chore(deps): bump semgrep from 1.113.0 to 1.144.0

[dependabot]

Bumps semgrep from 1.113.0 to 1.144.0.

Release notes

Sourced from semgrep's releases.

Release v1.144.0

1.144.0 - 2025-11-19

Fixed

• pro: interfile scans no longer default to -j 1; instead, the number of available CPUs on the system is polled as part of a heuristic to determine how many threads should be spawned. (gh-4952)
• Semgrep will no longer rarely crash when --trace is passed. (incid-280)

Release v1.143.0

1.143.0 - 2025-11-12

Added

• Dataflow will now understand empty block expressions as having unit value in more instances. (code-9141)
• Parallel scans will now use shared-memory parallelism using multicore OCaml domains, rather than the legacy fork-join approach. Users can opt into the legacy method with the --x-parmap CLI flag, and this deprecates the --x-eio flag (since it is now the default behaviour). (saf-2271)
• Add -k/ --hook flag to enable Semgrep scans via Claude Code Agent post-tool hooks (saf-2279)

Fixed

• When running semgrep scan or semgrep ci, the progress bar now always ends at 100%. (SAF-2079)
• Pro: fixed various bugs relating to Scala match expression handling in dataflow analysis (e.g., some branches being misordered, especially when matching multiple variables against non-integer literal patterns). (code-9144)
• Semgrep will now emit better error messages when exceptions are raised at the beginning or end of scan (exit-message)
• Enabled taint tracking into Goroutines, by treating them as regular Go function calls. (gh-11207)
• Fixed missing Rust type alias translation. We can now accurately match the () type in a type declaration. (gh-11283)
• fixed MCP semgrep_findings tool to accept single issue_type parameter and corrected identity string role parsing (saf-2282)

Release v1.142.0

1.142.0 - 2025-10-30

Added

• Pro: improved taint handling of match expressions in Scala. In examples like

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.144.0 - 2025-11-19

Fixed

• pro: interfile scans no longer default to -j 1; instead, the number of available CPUs on the system is polled as part of a heuristic to determine how many threads should be spawned. (gh-4952)
• Semgrep will no longer rarely crash when --trace is passed. (incid-280)

1.143.0 - 2025-11-12

Added

• Dataflow will now understand empty block expressions as having unit value in more instances. (code-9141)
• Parallel scans will now use shared-memory parallelism using multicore OCaml domains, rather than the legacy fork-join approach. Users can opt into the legacy method with the --x-parmap CLI flag, and this deprecates the --x-eio flag (since it is now the default behaviour). (saf-2271)
• Add -k/ --hook flag to enable Semgrep scans via Claude Code Agent post-tool hooks (saf-2279)

Fixed

• When running semgrep scan or semgrep ci, the progress bar now always ends at 100%. (SAF-2079)
• Pro: fixed various bugs relating to Scala match expression handling in dataflow analysis (e.g., some branches being misordered, especially when matching multiple variables against non-integer literal patterns). (code-9144)
• Semgrep will now emit better error messages when exceptions are raised at the beginning or end of scan (exit-message)
• Enabled taint tracking into Goroutines, by treating them as regular Go function calls. (gh-11207)
• Fixed missing Rust type alias translation. We can now accurately match the () type in a type declaration. (gh-11283)
• fixed MCP semgrep_findings tool to accept single issue_type parameter and corrected identity string role parsing (saf-2282)

1.142.0 - 2025-10-30

Added

• Pro: improved taint handling of match expressions in Scala. In examples like

  val x = taint match {

... (truncated)

Commits

• 02b6615 chore: release version 1.144.0
• d1887c8semgrep/semgrep-proprietary#5049
• 80e9844 fix(sca): normalize names when parsing uv.lock files (semgrep/semgrep-proprie...
• 22757d3 pro-core-cli: -dump_named_ast is the Pro version (semgrep/semgrep-proprietary...
• 7ecd10bsemgrep/semgrep-proprietary#5041
• 9614ed9 fix(gomod): correctly parse parentheses in comments [SC-2974] (semgrep/semgre...
• e87af8a dataflow: Extend IL to be able to represent an entire file (semgrep/semgrep-p...
• 6ba6f90 tainting: Fix fatal error due to Log.debug mutex deadlock (semgrep/semgrep-pr...
• 8eb4cc1semgrep/semgrep-proprietary#5019
• 8ff3185 perf(config): only semgrep-core validate rules that are going to run on semgr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)