New webhook events

We’ve added three new events that you can subscribe to when you create a new webhook:

• team_member.added: Triggered when a new member is added to the team.
• team_member.removed: Triggered when an existing member is removed from a team.
• team_member.updated: Triggered when the role of a member is changed.

You can refer to the docs for more details on these events and see what the payload looks like.

New in Analyzers

• PHP: Added 2 new security issues (PHP-A1001, PHP-A1009)
• Go: Added Autofix for 6 issues (RVV-A0001, RVV-A0009, SCC-S1007, SCC-SA4017, SCC-SA4018, SCC-SA9003)
• Java: The Java Analyzer now supports projects using Java 17.
• C#: Added 7 new issues (CS-W1014, CS-A1006, CS-A1005, CS-W1015, CS-R1037, CS-R1038, CS-R1036)
• Rust: Added 10 new issues (RS-P1003, RS-W1056, RS-W1057, RS-W1058, RS-W1059, RS-W1060, RS-W1061, RS-W1062, RS-W1063, RS-W1064)
• JavaScript: Added 1 new security issue (JS-S1008)
• Python: Added 1 new security checker (PTC-W6004). We now have at least one issue for every OWASP Top 10 recommendation in the 2017 and 2021 lists.

Introducing, Duck Norris!

We’ve adopted Duck Norris, a cyborg duck from Quackotron, as our Mascot. He would be working on spreading the word about our mission of helping developers ship good code to the world. We also made a fun short movie about this!

Fixes and improvements

• We have a brand new 404 page! Check it out here.
• There’s now a home button in Discover’s sidebar, so you can easily go back to your DeepSource Home.
• Fixed the broken rendering of HTML entities in the title of an issue
• Fixed a redirect loop on GitLab authentication. Users will directly be redirected to the account selector directly after authorizing their GitLab account.
• Standardize font sizes for cards across the dashboard. This was an eyesore, truly.
• Disabled the Autofix button for unauthenticated users when browsing public repositories. Although the action wouldn’t succeed, the button was being shown as a no-op.
• Fixed: Users were not able to add new events after creating a webhook.
• Removed the first and last seen times of an issue in the history page, where it didn’t really make sense.
• PHP: Fixed a false-positive in PHP-A1006.
• PHP: Fixed wrong end line in PHP-W1074.
• Go: Fixed data races to mitigate the episodic runtime panics leading to analysis timeouts.
• Python: Fixed a major source of Autofix failures. Running Autofix for R1705, R1720, R1723, and R1724 should no longer have failures.
• C#: CS-R1008: GenericExceptionHandlingCheck is no longer raised when an Exception is being trapped for logging purposes or when passed to Console.WriteLine.
• C#: CS-P1001: ManualGarbageCollectCheck now correctly handles scenarios when GC-related methods such as SuppressFinalize are invoked inside Dispose.
• C#: CS-R1029: TestHasNoAssertCheck is no longer invoked when a custom assertion is used in place of test-suite’s Assert.
• Java: OWASP references in security issue descriptions are now in a uniform format.
• Java: The Java analyzer will now assume a default Java version if none is provided.
• Java: Multiple or nested independent Gradle and Maven projects in the same repository are now properly detected.
• Java: File exclusions are now more efficiently processed.
• Java: JAVA-E0110 (Equals without null check) now correctly ignores valid non-trivial equals implementations.
• Java: JAVA-P1001 (inefficient replaceAll) now correctly detects certain regex signatures.
• Java: JAVA-E1014 (improper getter/setter) now also accounts for final fields.
• Java: JAVA-E1041 (unimplementable interface) is now smarter in detecting bad interfaces.
• Java: JAVA-E0094 (Finalizer must not be invoked) will no longer be raised for overloaded methods that are not finalizers.
• Java: JAVA-P0057 (URL collections are bad) will now respect spotbugs suppress annotations.
• Java: JAVA-S1002 (Naive trustmanager/hostname verifier implementation) will now respect spotbugs suppress annotations.
• JavaScript: Fixed a false-positive in JS-D1001.