Features: * Add new heuristics for the download-executable module by romain-dd in https://github.com/DataDog/guarddog/pull/214
Enhancements: * Create tests to evaluate the number of false positives and false negatives by romain-dd in https://github.com/DataDog/guarddog/pull/222 * Do not use strict version constraints in pyproject.toml by AngellusMortis in https://github.com/DataDog/guarddog/pull/245 * Optimize docker container by AngellusMortis in https://github.com/DataDog/guarddog/pull/252
Bug fixes: * Fix: Only one result per sourcecode rule is shown 187 by H4dr1en in https://github.com/DataDog/guarddog/pull/250 * Fixes unclosed file by AngellusMortis in https://github.com/DataDog/guarddog/pull/260
Chores: * Bump pygit2 from 1.11.1 to 1.12.0 by dependabot in https://github.com/DataDog/guarddog/pull/216 * Bump setuptools from 67.6.0 to 67.6.1 by dependabot in https://github.com/DataDog/guarddog/pull/215 * Bump pytest from 7.2.2 to 7.3.0 by dependabot in https://github.com/DataDog/guarddog/pull/219 * Bump prettytable from 3.6.0 to 3.7.0 by dependabot in https://github.com/DataDog/guarddog/pull/218 * Bump pytest from 7.3.0 to 7.3.1 by dependabot in https://github.com/DataDog/guarddog/pull/224 * Bump termcolor from 2.2.0 to 2.3.0 by dependabot in https://github.com/DataDog/guarddog/pull/225 * Bump setuptools from 67.6.1 to 67.7.2 by dependabot in https://github.com/DataDog/guarddog/pull/226 * Bump platformdirs from 3.2.0 to 3.5.0 by dependabot in https://github.com/DataDog/guarddog/pull/228 * Bump requests from 2.28.2 to 2.29.0 by dependabot in https://github.com/DataDog/guarddog/pull/227 * Bump docker from 6.0.1 to 6.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/235 * Cleanup Unused Deps by AngellusMortis in https://github.com/DataDog/guarddog/pull/246 * Bump setuptools from 67.7.2 to 68.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/248 * Bump mypy from 1.4.0 to 1.4.1 by dependabot in https://github.com/DataDog/guarddog/pull/255 * Bump pytest from 7.3.2 to 7.4.0 by dependabot in https://github.com/DataDog/guarddog/pull/256 * Bump pygit2 from 1.11.1 to 1.12.2 by dependabot in https://github.com/DataDog/guarddog/pull/254
New Contributors * AngellusMortis made their first contribution in https://github.com/DataDog/guarddog/pull/245 * H4dr1en made their first contribution in https://github.com/DataDog/guarddog/pull/250
Minor enhancements and bug fixes: * Detect when join(...) is used in exec/eval/... functions by romain-dd in https://github.com/DataDog/guarddog/pull/207 * Bump tarsafe version to benefit from a performance improvement by christophetd in https://github.com/DataDog/guarddog/pull/209 * Allow specifying a location where to cache top packages by christophetd in https://github.com/DataDog/guarddog/pull/213
Chores: * Bump platformdirs from 3.0.0 to 3.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/203 * Bump urllib3 from 1.26.14 to 1.26.15 by dependabot in https://github.com/DataDog/guarddog/pull/201 * Bump setuptools from 67.4.0 to 67.6.0 by dependabot in https://github.com/DataDog/guarddog/pull/202 * Bump typing-extensions from 4.3.0 to 4.5.0 by dependabot in https://github.com/DataDog/guarddog/pull/200 * Bump pathspec from 0.11.0 to 0.11.1 by dependabot in https://github.com/DataDog/guarddog/pull/208 * Bump platformdirs from 3.1.1 to 3.2.0 by dependabot in https://github.com/DataDog/guarddog/pull/211
New Contributors * romain-dd made their first contribution in https://github.com/DataDog/guarddog/pull/207
Bug fixes: * Fix integrity rule crash when a project does not have a homepage URL set (190) by christophetd in https://github.com/DataDog/guarddog/pull/199 * Fix 'potentially_compromised_email_domain' behavior when a package on… by christophetd in https://github.com/DataDog/guarddog/pull/198
Chores: * Bump colorama from 0.4.5 to 0.4.6 by dependabot in https://github.com/DataDog/guarddog/pull/193 * Bump flake8 from 5.0.4 to 6.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/196 * Bump pytest from 7.2.1 to 7.2.2 by dependabot in https://github.com/DataDog/guarddog/pull/192 * Bump tqdm from 4.64.0 to 4.65.0 by dependabot in https://github.com/DataDog/guarddog/pull/194 * Bump pathspec from 0.9.0 to 0.11.0 by dependabot in https://github.com/DataDog/guarddog/pull/195
Chores: * Bump python-dotenv from 0.20.0 to 1.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/184 * Bump setuptools from 67.3.2 to 67.4.0 by dependabot in https://github.com/DataDog/guarddog/pull/185 * Bump charset-normalizer from 2.1.0 to 2.1.1 by dependabot in https://github.com/DataDog/guarddog/pull/181 * Bump wcmatch from 8.4 to 8.4.1 by dependabot in https://github.com/DataDog/guarddog/pull/183
Enhancements: * Catch code execution through exec(...(zlib.decompress(xxx)) by christophetd in https://github.com/DataDog/guarddog/pull/164 * Remove incorrect double quotes from semgrep rule for code-execution (closes 178) by christophetd in https://github.com/DataDog/guarddog/pull/179
Bug fixes: * Fix duplicate bug in NPM typosquatting algorithm (fixes 131) by christophetd in https://github.com/DataDog/guarddog/pull/165 * Consider 'guarddog xxx scan .' a local target (fixes 175) by christophetd in https://github.com/DataDog/guarddog/pull/176
Chores: * Bump setup-python versions and remove unused files by christophetd in https://github.com/DataDog/guarddog/pull/167 * Bump setuptools from 65.7.0 to 67.3.2 by dependabot in https://github.com/DataDog/guarddog/pull/173 * Bump urllib3 from 1.26.11 to 1.26.14 by dependabot in https://github.com/DataDog/guarddog/pull/171 * Bump mypy-extensions from 0.4.3 to 1.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/172