Update semgrep requirement from ~=1.43.0 to ~=1.44.0

[dependabot]

Updates the requirements on semgrep to permit the latest version.

Release notes

Sourced from semgrep's releases.

Release v1.44.0

1.44.0 - 2023-10-11

Added

• A new --matching-explanations CLI flag has been added, to get matching explanations. This was internally used by the Semgrep Playground to help debug rules, but is now available also directly from the CLI. (explanations)

• Using C++ tree-sitter as a failsafe pattern parser for C (gh-8905)

• Allowing multiple type fields in metavariable-type rule syntax

  Users have the flexibility to utilize multiple type fields to match the type of metavariables. For instance:

  metavariable-type: metavariable: $X types: - typeA - typeB

  This approach is also supported in rule 2.0. (gh-8913)

• Support for parsing pubspec (Dart/Flutter) lockfiles (gh-8925)

• Added support for matching template type arguments using metavariables in C++. Users can now successfully match code snippets like:

  #include <memory>
  using namespace std;
  void foo() {
  int *i = 0;
  // ruleid: match-with-template
  shared_ptr&lt;int&gt; p;
  
  }
  

  with the pattern:

  shared_ptr<$TY> $LOCAL_VAR;
  ``` (pa-3102)
  

Fixed

• Avoid fatal "missing plugin" exceptions when scanning some Apex rules for which no Apex pattern is used by the rule such as a pattern-regex: and nothing else. (gh-8945)
• Semgrep can now parse optional assignments in Swift (e.g. a.b? = 1). (lang-1)

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.44.0 - 2023-10-11

Added

• A new --matching-explanations CLI flag has been added, to get matching explanations. This was internally used by the Semgrep Playground to help debug rules, but is now available also directly from the CLI. (explanations)

• Using C++ tree-sitter as a failsafe pattern parser for C (gh-8905)

• Allowing multiple type fields in metavariable-type rule syntax

  Users have the flexibility to utilize multiple type fields to match the type of metavariables. For instance:

  metavariable-type: metavariable: $X types: - typeA - typeB

  This approach is also supported in rule 2.0. (gh-8913)

• Support for parsing pubspec (Dart/Flutter) lockfiles (gh-8925)

• Added support for matching template type arguments using metavariables in C++. Users can now successfully match code snippets like:

  #include <memory>
  using namespace std;
  void foo() {
  int *i = 0;
  // ruleid: match-with-template
  shared_ptr&lt;int&gt; p;
  
  }
  

  with the pattern:

  shared_ptr<$TY> $LOCAL_VAR;
  ``` (pa-3102)
  

Fixed

• Avoid fatal "missing plugin" exceptions when scanning some Apex rules for which no Apex pattern is used by the rule such as a pattern-regex: and nothing else. (gh-8945)
• Semgrep can now parse optional assignments in Swift (e.g. a.b? = 1). (lang-1)
• Sequential tainting is now supported in Elixir.

... (truncated)

Commits

• 6b5ae0d chore: Bump version to 1.44.0
• 63f658f Expose Core_scan.filter_existings_targets for semgrep-pro (#8959)
• c604ec5 Do not crash the whole scan because of weird targets (#8957)
• cc5e222 ci: Add "test with Pro" to the PR checklist (#8956)
• 773b22c refactor: Mark range_of_tokens as unsafe (#8951)
• 5f11846 Revert "feat: add support for implicit return (#8826)" (#8955)
• 8e66fe9 cleanup(ls): cleanup logging + dead python code (#8954)
• 58efe4f Catch "missing plugin" errors more widely (#8945)
• 2284851 fix: Gracefully handle metavariable-regex against resolved values (#8948)
• 89bf7f3 logging: Reduce noise in -debug's output (#8950)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #72 (3e1c4c2) into main (db09667) will not change coverage.
Report is 6 commits behind head on main.
The diff coverage is n/a.

❗ Current head 3e1c4c2 differs from pull request most recent head d64e024. Consider uploading reports for the commit d64e024 to get more accurate results

@@           Coverage Diff           @@
##             main      #72   +/-   ##
=======================================
  Coverage   95.86%   95.86%           
=======================================
  Files          46       46           
  Lines        1694     1694           
=======================================
  Hits         1624     1624           
  Misses         70       70