Improvements and bug fixes: * Adding FP case to npm-obfuscation by sobregosodd in https://github.com/DataDog/guarddog/pull/366 * fix rules assignment per ecosystem by sobregosodd in https://github.com/DataDog/guarddog/pull/365
Improvements and bug fixes: * Add npm-exfiltrate-sensitive-data case by sobregosodd in https://github.com/DataDog/guarddog/pull/352 * improve shady-links matching by sobregosodd in https://github.com/DataDog/guarddog/pull/358 * Add detection of compiled binaries in package code by sobregosodd in https://github.com/DataDog/guarddog/pull/355 * add download_executable missing detection by sobregosodd in https://github.com/DataDog/guarddog/pull/363
Chores: * Bump requests from 2.31.0 to 2.32.0 by dependabot in https://github.com/DataDog/guarddog/pull/361 * Bump pygit2 from 1.14.1 to 1.15.0 by dependabot in https://github.com/DataDog/guarddog/pull/360 * Bump pytest from 8.2.0 to 8.2.1 by dependabot in https://github.com/DataDog/guarddog/pull/359
Improvements and bug fixes: * Add NPM detection of sensitive data exfiltration javascript code by sobregosodd in https://github.com/DataDog/guarddog/pull/346 * Adding parameter to scan files up to 10Mb by sobregosodd in https://github.com/DataDog/guarddog/pull/347
Chores: * Bump coverage from 7.4.4 to 7.5.1 by dependabot in https://github.com/DataDog/guarddog/pull/354 * Bump mypy from 1.9.0 to 1.10.0 by dependabot in https://github.com/DataDog/guarddog/pull/348 * Bump pytest from 8.1.1 to 8.2.0 by dependabot in https://github.com/DataDog/guarddog/pull/351 * Bump python-whois from 0.9.3 to 0.9.4 by dependabot in https://github.com/DataDog/guarddog/pull/350
Improvements and bug fixes: * improve download-executable with urlretrieve by sobregosodd in https://github.com/DataDog/guarddog/pull/328 * fix download-executable false negatives by sobregosodd in https://github.com/DataDog/guarddog/pull/329 * [SINT-1985] Decrease "npm_metadata_mismatch" noisiness by juliendoutre in https://github.com/DataDog/guarddog/pull/331 * Move "unclaimed maintainer email domain" to New Signal by cedricvanrompay-datadog in https://github.com/DataDog/guarddog/pull/342 * Add NPM detection of obfuscated javascript code by sobregosodd in https://github.com/DataDog/guarddog/pull/335 * Pass expected dictionary format for status code verification by zayacb in https://github.com/DataDog/guarddog/pull/334
Chores: * Bump termcolor from 2.3.0 to 2.4.0 by dependabot in https://github.com/DataDog/guarddog/pull/327 * Bump python-whois from 0.8.0 to 0.9.3 by dependabot in https://github.com/DataDog/guarddog/pull/326 * Bump pytest-mock from 3.11.1 to 3.14.0 by dependabot in https://github.com/DataDog/guarddog/pull/325 * Bump pygit2 from 1.12.2 to 1.14.1 by dependabot in https://github.com/DataDog/guarddog/pull/324 * Bump setuptools from 68.0.0 to 69.2.0 by dependabot in https://github.com/DataDog/guarddog/pull/323 * Bump idna from 3.4 to 3.7 by dependabot in https://github.com/DataDog/guarddog/pull/332 * Bump configparser from 6.0.1 to 7.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/340 * Bump mypy from 1.4.1 to 1.9.0 by dependabot in https://github.com/DataDog/guarddog/pull/339 * Bump pytest from 7.4.0 to 8.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/338 * Bump python-dateutil from 2.8.2 to 2.9.0.post0 by dependabot in https://github.com/DataDog/guarddog/pull/337 * Bump prettytable from 3.8.0 to 3.10.0 by dependabot in https://github.com/DataDog/guarddog/pull/336 * Bump setuptools from 69.2.0 to 69.5.1 by dependabot in https://github.com/DataDog/guarddog/pull/344
New Contributors * zayacb made their first contribution in https://github.com/DataDog/guarddog/pull/334
What's Changed Improvements and bug fixes: * Fixed detection for `code-execution` in https://github.com/DataDog/guarddog/issues/306 * Bump semgrep verstion from 0.112.1 to 1.67.0 by sobregosodd in https://github.com/DataDog/guarddog/pull/322
New Contributors * sobregosodd made their first contribution in https://github.com/DataDog/guarddog/pull/322