| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-06-24 | 975 Bytes | |
| Release v1.168.0 source code.tar.gz | 2026-06-24 | 12.0 MB | |
| Release v1.168.0 source code.zip | 2026-06-24 | 16.5 MB | |
| Totals: 3 Items | 28.5 MB | 0 | |
1.168.0 - 2026-06-24
### Added
- Added an experimental
--x-dependency-pathsflag toscanandcithat includes the full dependency path(s) for transitive supply-chain findings in--jsonand--sarifoutput. (SC-3547)
### Changed
- Malicious supply chain rules are now labeled "Malicious" instead of "Basic" in the scan analysis summary table. (SC-3504)
### Infra/Release Changes
- semgrep-core no longer depends on libpcre 8.x; libpcre2 10.x is now the sole regex engine. (drop-libpcre)
- Aliengrep (generic mode) now uses the maintained libpcre2 10.x regular-expression library instead of the deprecated libpcre 8.x. Matching behavior is unchanged. (aliengrep-pcre2)
- The
metavariable-regexandmetavariable-comparison(re.match()) runtimes now use the maintained libpcre2 10.x library instead of the deprecated libpcre 8.x. Matching behavior is unchanged. (eval-generic-pcre2)