Releases: DataDog/guarddog
Releases · DataDog/guarddog
v1.8.2
What's Changed
- Bugfix: Fix regression in SARIF scan output by @christophetd in #369
Full Changelog: v1.8.1...v1.8.2
Contributors
christophetd
Assets 2
v1.8.1
What's Changed
Improvements and bug fixes:
- Adding FP case to npm-obfuscation by @sobregosodd in #366
- fix rules assignment per ecosystem by @sobregosodd in #365
Full Changelog: v1.8.0...v1.8.1
Contributors
sobregosodd
Assets 2
v1.8.0
What's Changed
Improvements and bug fixes:
- Add npm-exfiltrate-sensitive-data case by @sobregosodd in #352
- improve shady-links matching by @sobregosodd in #358
- Add detection of compiled binaries in package code by @sobregosodd in #355
- add download_executable missing detection by @sobregosodd in #363
Chores:
- Bump requests from 2.31.0 to 2.32.0 by @dependabot in #361
- Bump pygit2 from 1.14.1 to 1.15.0 by @dependabot in #360
- Bump pytest from 8.2.0 to 8.2.1 by @dependabot in #359
Full Changelog: v1.7.0...v1.8.0
Contributors
dependabot and sobregosodd
Assets 2
v1.7.0
What's Changed
Improvements and bug fixes:
- Add NPM detection of sensitive data exfiltration javascript code by @sobregosodd in #346
- Adding parameter to scan files up to 10Mb by @sobregosodd in #347
Chores:
- Bump coverage from 7.4.4 to 7.5.1 by @dependabot in #354
- Bump mypy from 1.9.0 to 1.10.0 by @dependabot in #348
- Bump pytest from 8.1.1 to 8.2.0 by @dependabot in #351
- Bump python-whois from 0.9.3 to 0.9.4 by @dependabot in #350
Full Changelog: v1.6.0...v1.7.0
Contributors
dependabot and sobregosodd
Assets 2
v1.6.0
What's Changed
Improvements and bug fixes:
- improve download-executable with urlretrieve by @sobregosodd in #328
- fix download-executable false negatives by @sobregosodd in #329
- [SINT-1985] Decrease "npm_metadata_mismatch" noisiness by @juliendoutre in #331
- Move "unclaimed maintainer email domain" to New Signal by @cedricvanrompay-datadog in #342
- Add NPM detection of obfuscated javascript code by @sobregosodd in #335
- Pass expected dictionary format for status code verification by @zayacb in #334
Chores:
- Bump termcolor from 2.3.0 to 2.4.0 by @dependabot in #327
- Bump python-whois from 0.8.0 to 0.9.3 by @dependabot in #326
- Bump pytest-mock from 3.11.1 to 3.14.0 by @dependabot in #325
- Bump pygit2 from 1.12.2 to 1.14.1 by @dependabot in #324
- Bump setuptools from 68.0.0 to 69.2.0 by @dependabot in #323
- Bump idna from 3.4 to 3.7 by @dependabot in #332
- Bump configparser from 6.0.1 to 7.0.0 by @dependabot in #340
- Bump mypy from 1.4.1 to 1.9.0 by @dependabot in #339
- Bump pytest from 7.4.0 to 8.1.1 by @dependabot in #338
- Bump python-dateutil from 2.8.2 to 2.9.0.post0 by @dependabot in #337
- Bump prettytable from 3.8.0 to 3.10.0 by @dependabot in #336
- Bump setuptools from 69.2.0 to 69.5.1 by @dependabot in #344
New Contributors
Full Changelog: v1.5.8...v1.6.0
Contributors
zayacb, dependabot, and 3 other contributors
Assets 2
v1.5.8
What's Changed
Improvements and bug fixes:
- Fixed detection for
code-executionin #306 - Bump semgrep verstion from 0.112.1 to 1.67.0 by @sobregosodd in #322
New Contributors
- @sobregosodd made their first contribution in #322
Full Changelog: v1.5.7...v1.5.8
Contributors
sobregosodd
Assets 2
v1.5.7
What's Changed
Improvements and bug fixes:
- Identify when code is decrypted and executed on the fly by @christophetd in #316
Chores:
- Bump urllib3 from 1.26.16 to 1.26.18 by @dependabot in #317
- Bump coverage from 7.2.7 to 7.4.4 by @dependabot in #319
- Bump certifi from 2023.5.7 to 2023.7.22 by @dependabot in #318
- Bump pyyaml from 6.0 to 6.0.1 by @dependabot in #270
- Bump flake8 from 6.0.0 to 7.0.0 by @dependabot in #320
- Bump click from 8.1.4 to 8.1.7 by @dependabot in #275
- Bump configparser from 5.3.0 to 6.0.1 by @dependabot in #321
Full Changelog: v1.5.6...v1.5.7
Contributors
christophetd and dependabot
Assets 2
v1.5.6
What's Changed
- Fixed
write_package_infoargument by @enelli in #315 - Updated npm-install-script rule by @cedricvanrompay-datadog #313
- Updated CLI err msg and update code by @jxdv #309
Full Changelog: v1.5.5...v1.5.6
Contributors
enelli, cedricvanrompay-datadog, and jvirgovic
Assets 2
v1.5.5
What's Changed
- refact: Simplify python statements by @jxdv in #298
- Address some false positives with shady-links by @Taiki-San in #305
Full Changelog: v1.5.4...v1.5.5
Contributors
Taiki-San and jvirgovic
Assets 2
v1.5.4
What's Changed
- update license by @jxdv in #300
- update ci snippet by @jxdv in #301
- edit docstring param name by @jxdv in #299
- Disable an obfuscation detection that triggered many false positives by @Taiki-San in #304
- Update the shady-links rule to match IPs by @Taiki-San in #303
New Contributors
- @Taiki-San made their first contribution in #304
Full Changelog: v1.5.3...v1.5.4
Contributors
Taiki-San and jvirgovic