Improved commits and PRs for Autofix™️
- Conventional commits are widely accepted standards for organizing commit history among teams. However, commits generated by DeepSource lacked adherence to any standard, leading to inconsistencies in our users’ commit history. With this update, all commits raised by DeepSource now conform to the conventional commits standard.
- Autofix™️ pull requests created by DeepSource now include a short description of the issue they are fixing. This additional context will provide you with a better understanding of the changes proposed.
Carry-forward inference for Code Coverage
Teams with large repositories and complex build processes often configure their CI not to run tests on default branch merges. This posed a problem for DeepSource since we use the analysis on default branch commits as the source of truth for metrics and issues in your baseline.
This update allows you to track code coverage metrics even when tests aren’t run on your default branch commits. DeepSource will use the last known coverage file sent for a pull request as the source of truth for coverage information after the pull request is merged into the default branch. To enable this for your repository, go to Settings → Code Coverage → and toggle “Enable report inference”.
New in Analyzers
- 38 new checks for static analysis and SAST:
- Rust: RS-A1007, RS-E1024, RS-E1025, RS-W1117, RS-W1118
- Ruby: RB-C1014, RB-C1015, RB-W1017, RB-ST1117, RB-ST1123 ,RB-W1018, RB-W1019, RB-W1020, RB-W1021, RB-C1016, RB-C1017, RB-C1018, RB-C1019, RB-W1022, RB-W1023
- C#: CS-P1021, CS-R1110, CS-W1082
- Scala: SC-R1068, SC-R1069, SC-R1070
- Java: JAVA-E1104, JAVA-E1103, JAVA-E1105, JAVA-W1084, JAVA-W1082, JAVA-W1083, JAVA-E1102, JAVA-S1067
- Autofix™️ for 12 checks
- Ruby: RB-C1014, RB-C1015, RB-W1017, RB-ST1117, RB-ST1123, RB-W1021, RB-C1016
- C#: CS-R1110, CS-W1082
Fixes and Improvements
- We’ve added a new general page in your team settings where you can configure your team’s SSH Keys, preference settings, VCS connections, and advanced settings such as team deletion.
- We’ve fixed an issue where the deepsource.toml config generator commits made by DeepSource GitHub bot were not signed.
- We’ve fixed an issue where users could access empty or repositories with disabled access during GitLab repository syncs. DeepSource now ignores such repositories while syncing.
- We’ve fixed an issue where GitLab’s latest commit SHA was not properly synced to DeepSource.
- We now show team-level reports and pinned reports to users in your team withContributor role and Repository-level reports and pinned reports to users with a Read Only role.
- We’ve fixed an issue where we were showing 500 error code instead of 404 for invalid URL endpoints.
- We’ve disabled the Autofix™️ for RB-LI1021 in the Ruby Analyzer. Some Autofixes were failing as the check for this issue didn’t have Autofix available for all cases. We will enable it again once we have resolved this.
- We’ve removed the check with issue code BAN-B324, as it was a subset of PTC-W1003.
- We’ve fixed an Autofix™️ failure for PTC-W0050, which was incorrectly generated when multiple decorators were present on a dataclass.
- We’ve fixed six false positives in this release:
- JAVA-W0324: We’ve fixed an issue where the writeReplace method was not properly recognized.
- SC-W1067: We’ve fixed an issue where top level case objects were marked as requiring the final modifier.
- SC-W1082: We’ve fixed an issue where the exception variable was rightly used in the case’s condition, yet was flagged as unused.
- SC-W1083: We’ve fixed an issue where lambda parameters represented by _ were marked as unused.
- PTC-W1006: We’ve fixed an issue where token = None was being flagged as sensitive data potentially getting exposed.