Release notes
We're working hard to bring you new features, enhancements, and reliability to Pixee. But, we've made some changes to how we do releases, and aren't recording our release notes here anymore. We have left this here for posterity! We hope to bring our release notes back here soon.
April 19, 2024β
β‘οΈ Updated Pixeebot App Permissions
In order to propose changes to improve GitHub Actions workflows, we have requested additional GitHub application permissions. This change increases Pixeebot's access to read and write access to Workflows.
Existing users must update their app permissions and have received an email prompting them to do so. Please reach out to us with any questions!
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Users that have configured the Pixeebot + Sonar integration can now use
workflow_dispatch
as a workflow trigger. For more on using Pixeebot to fix Sonar findings, see documentation here - Refined data displayed on the Activity Dashboard. Additional information on the Pixeebot Activity Dashboard can be found here
π Bug Fixesβ
- Fixed a bug preventing repo activation and scan status from displaying correctly on the user platform
Codemodderβ
π Pythonβ
- Added detection and processing for external Semgrep SARIF files. This change enables Codemodder to detect Semgrep SARIF provided with the
--sarif
flag
βοΈ Javaβ
- Updated
verbose-request-mapping
codemod to remove unusedRequestMapping
imports after replacing them with shortcut variants. See codemod documentation here - Updated codemod metadata to provide additional context on which findings are associated with which fixes, and reasoning behind any unfixed findings
- Made improvements to codemods that handle parameterization to prevent unused variables from being included in code fixes
March 29, 2024β
π Pixee CLI Bitbucket Integration
You can now put Pixee to work on your Bitbucket repositories using the Pixee Bitbucket pipeline. This integration gives you access to Pixeeβs automated code hardening on the Bitbucket platform. Support for GitLab coming soon!
For more information, see documentation here
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Pixeebot now automatically fixes CodeQL and GitHub Advanced Security alerts. No setup required, Pixeebot will automatically work on findings after install. See documentation here, and a video walkthrough on our YouTube channel here
π Bug Fixesβ
- Fixed a bug that prevented available codemods from loading in the the Available table on the User Dashboard
- Resolved an issue that slowed the loading of analyses counts in the User Dashboard
Codemodderβ
π Pythonβ
- Updates to improve handling of
requirements.txt
files with-r
flags - Updated
enable-jinja2-autoescape
codemod to better handle cases where the contents ofΒ**kwargs
is unknown. See codemod documentation here
βοΈ Javaβ
- Updated
sql-parameterizer codemod
to fix additional cases. See codemod documentation here
March 15, 2024β
π οΈ Pixeebot Fixes Sonar Issues:
Pixeebot can now ingest your organizationβs Sonar findings and automatically provide PRs to remediate some of them, giving you back development time.
Installation is quick and easy. See documentation here
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Made enhancements to the platform to speed up feedback delivery
- Rolled out a new and improved User Dashboard. The User Dashboard on pixee.ai has been updated for easier management of Pixeebot installations and issues across all repositories. Learn more in this blog post
π Bug Fixesβ
- Various bug fixes
Codemodderβ
π Pythonβ
- Updated
fix-deprecated-abstractproperty
codemod to account forstaticmethod
andclassmethod
deprecated properties. See codemod documentation here - Updated platform to handle the new CodeTF Β
detectionTool
Β field to ensure consistent presentation for third party tool remediation results.
βοΈ Javaβ
- Updated
switch-literal-first
codemod to account for previous null checks. See codemod documentation here - Updated
harden-process-creation
codemod to ensure that it is not executed when the parameters received are only constant variables or hardcoded values. See codemod documentation here
March 1, 2024β
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Implemented changes to optimize codemod performance
π Bug Fixesβ
- Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue
Codemodderβ
π Pythonβ
- New codemod:
str-concat-in-sequence-literals
fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation here - New codemod:
fix-async-task-instantiation
replaces manual instantiation of aTask
with acreate_task
call per the asyncio documentation. See codemod documentation here
βοΈ Javaβ
- Fixed a hang issue that caused stalls in code analysis
February 22, 2024β
π Now Supporting Signed Commits:
Commits containing Pixeebot's fixes are now signed for enhanced security, and compliance.
All Pixeebot commits will show a green verified badge you can use to verify authenticity, and review detailed information on the verified signature.
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Implemented a change to the installation flow so that more repositories skip the waitlist
- Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results
π Bug Fixesβ
- Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers
Codemodderβ
π Pythonβ
- Updated
requests-verify
codemod to support the httpx library. See codemod documentation here - Updated
fix-file-resource-leak
codemod for better handling of indent blocks containing multiple open statements. See codemod documentation here
βοΈ Javaβ
- New codemod:
overrides-match-synchronization
adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring proper synchronization. This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation here - Updated
define-constant-for-duplicate-literal
codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation here
January 26, 2024β
π Introducing the Activity Dashboard:
This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebotβs functionality within your repository. Use the Activity dashboard to:
- Easily manage the open pull requests Pixeebot has created for you
- Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them
- Review the work that Pixeebot has already completed in your repository
The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. See Activity dashboard documentation here.
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Released performance improvement for navigating between pages on the user dashboard.
π Bug Fixesβ
- Resolved a bug that occurred when users requested a continuous improvement changes using
@pixeebot next
, Pixeebot would analyze the userβs repository twice and potentially send two PRs.
Codemodderβ
π Pythonβ
security
package updates and release- New codemod:
combine-startswith-endswith
Simplifies boolean expressions used with thestartswith
andendswith
methods ofstr
objects. A lot of code uses boolean expressions such asx.startswith('foo')
orx.startswith('bar')
, which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions withx.startswith(('foo', 'bar))
for cleaner, more concise code. See codemod documentation here - New codemod:
fix-deprecated-logging-warn
Updates usage of theΒwarn
Β method fromΒlogging
(which has beenΒ deprecatedΒ since Python 3.3) in favor ofΒwarning
. See codemod documentation here - New codemod:
flask-enable-csrf-protection
Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation here - New codemod:
remove-debug-breakpoint
removes any calls tobreakpoint()
orpdb.set_trace()
which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation here. - New codemod:
replace-flask-send-fil
e Introduces protections against path traversal attacks when using theFlask
send_file
function. This codemod uses Flasksβsflask.send_from_directory
function for input path validation. See codemod documentation here - New codemod:
use-set-literal
Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions likeΒset([1, 2, 3])
Β toΒ{1, 2, 3}
, enhancing both performance and code clarity. See codemod documentation here
βοΈ Javaβ
- Added short-circuiting to improve performance of composed codemods
- New codemod:
sonar:java/remove-unused-private-method
removes unusedΒprivate
Β methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation here - New codemod:
sonar:java/declare-variable-on-separate-line
splits variable assignments onto their own lines.Β Many sources believe it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation here
December 29, 2023β
π Introducing the Pixee CLI:
You can now access Pixeeβs automated code hardening functionalities from the command line! The Pixee CLI gives you the ability to run Java and Python codemods and apply recommended code changes locally, in your own development environment.
We built this to give developers the ability to see and apply the types of changes Pixee recommends, before installing Pixeebot on their GitHub repositories. See Pixee CLI documentation here
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Checks API Integration: We have integrated Pixeebot with the GitHub Checks API to enhance Pixeebotβs pull request hardening feature. This integration provides real-time status updates on Pixeebotβs analysis of your pull requests. See documentation here
- Styling updates to the user platform, including skeleton tables for loading and improvements to color consistency
- Enhancement to improve load time performance on the installations page
π Bug Fixesβ
- Fixed bugs related to activation and commit status data to ensure both statuses are displayed correctly on the user platform
- Resolved a bug that caused duplicate pull requests to be opened for Pixeebot recommendations
Codemodderβ
π Pythonβ
- New codemod:
add-requests-timeout
adds a timeout to requests made using the requests package. These requests do not timeout by default, which is potentially unsafe as it can cause an application to hang indefinitely. See codemod documentation here - New codemod:
remove-future-imports
removes all__future__
Β imports often found in older codebases for forward compatibility with features. While harmless, they are also unnecessary. And in most cases, you probably just forgot to remove them. See codemod documentation here - New codemod:
flask-json-response-type
correctly sets content-type header for Flask JSON responses. This can prevent Cross-site-scripting (XSS) attacks) See codemod documentation here - New codemod:
exception-without-raise
fixes cases where an exception is referenced by itself in a statement without being raised. This most likely indicates a bug: you probably meant to actually raise the exception. See codemod documentation here - Enhanced pull request descriptions for Python codemods that add new dependencies. When a codemod fails to add a dependency, these enhancements provide additional context as to why
βοΈ Javaβ
- New codemod:
sonar:java/remove-commented-code
eliminates commented-out code that may impede readability and distract focus. (for Sonar) See codemod documentation here - New codemod:
sonar:java/replace-stream-collectors-to-list
modernizes a stream'sΒList
Β creation to be driven from the simple, and more readableΒStream#toList()
Β method. (for Sonar) See codemod documentationΒ here - New codemod:
sonar:java/remove-useless-parentheses
removes redundant parentheses that make it harder to understand code. (for Sonar) See codemod documentation here - New codemod:
sonar:java/remove-unused-local-variable
removes unused variables that make code harder to read, leading to confusion and bugs. This codemod only removes variables that have no state-changing effects. (for Sonar) See codemod documentationΒ here
December 12, 2023β
This entry covers updates and enhancements implemented in October and November. These changes reflect our system's ongoing evolution, improvements, and new features.
β‘οΈ Updated Pixeebot app permissions: To give users feedback in real time about Pixeebot Analysis, we have requested additional Github Application Permissions. This change increases Pixeebot's access to Checks from read-only to read and write. Existing users must update their app permissions and have received an email prompting them to do so. Please reach out to us with any questions!
Pixeebot App + Platformβ
π New Features & Enhancementsβ
- Enhanced first-time user modal and replaced with welcome toast
- Improved consistency in dashboard with styling updates and modifications
- Improved reliability of Codemod orchestration platform
π Bug Fixesβ
- Addressed intermittent issues with authentication tokens invalidating user sessions
Codemodderβ
π Pythonβ
General support for Python is live! Some updates that made Python support possible:
- New codemod:
fix-file-resource-leak
auto closes file object to prevent resource leaks and possible Denial-of-Service (DoS) attacks. See codemod documentation here - New codemod:
django-json-response-type
correctly sets content-type header for Django JSON responses. This can prevent Cross-site-scripting (XSS) attacks (a Flask equivalent is on the way!) See codemod documentation here - New codemod:
numpy-nan-equality
replaces erroneous equality check for numpy NaN (a == numpy.nan
) with the correct check (numpy.isnan(a)
) See codemod documentation here - Codemod enhancement: support for f-strings in
sql-parameterization
codemod - Codemod enhancement: added support for
aiohttp_jinja2
inenable-jinja2-autoescape
codemod - Streamlined dependency management by:
- Introducing error handling to improve parsing reliability for
pyproject.toml
- Integrating a
setup.py
writer functionality - Enabling the Python repo manager with a basic heuristic for dependency location selection
- Introducing error handling to improve parsing reliability for
βοΈ Javaβ
- New codemod: used for setting a private constructor to hide implicit public constructor (for Sonar)
- New codemod: replaces
@Controller
with@RestController
and removes@ResponseBody
annotations (for Sonar) - New codemod: removes redundant variable creation (for Sonar)
- New codemod: enforces the appropriate parsing technique for converting Strings to primitive types in the codebase (for Sonar)
- New codemod: substitutesΒ
String#replaceAll()
forString#replace()
where appropriate (for Sonar)
October 13, 2023β
π New Features & Enhancementsβ
- More Python codemods are out! 15+ and counting...
- Python now supports PR Hardening mode
π Bug Fixesβ
- Temporary fix for repository enrollment issues
October 6, 2023β
π New Features & Enhancementsβ
- πPython Alpha: Python support is here! All repos will be waitlisted automatically, but if youβd like to give it a try, use a fork or clone of Pygoat
- Light Mode: We heard you. Introducing a sleek Light Mode
- Java Security Toolkit now supports Java modules
π Bug Fixesβ
pom.xml
Formatting: Fixed formatting issues@pixeebot next
behavior: Fixed occurrences where this option was being shown erroneously or duplicating PRs
September 29, 2023β
π New Features & Enhancementsβ
- β¨AI PR Comments are here: We're excited to announce that AI enrichment of Pixeebot PRs is now live! This powerful feature enhances your PRs with insights & comments that are specific to your code. Goodbye uninspiring comments
- Codemodder Orchestrator: Weβre ready to scale! The underlying infrastructure has been completely revamped to improve scalability, performance, reliability, and security
- Java is Generally Available! Your Java repos will no longer be waitlisted
π Bug Fixesβ
- GitHub Comment Errors: We've resolved the issue where 422 errors were encountered while leaving comments on GitHub. You can now interact seamlessly without errors
September 22, 2023β
π New Features & Enhancementsβ
- Added some examples to
codemodder-java
project for more examples of the types of codemods one can make - We found a CVE in Node.js! Read about it here: https://blog.pixee.ai/breaking-down-the-nodejs-sandbox-bypass-cve-2023-30587
π Bug Fixesβ
- Various bug fixes
September 15, 2023β
π New Features & Enhancementsβ
- Improved platform reliability with better reporting and cloud configuration
- Various performance improvements
- π€ Launched our blog at blog.pixee.ai
September 8, 2023β
π New Features & Enhancementsβ
- Message Updates for Pixeebot: Smarter choices when there are no PR enhancements, plus clearer messaging. Enjoy
- Various performance improvements
π Bug Fixesβ
- Various stability improvements
September 1, 2023β
π New Features & Enhancementsβ
- User Dashboard Upgrade: New look, feel, and onboarding experience for Pixeebot users
- Accelerated Waitlist: Weβre letting more Java repositories in. If your Java repo is still waitlisted, please be patient; itβll get in soon!
- Various performance improvements
π Bug Fixesβ
- Codemodder-java: A bug preventing files outside of src/main/java from being hardened has been resolved
- Docs page for SQL parameterization codemod has been updated to eliminate any confusion
August 22, 2023 - Public Betaβ
Hello World! This is our first public release. We're ecstatic to announce that Pixeebot for Java on GitHub is here. This release includes:
- Continuous improvement that automatically runs a weekly analysis on your entire repo for any hardening opportunities
- Pull requests every time you submit code to provide automated hardening recommendations
- Personal user dashboard to provide a high level overview of all your repos and Pixeebot-generated PRs
- The ability to summon Pixeebot anytime with the
@pixeebot next
command in a GitHub comment - Detailed storytelling to provide crystal clear explanations for recommended changes
- 35+ codemods and counting to provide critical hardening with high confidence
- Our published open source Codemodder framework - the foundation for the codemods
- An open source Java security toolkit library containing best practices for Java code security
- Configurability of basic settings, as requested by Alpha users
- Simple installation in just 2 steps via GitHub