chore(deps): update pre-commit repositories

[alma-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
commitizen-tools/commitizen	repository	patch	v3.29.0 -> v3.29.1
returntocorp/semgrep	repository	minor	v1.87.0 -> v1.91.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

commitizen-tools/commitizen (commitizen-tools/commitizen)

v3.29.1

Compare Source

Fix

• changelog: Factorized TAG_FORMAT_REGEXES
• changelog: Handle tag format without version pattern
• changelog: handle custom tag_format in changelog generation

Refactor

• Use format strings

returntocorp/semgrep (returntocorp/semgrep)

v1.91.0

Compare Source

1.91.0 - 2024-10-10

Added

• Type inference in the Pro engine has been improved for class fields in
  TypeScript that are assigned a new instance but lack an explicit type
  definition. When no explicit type is provided for a class field, its type is
  inferred from the type of the expression assigned to it. For example, in the
  class definition class Foo { private readonly bar = new Bar(); }, the type of
  bar is inferred to be Bar. (code-7635)
• Cargo.lock parser can now associate dependencies with lockfile line numbers (sc-1140)

Fixed

• Address python rich.errors.LiveError where attempting to display multiple progress bars
  raises an exception as flagged in #​10562. (grow-414)
• C: Fix a regression causing pattern -n to sometimes not match code -n. (saf-1592)
• When a scan runs into an exception, the app is appropriately notified
  about the failure. Previously, in the app, it would seem to the user
  that the scan is still in progress. (sms-502)

v1.90.0

Compare Source

1.90.0 - 2024-09-25

Added

• Expanded support for requirement lockfiles. Semgrep will now find any *requirement*.txt
  file and lockfiles in a requirements folder (**/requirements/*.txt). This functionality
  will be gated behind the --enable-experimental-requirements CLI flag. (sc-1752)

Changed

• Security update for code snippet storage & access methods. (gh-2038)

Fixed

• Errors that occur in semgrep scans with jobs > 1 will now have more detail (SAF-1628)
• Dockerfile matching: CMD $...ARGS now behaves like CMD ... and matches
  any CMD instruction that uses the array syntax such as CMD ["ls"]. This
  fix also applies to the other command-like instructions RUN
  and ENTRYPOINT. (gh-9726)
• Pro Engine: There is now improved type inference in Kotlin and Scala. Constructor invocations like
  Foo() will now be inferred properly to be of type Foo. (saf-1537)

v1.89.0

Compare Source

1.89.0 - 2024-09-19

Fixed

• Fix crash on certain SCA parse errors caused by an access to an unbound variable. (gh-2259)

v1.88.0

Compare Source

1.88.0 - 2024-09-18

Added

• The dataflow analysis in the Pro engine can now track method invocations on
  variables of an interface type, safely assuming that any implementation of the
  method can be called. For example, tainted input vulnerabilities in both
  implementation classes can now be detected in the following code:

  public interface MovieService {
    String vulnerableInjection(String input);
  }
  
  public class SimpleImpl implements MovieService {
    @​Override
    public String vulnerableInjection(String input) {
      return sink(input);
    }
  }
  
  public class MoreImpl implements MovieService {
    @​Override
    public String vulnerableInjection(String input) {
      return sink(input);
    }
  }
  
  public class AppController {
    private MovieService movieService;
  
    public String pwnTest(String taintedInput) {
      return movieService.vulnerableInjection(taintedInput);
    }
  }
  ``` (code-7435)

• Type inference for constructor parameter properties in TypeScript is now
  supported in the Pro engine. For example, the taint analysis can recognize that
  sampleFunction is defined in AbstractedService class in the following code:

  export class AppController {
      constructor(private readonly abstractedService: AbstractedService) {}
  
      async taintTest() {
          const src = source();
          await this.abstractedService.sampleFunction(src);
      }
  }
  ``` (code-7597)
  

Changed

• include the exit code that semgrep will emit in the fail-open payload prior to exiting with a failure. (gh-2033)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Benjamin-Freoua-Alma]

Need @alma/squad-devx validation 🙏

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

⏳E2E tests are currently running.
➡️ You can follow their progression here.

[github-actions]

❌ E2E tests have failed.
➡️ You can find the results here.

[Benjamin-Freoua-Alma]

Need @alma/squad-devx validation 🙏