New webhook events
We’ve added three new events that you can subscribe to when you create a new webhook:
team_member.added: Triggered when a new member is added to the team.
team_member.removed: Triggered when an existing member is removed from a team.
team_member.updated: Triggered when the role of a member is changed.
You can refer to the docs for more details on these events and see what the payload looks like.
New in Analyzers
- PHP: Added 2 new security issues (PHP-A1001, PHP-A1009)
- Go: Added Autofix for 6 issues (RVV-A0001, RVV-A0009, SCC-S1007, SCC-SA4017, SCC-SA4018, SCC-SA9003)
- Java: The Java Analyzer now supports projects using Java 17.
- C#: Added 7 new issues (CS-W1014, CS-A1006, CS-A1005, CS-W1015, CS-R1037, CS-R1038, CS-R1036)
- Rust: Added 10 new issues (RS-P1003, RS-W1056, RS-W1057, RS-W1058, RS-W1059, RS-W1060, RS-W1061, RS-W1062, RS-W1063, RS-W1064)
- Python: Added 1 new security checker (PTC-W6004). We now have at least one issue for every OWASP Top 10 recommendation in the 2017 and 2021 lists.
Introducing, Duck Norris!
We’ve adopted Duck Norris, a cyborg duck from Quackotron, as our Mascot. He would be working on spreading the word about our mission of helping developers ship good code to the world. We also made a fun short movie about this!
Fixes and improvements
- We have a brand new 404 page! Check it out here.
- There’s now a home button in Discover’s sidebar, so you can easily go back to your DeepSource Home.
- Fixed the broken rendering of HTML entities in the title of an issue
- Fixed a redirect loop on GitLab authentication. Users will directly be redirected to the account selector directly after authorizing their GitLab account.
- Standardize font sizes for cards across the dashboard. This was an eyesore, truly.
- Disabled the Autofix button for unauthenticated users when browsing public repositories. Although the action wouldn’t succeed, the button was being shown as a no-op.
- Fixed: Users were not able to add new events after creating a webhook.
- Removed the first and last seen times of an issue in the history page, where it didn’t really make sense.
- PHP: Fixed a false-positive in PHP-A1006.
- PHP: Fixed wrong end line in PHP-W1074.
- Go: Fixed data races to mitigate the episodic runtime panics leading to analysis timeouts.
- Python: Fixed a major source of Autofix failures. Running Autofix for R1705, R1720, R1723, and R1724 should no longer have failures.
- C#: CS-R1008:
GenericExceptionHandlingCheckis no longer raised when an
Exceptionis being trapped for logging purposes or when passed to
- C#: CS-P1001:
ManualGarbageCollectChecknow correctly handles scenarios when
GC-related methods such as
SuppressFinalizeare invoked inside
- C#: CS-R1029:
TestHasNoAssertCheckis no longer invoked when a custom assertion is used in place of test-suite’s
- Java: OWASP references in security issue descriptions are now in a uniform format.
- Java: The Java analyzer will now assume a default Java version if none is provided.
- Java: Multiple or nested independent Gradle and Maven projects in the same repository are now properly detected.
- Java: File exclusions are now more efficiently processed.
- Java: JAVA-E0110 (Equals without null check) now correctly ignores valid non-trivial
- Java: JAVA-P1001 (inefficient replaceAll) now correctly detects certain regex signatures.
- Java: JAVA-E1014 (improper getter/setter) now also accounts for final fields.
- Java: JAVA-E1041 (unimplementable interface) is now smarter in detecting bad interfaces.
- Java: JAVA-E0094 (Finalizer must not be invoked) will no longer be raised for overloaded methods that are not finalizers.
- Java: JAVA-P0057 (URL collections are bad) will now respect spotbugs suppress annotations.
- Java: JAVA-S1002 (Naive trustmanager/hostname verifier implementation) will now respect spotbugs suppress annotations.