Merge pull request #53 from ajinabraham/3.1.4

ajinabraham · web-flow · commit 3171b66e8be1 · 2024-11-14T00:49:52.000-08:00
Make semgrep optional, also update actions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.2.2
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4.2.2
     - name: Set up Python
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5.3.0
       with:
         python-version: '3.x'
     - name: Install dependencies
diff --git a/.github/workflows/python_test.yml b/.github/workflows/python_test.yml
@@ -19,9 +19,9 @@ jobs:
         python-version: ['3.10', '3.11', '3.12']
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4.2.2
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5.3.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
@@ -33,7 +33,7 @@ jobs:
         tox -e lint
     - name: Install libsast
       run: |
-        poetry install --no-interaction --no-ansi
+        poetry install --no-interaction --no-ansi --with semgrep
     - name: Bandit Scan
       run: |
         poetry run bandit -ll libsast -r
diff --git a/README.md b/README.md
@@ -17,7 +17,10 @@ Made with ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82
 
 ## Install
 
-`pip install libsast`
+```bash
+pip install semgrep==1.86.0 #For semgrep support
+pip install libsast
+```
 
 Pattern Matcher is cross-platform, but Semgrep supports only Mac and Linux.
 
diff --git a/libsast/__init__.py b/libsast/__init__.py
@@ -12,7 +12,7 @@
 __title__ = 'libsast'
 __authors__ = 'Ajin Abraham'
 __copyright__ = f'Copyright {year} Ajin Abraham, opensecurity.in'
-__version__ = '3.1.3'
+__version__ = '3.1.4'
 __version_info__ = tuple(int(i) for i in __version__.split('.'))
 __all__ = [
     'Scanner',
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "libsast"
-version = "3.1.3"
+version = "3.1.4"
 description = "A generic SAST library built on top of semgrep and regex"
 keywords = ["libsast", "SAST", "Python SAST", "SAST API", "Regex SAST", "Pattern Matcher"]
 authors = ["Ajin Abraham <ajin@opensecurity.in>"]
@@ -26,9 +26,14 @@ libsast = "libsast.__main__:main"
 python = "^3.8"
 requests = "*"
 pyyaml = ">=6.0"
-semgrep = {version = "1.86.0", markers = "sys_platform != 'win32'"}
 billiard = "^4.2.1"
 
+[tool.poetry.group.semgrep]
+optional = true
+
+[tool.poetry.group.semgrep.dependencies]
+semgrep = {version = "1.86.0", markers = "sys_platform != 'win32'"}
+
 [tool.poetry.group.dev.dependencies]
 bandit = "*"
 pytest = "*"
