v1.11.2

What's Changed

• Hotfix: No rules are ran by default by @sobregosodd in #406

Full Changelog: v1.11.1...v1.11.2

v1.11.1

What's Changed

• Fix rules filtering by @sobregosodd in #405

Full Changelog: v1.11.0...v1.11.1

v1.11.0

What's Changed

Bug fixes and improvements

• Add steganography for NPM by @sobregosodd in #396
• Add exceptions to shady-links by @sobregosodd in #395
• Improve detection to avoid memory over-usage by @sobregosodd in #400
• Bugfix: Input rules are not correctly set in analyzers by @sobregosodd in #399

Chores

• Bump mypy from 1.10.0 to 1.10.1 by @dependabot in #402
• Bump setuptools from 70.0.0 to 70.2.0 by @dependabot in #403
• Bump coverage from 7.5.3 to 7.5.4 by @dependabot in #398

Full Changelog: v1.10.1...v1.11.0

v1.10.1

Bug fixes and improvements

• Fixing the timezone in dns lookups by @sobregosodd in #385
• add --version flag to cli by @xopham in #392
• Create RELEASING.md by @christophetd in #393
• Addressing fixes in DLL hijacking by @sobregosodd in #384
• Bugfix Bundled binary rule by @sobregosodd in #386

Chores

• Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #391
• Bump flake8 from 7.0.0 to 7.1.0 by @dependabot in #390

New Contributors

• @xopham made their first contribution in #392

Full Changelog: v1.10.0...v1.10.1

v1.10.0

What's Changed

Improvements and bug fixes:

• Add exception for wrong JSFuck detection by @sobregosodd in #383
• Add DLL hijacking detection by @sobregosodd in #382
• Feature: honor requirements versions by @sobregosodd in #380
• Fixing the timezone in dns lookups by @sobregosodd in #379

Chores:

• Bump pytest from 8.2.1 to 8.2.2 by @dependabot in #381

Full Changelog: v1.9.0...v1.10.0

v1.9.0

What's Changed

Improvements and bug fixes:

• remove redundant docker layer by @jxdv in #368
• Add Sebastian to maintainers by @christophetd in #370
• Fix typo in environment variable to set scan parallelism by @christophetd in #376
• Add detection for Deceptive Author by @sobregosodd in #374
• Pushed top pkgs update for typosquatting by @sobregosodd in #345
• Add detection of bidirectional characters by @sobregosodd in #356

Chores:

• Bump requests from 2.32.0 to 2.32.2 by @dependabot in #371
• Bump coverage from 7.5.1 to 7.5.3 by @dependabot in #377
• Bump setuptools from 69.5.1 to 70.0.0 by @dependabot in #372
• Bump requests from 2.32.2 to 2.32.3 by @dependabot in #378

Full Changelog: v1.8.2...v1.9.0

v1.8.2

What's Changed

• Bugfix: Fix regression in SARIF scan output by @christophetd in #369

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

Improvements and bug fixes:

• Adding FP case to npm-obfuscation by @sobregosodd in #366
• fix rules assignment per ecosystem by @sobregosodd in #365

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

Improvements and bug fixes:

• Add npm-exfiltrate-sensitive-data case by @sobregosodd in #352
• improve shady-links matching by @sobregosodd in #358
• Add detection of compiled binaries in package code by @sobregosodd in #355
• add download_executable missing detection by @sobregosodd in #363

Chores:

• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #361
• Bump pygit2 from 1.14.1 to 1.15.0 by @dependabot in #360
• Bump pytest from 8.2.0 to 8.2.1 by @dependabot in #359

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

Improvements and bug fixes:

• Add NPM detection of sensitive data exfiltration javascript code by @sobregosodd in #346
• Adding parameter to scan files up to 10Mb by @sobregosodd in #347

Chores:

• Bump coverage from 7.4.4 to 7.5.1 by @dependabot in #354
• Bump mypy from 1.9.0 to 1.10.0 by @dependabot in #348
• Bump pytest from 8.1.1 to 8.2.0 by @dependabot in #351
• Bump python-whois from 0.9.3 to 0.9.4 by @dependabot in #350

Full Changelog: v1.6.0...v1.7.0