TCE-1547: Bump Opengrep version to 1.23.0#28
Conversation
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request updates the tool version in .tool_version from 1.21.0 to 1.23.0. There are no review comments, and I have no feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Pull request overview
Bumps the pinned Opengrep tool version used by this repository by updating the .tool_version file, aligning the project’s tooling with Opengrep 1.23.0.
Changes:
- Updated
.tool_versionfrom1.21.0to1.23.0.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
The proposed changes are up to standards according to quality analysis. However, there are significant gaps in the verification of acceptance criteria. There is no evidence that integration tests were performed with the new tool version, nor that the documentation generator output was validated. These automated checks are essential to ensure compatibility and prevent regressions following the version bump.
Test suggestions
- Execute plugin integration tests (codacy-plugins-test) with the new tool version
- Run DocGenerator and verify output matches existing documentation
- Run Trivy vulnerability scan on the built image
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Execute plugin integration tests (codacy-plugins-test) with the new tool version
2. Run DocGenerator and verify output matches existing documentation
3. Run Trivy vulnerability scan on the built image
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
The Dockerfile ARG OPENGREP_VERSION controls which opengrep binary is downloaded at build time, but was still pinned to v1.21.0 while .tool_version was already bumped to 1.23.0. Align it to v1.23.0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Follow-up: completed Dockerfile bump + validationWhile running the codacy-tools validation checklist I noticed the Opengrep version bump was incomplete: Validation resultsDoc generation ( Integration test ( Trivy ( |
Summary
Bumps the Opengrep tool version from
1.21.0to1.23.0in.tool_version.Changes
.tool_versionto1.23.0.go run ./cmd/docgen) per the README "Generate Docs" instructions. The opengrep-rulesreleasebranch no longer exists (the repo now usesmain), and the rules commit pinned ininternal/docgen/parsing.go(f1d2b562...) already matches the currentmainHEAD, so the generated docs produced no diff.Validation
Trivy (
trivy fs --exit-code 0 --severity HIGH,CRITICAL .)Pre-existing HIGH/CRITICAL findings in transitive Go dependencies (
golang.org/x/crypto,golang.org/x/net). Unrelated to this change, which only updates a version string — no new vulnerabilities introduced.Docs generation
Ran
go run ./cmd/docgen— completed successfully, no doc changes.Integration tests (codacy-plugins-test)
Built the image with the new version and ran
codacy-plugins-test multiple opengrep— All tests passed! (codacy-rules, language-support, sql, java, javascript, gitlab-rules, ai, i18n, exotic, default-patterns, etc.).🤖 Generated with Claude Code