Skip to main content

Release notes

We're working hard to bring you new features, enhancements, and reliability to Pixee. But, we've made some changes to how we do releases, and aren't recording our release notes here anymore. We have left this here for posterity! We hope to bring our release notes back here soon.

April 19, 2024​

⚑️ Updated Pixeebot App Permissions

In order to propose changes to improve GitHub Actions workflows, we have requested additional GitHub application permissions. This change increases Pixeebot's access to read and write access to Workflows.

Existing users must update their app permissions and have received an email prompting them to do so. Please reach out to us with any questions!

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Users that have configured the Pixeebot + Sonar integration can now use workflow_dispatch as a workflow trigger. For more on using Pixeebot to fix Sonar findings, see documentation here
  • Refined data displayed on the Activity Dashboard. Additional information on the Pixeebot Activity Dashboard can be found here

πŸ› Bug Fixes​

  • Fixed a bug preventing repo activation and scan status from displaying correctly on the user platform

Codemodder​

🐍 Python​

  • Added detection and processing for external Semgrep SARIF files. This change enables Codemodder to detect Semgrep SARIF provided with the --sarif flag

β˜•οΈ Java​

  • Updated verbose-request-mapping codemod to remove unused RequestMapping imports after replacing them with shortcut variants. See codemod documentation here
  • Updated codemod metadata to provide additional context on which findings are associated with which fixes, and reasoning behind any unfixed findings
  • Made improvements to codemods that handle parameterization to prevent unused variables from being included in code fixes

March 29, 2024​

πŸ”— Pixee CLI Bitbucket Integration

You can now put Pixee to work on your Bitbucket repositories using the Pixee Bitbucket pipeline. This integration gives you access to Pixee’s automated code hardening on the Bitbucket platform. Support for GitLab coming soon!

For more information, see documentation here

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Pixeebot now automatically fixes CodeQL and GitHub Advanced Security alerts. No setup required, Pixeebot will automatically work on findings after install. See documentation here, and a video walkthrough on our YouTube channel here

πŸ› Bug Fixes​

  • Fixed a bug that prevented available codemods from loading in the the Available table on the User Dashboard
  • Resolved an issue that slowed the loading of analyses counts in the User Dashboard

Codemodder​

🐍 Python​

  • Updates to improve handling of requirements.txt files with -r flags
  • Updated enable-jinja2-autoescape codemod to better handle cases where the contents ofΒ **kwargs is unknown. See codemod documentation here

β˜•οΈ Java​

  • Updated sql-parameterizer codemod to fix additional cases. See codemod documentation here

March 15, 2024​

πŸ› οΈ Pixeebot Fixes Sonar Issues:

Pixeebot can now ingest your organization’s Sonar findings and automatically provide PRs to remediate some of them, giving you back development time.

Installation is quick and easy. See documentation here

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Made enhancements to the platform to speed up feedback delivery
  • Rolled out a new and improved User Dashboard. The User Dashboard on pixee.ai has been updated for easier management of Pixeebot installations and issues across all repositories. Learn more in this blog post

πŸ› Bug Fixes​

  • Various bug fixes

Codemodder​

🐍 Python​

  • Updated fix-deprecated-abstractproperty codemod to account for staticmethod and classmethod deprecated properties. See codemod documentation here
  • Updated platform to handle the new CodeTF Β detectionToolΒ field to ensure consistent presentation for third party tool remediation results.

β˜•οΈ Java​

  • Updated switch-literal-first codemod to account for previous null checks. See codemod documentation here
  • Updated harden-process-creation codemod to ensure that it is not executed when the parameters received are only constant variables or hardcoded values. See codemod documentation here

March 1, 2024​

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Implemented changes to optimize codemod performance

πŸ› Bug Fixes​

  • Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue

Codemodder​

🐍 Python​

  • New codemod: str-concat-in-sequence-literals fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation here
  • New codemod: fix-async-task-instantiation replaces manual instantiation of a Task with a create_task call per the asyncio documentation. See codemod documentation here

β˜•οΈ Java​

  • Fixed a hang issue that caused stalls in code analysis

February 22, 2024​

πŸ” Now Supporting Signed Commits:

Commits containing Pixeebot's fixes are now signed for enhanced security, and compliance.

All Pixeebot commits will show a green verified badge you can use to verify authenticity, and review detailed information on the verified signature.

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Implemented a change to the installation flow so that more repositories skip the waitlist
  • Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results

πŸ› Bug Fixes​

  • Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers

Codemodder​

🐍 Python​

  • Updated requests-verify codemod to support the httpx library. See codemod documentation here
  • Updated fix-file-resource-leak codemod for better handling of indent blocks containing multiple open statements. See codemod documentation here

β˜•οΈ Java​

  • New codemod: overrides-match-synchronization adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring proper synchronization. This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation here
  • Updated define-constant-for-duplicate-literal codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation here

January 26, 2024​

🌟 Introducing the Activity Dashboard:

This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebot’s functionality within your repository. Use the Activity dashboard to:

  • Easily manage the open pull requests Pixeebot has created for you
  • Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them
  • Review the work that Pixeebot has already completed in your repository

The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. See Activity dashboard documentation here.

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Released performance improvement for navigating between pages on the user dashboard.

πŸ› Bug Fixes​

  • Resolved a bug that occurred when users requested a continuous improvement changes using @pixeebot next, Pixeebot would analyze the user’s repository twice and potentially send two PRs.

Codemodder​

🐍 Python​

  • security package updates and release
  • New codemod: combine-startswith-endswith Simplifies boolean expressions used with the startswith and endswith methods of str objects. A lot of code uses boolean expressions such as x.startswith('foo') or x.startswith('bar') , which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions with x.startswith(('foo', 'bar)) for cleaner, more concise code. See codemod documentation here
  • New codemod: fix-deprecated-logging-warn Updates usage of theΒ warnΒ method fromΒ logging (which has beenΒ deprecatedΒ since Python 3.3) in favor ofΒ warning. See codemod documentation here
  • New codemod: flask-enable-csrf-protection Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation here
  • New codemod: remove-debug-breakpoint removes any calls to breakpoint() or pdb.set_trace() which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation here.
  • New codemod: replace-flask-send-file Introduces protections against path traversal attacks when using the Flask send_file function. This codemod uses Flasks’s flask.send_from_directory function for input path validation. See codemod documentation here
  • New codemod: use-set-literal Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions likeΒ set([1, 2, 3])Β toΒ {1, 2, 3}, enhancing both performance and code clarity. See codemod documentation here

β˜•οΈ Java​

  • Added short-circuiting to improve performance of composed codemods
  • New codemod: sonar:java/remove-unused-private-method removes unusedΒ privateΒ methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation here
  • New codemod: sonar:java/declare-variable-on-separate-line splits variable assignments onto their own lines.Β Many sources believe it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation here

December 29, 2023​

πŸŽ‰ Introducing the Pixee CLI:

You can now access Pixee’s automated code hardening functionalities from the command line! The Pixee CLI gives you the ability to run Java and Python codemods and apply recommended code changes locally, in your own development environment.

We built this to give developers the ability to see and apply the types of changes Pixee recommends, before installing Pixeebot on their GitHub repositories. See Pixee CLI documentation here

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Checks API Integration: We have integrated Pixeebot with the GitHub Checks API to enhance Pixeebot’s pull request hardening feature. This integration provides real-time status updates on Pixeebot’s analysis of your pull requests. See documentation here
  • Styling updates to the user platform, including skeleton tables for loading and improvements to color consistency
  • Enhancement to improve load time performance on the installations page

πŸ› Bug Fixes​

  • Fixed bugs related to activation and commit status data to ensure both statuses are displayed correctly on the user platform
  • Resolved a bug that caused duplicate pull requests to be opened for Pixeebot recommendations

Codemodder​

🐍 Python​

  • New codemod: add-requests-timeout adds a timeout to requests made using the requests package. These requests do not timeout by default, which is potentially unsafe as it can cause an application to hang indefinitely. See codemod documentation here
  • New codemod: remove-future-imports removes all __future__Β imports often found in older codebases for forward compatibility with features. While harmless, they are also unnecessary. And in most cases, you probably just forgot to remove them. See codemod documentation here
  • New codemod: flask-json-response-type correctly sets content-type header for Flask JSON responses. This can prevent Cross-site-scripting (XSS) attacks) See codemod documentation here
  • New codemod: exception-without-raise fixes cases where an exception is referenced by itself in a statement without being raised. This most likely indicates a bug: you probably meant to actually raise the exception. See codemod documentation here
  • Enhanced pull request descriptions for Python codemods that add new dependencies. When a codemod fails to add a dependency, these enhancements provide additional context as to why

β˜•οΈ Java​

  • New codemod: sonar:java/remove-commented-code eliminates commented-out code that may impede readability and distract focus. (for Sonar) See codemod documentation here
  • New codemod: sonar:java/replace-stream-collectors-to-list modernizes a stream'sΒ ListΒ creation to be driven from the simple, and more readableΒ Stream#toList()Β method. (for Sonar) See codemod documentationΒ here
  • New codemod: sonar:java/remove-useless-parentheses removes redundant parentheses that make it harder to understand code. (for Sonar) See codemod documentation here
  • New codemod: sonar:java/remove-unused-local-variable removes unused variables that make code harder to read, leading to confusion and bugs. This codemod only removes variables that have no state-changing effects. (for Sonar) See codemod documentationΒ here

December 12, 2023​

This entry covers updates and enhancements implemented in October and November. These changes reflect our system's ongoing evolution, improvements, and new features.

⚑️ Updated Pixeebot app permissions: To give users feedback in real time about Pixeebot Analysis, we have requested additional Github Application Permissions. This change increases Pixeebot's access to Checks from read-only to read and write. Existing users must update their app permissions and have received an email prompting them to do so. Please reach out to us with any questions!

Pixeebot App + Platform​

πŸš€ New Features & Enhancements​

  • Enhanced first-time user modal and replaced with welcome toast
  • Improved consistency in dashboard with styling updates and modifications
  • Improved reliability of Codemod orchestration platform

πŸ› Bug Fixes​

  • Addressed intermittent issues with authentication tokens invalidating user sessions

Codemodder​

🐍 Python​

General support for Python is live! Some updates that made Python support possible:

  • New codemod: fix-file-resource-leak auto closes file object to prevent resource leaks and possible Denial-of-Service (DoS) attacks. See codemod documentation here
  • New codemod: django-json-response-type correctly sets content-type header for Django JSON responses. This can prevent Cross-site-scripting (XSS) attacks (a Flask equivalent is on the way!) See codemod documentation here
  • New codemod: numpy-nan-equality replaces erroneous equality check for numpy NaN (a == numpy.nan) with the correct check (numpy.isnan(a)) See codemod documentation here
  • Codemod enhancement: support for f-strings in sql-parameterization codemod
  • Codemod enhancement: added support for aiohttp_jinja2 in enable-jinja2-autoescape codemod
  • Streamlined dependency management by:
    • Introducing error handling to improve parsing reliability for pyproject.toml
    • Integrating a setup.py writer functionality
    • Enabling the Python repo manager with a basic heuristic for dependency location selection

β˜•οΈ Java​

  • New codemod: used for setting a private constructor to hide implicit public constructor (for Sonar)
  • New codemod: replaces @Controller with @RestController and removes @ResponseBody annotations (for Sonar)
  • New codemod: removes redundant variable creation (for Sonar)
  • New codemod: enforces the appropriate parsing technique for converting Strings to primitive types in the codebase (for Sonar)
  • New codemod: substitutesΒ String#replaceAll() for String#replace() where appropriate (for Sonar)

October 13, 2023​

πŸš€ New Features & Enhancements​

  • More Python codemods are out! 15+ and counting...
  • Python now supports PR Hardening mode

πŸ› Bug Fixes​

  • Temporary fix for repository enrollment issues

October 6, 2023​

πŸš€ New Features & Enhancements​

  • 🐍Python Alpha: Python support is here! All repos will be waitlisted automatically, but if you’d like to give it a try, use a fork or clone of Pygoat
  • Light Mode: We heard you. Introducing a sleek Light Mode
  • Java Security Toolkit now supports Java modules

πŸ› Bug Fixes​

  • pom.xml Formatting: Fixed formatting issues
  • @pixeebot next behavior: Fixed occurrences where this option was being shown erroneously or duplicating PRs

September 29, 2023​

πŸš€ New Features & Enhancements​

  • ✨AI PR Comments are here: We're excited to announce that AI enrichment of Pixeebot PRs is now live! This powerful feature enhances your PRs with insights & comments that are specific to your code. Goodbye uninspiring comments
  • Codemodder Orchestrator: We’re ready to scale! The underlying infrastructure has been completely revamped to improve scalability, performance, reliability, and security
  • Java is Generally Available! Your Java repos will no longer be waitlisted

πŸ› Bug Fixes​

  • GitHub Comment Errors: We've resolved the issue where 422 errors were encountered while leaving comments on GitHub. You can now interact seamlessly without errors

September 22, 2023​

πŸš€ New Features & Enhancements​

πŸ› Bug Fixes​

  • Various bug fixes

September 15, 2023​

πŸš€ New Features & Enhancements​

  • Improved platform reliability with better reporting and cloud configuration
  • Various performance improvements
  • 🎀 Launched our blog at blog.pixee.ai

September 8, 2023​

πŸš€ New Features & Enhancements​

  • Message Updates for Pixeebot: Smarter choices when there are no PR enhancements, plus clearer messaging. Enjoy
  • Various performance improvements

πŸ› Bug Fixes​

  • Various stability improvements

September 1, 2023​

πŸš€ New Features & Enhancements​

  • User Dashboard Upgrade: New look, feel, and onboarding experience for Pixeebot users
  • Accelerated Waitlist: We’re letting more Java repositories in. If your Java repo is still waitlisted, please be patient; it’ll get in soon!
  • Various performance improvements

πŸ› Bug Fixes​

  • Codemodder-java: A bug preventing files outside of src/main/java from being hardened has been resolved
  • Docs page for SQL parameterization codemod has been updated to eliminate any confusion

August 22, 2023 - Public Beta​

Hello World! This is our first public release. We're ecstatic to announce that Pixeebot for Java on GitHub is here. This release includes:

  • Continuous improvement that automatically runs a weekly analysis on your entire repo for any hardening opportunities
  • Pull requests every time you submit code to provide automated hardening recommendations
  • Personal user dashboard to provide a high level overview of all your repos and Pixeebot-generated PRs
  • The ability to summon Pixeebot anytime with the @pixeebot next command in a GitHub comment
  • Detailed storytelling to provide crystal clear explanations for recommended changes
  • 35+ codemods and counting to provide critical hardening with high confidence
  • Our published open source Codemodder framework - the foundation for the codemods
  • An open source Java security toolkit library containing best practices for Java code security
  • Configurability of basic settings, as requested by Alpha users
  • Simple installation in just 2 steps via GitHub