Mar 31, 2023
Enterprise Server v3.19.0

Improved commits and PRs for Autofix™️

  • Conventional commits are widely accepted standards for organizing commit history among teams. However, commits generated by DeepSource lacked adherence to any standard, leading to inconsistencies in our users' commit history. With this update, all commits raised by DeepSource now conform to the conventional commits standard.
  • Autofix™️ pull requests created by DeepSource now include a short description of the issue they are fixing. This additional context will provide you with a better understanding of the changes proposed.

Carry-forward inference for Code Coverage

Teams with large repositories and complex build processes often configure their CI not to run tests on default branch merges. This posed a problem for DeepSource since we use the analysis on default branch commits as the source of truth for metrics and issues in your baseline.

This update allows you to track code coverage metrics even when tests aren't run on your default branch commits. DeepSource will use the last known coverage file sent for a pull request as the source of truth for coverage information after the pull request is merged into the default branch. To enable this for your repository, go to Settings → Code Coverage → and toggle "Enable report inference".

New in Analyzers

  • Test Coverage: Support for coverage reporting in the LCOV format (details)
  • PHP: Support for Autofix, with the ability to Autofix 10+ issues
  • PHP: 2 new issues (PHP-A1012, PHP-T1006)
  • Rust: 15 new issues (RS-W1049, RS-W1066, RS-W1047, RS-W1065, RS-W1067, RS-E1013, RS-A1002, RS-A1003, RS-A1004, RS-W1038, RS-W1039, RS-P1005, RS-W1045, RS-W1046)

Fixes and Improvements

  • We've fixed an issue where the deepsource.toml config generator commits made by DeepSource GitHub bot were not signed.
  • We've fixed an issue where users could access empty or repositories with disabled access during GitLab repository syncs. DeepSource now ignores such repositories while syncing.
  • We've fixed an issue where GitLab's latest commit SHA was not properly synced to DeepSource.
  • We now show team-level reports and pinned reports to users in your team with Contributor role and Repository-level reports and pinned reports to users with a Read Only role.
  • We've fixed an issue where we were showing 500 error code instead of 404 for invalid URL endpoints.
  • We've disabled the Autofix™️ for RB-LI1021 in the Ruby Analyzer. Some Autofixes were failing as the check for this issue didn't have Autofix available for all cases. We will enable it again once we have resolved this.
  • We've removed the check with issue code BAN-B324, as it was a subset of PTC-W1003.
  • We've fixed an Autofix™️ failure for PTC-W0050, which was incorrectly generated when multiple decorators were present on a dataclass.
  • We've fixed six false positives in this release:
  • JAVA-W0324: We've fixed an issue where the writeReplace method was not properly recognized.
  • SC-W1067: We've fixed an issue where top level case objects were marked as requiring the final modifier.
  • SC-W1082: We've fixed an issue where the exception variable was rightly used in the case's condition, yet was flagged as unused.
  • SC-W1083: We've fixed an issue where lambda parameters represented by _ were marked as unused.
  • PTC-W1006: We've fixed an issue where token = None was being flagged as sensitive data potentially getting exposed.

Ship clean and secure code.