- 6079ebd feat: add exclude-fingerprints flag (#1018)
- 37f23e3 feat: add fingerprint to report and move skip rule to docs (#1023)
- 9c987ec feat: add no-color flag (#1015)
- 7f7a438 feat: ignore minified JS files (#1025)
- 5d5073b feat: javascript import support (#1027)
- a90388c feat: worker per file (#1017)
- 4d3f86b fix: prefer fingerprint to fingerprints to match other flags (#1022)
- 077a311 fix: result scope following testing (#1024)
- 5e3dfcb fix: ruby element reference query (#1019)