chore(deps): update dependency semgrep to v1.114.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
semgrep	1.111.0 -> 1.114.0

---

Release Notes

returntocorp/semgrep (semgrep)

v1.114.0

Compare Source

Fixed

• Pro Engine now more accurately tracks the scope of Python local variables. For
  example, the following code defines two z variables that should be tracked
  separately.

  z = 1
  
  def foo():
      z = 2
      a = z
  

  The Pro engine now correctly recognizes that the z assigned to a is the one
  defined in the local scope, not the global scope. (code-8114)

v1.113.0

Compare Source

Fixed

• Semgrep will no longer fail a diff scan if there is a relative safe directory (saf-1851)

v1.112.0

Compare Source

Added

• TypeScript parser now allows ellipses in class bodies. For example, you can
  write the pattern like:
  class $C {
  ...
  $FUNC() { ... }
  ...
  }
  ``` (code-8242)
• Semgrep will now present more detailed info when a scan is complete, such as what percent of lines were scanned. It is also formatted in a new manner (saf-details)
• Verbose output will now print additional info about parsing and internal semgrep errors, such as what % of lines were skipped, and the lines they occured on (saf-verbose)

Fixed

• pro: Fixed bug in (experimental) "at-exit" sinks feature that would prevent
  the identification of a statement like return foo() as one such sink. (code-8199)
• FIX: --gitlab-secrets output has been updated to conform to GitLab JSON schema (scrt-849)
• The behavior of --semgrepignore-v2 changed to be closer to the legacy
  Semgrepignore v1. .gitignore files are no longer loaded automatically
  as part of the Semgrepignore v2 exclusion mechanism.
  Loading a .gitignore file must be done
  by placing :include .gitignore in the .semgrepignore file
  as was the case with Semgrepignore v1. (semgrepignore-v1-compat)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ API	spectral	1		0	0	1.66s
⚠️ BASH	bash-exec	6		1	0	0.01s
✅ BASH	shellcheck	6		0	0	0.16s
✅ BASH	shfmt	6	0	0	0	0.48s
✅ COPYPASTE	jscpd	yes		no	no	2.94s
✅ DOCKERFILE	hadolint	129		0	0	29.17s
✅ JSON	jsonlint	20		0	0	0.21s
✅ JSON	v8r	22		0	0	15.16s
⚠️ MARKDOWN	markdownlint	267	0	302	0	21.91s
✅ MARKDOWN	markdown-table-formatter	267	0	0	0	172.72s
⚠️ PYTHON	bandit	215		66	0	3.12s
✅ PYTHON	black	215	0	0	0	4.27s
✅ PYTHON	flake8	215		0	0	1.93s
✅ PYTHON	isort	215	0	0	0	0.98s
✅ PYTHON	mypy	215		0	0	10.8s
✅ PYTHON	pylint	215		0	0	23.85s
✅ PYTHON	ruff	215	0	0	0	0.5s
✅ REPOSITORY	checkov	yes		no	no	34.39s
✅ REPOSITORY	git_diff	yes		no	no	0.35s
⚠️ REPOSITORY	grype	yes		28	no	31.5s
✅ REPOSITORY	secretlint	yes		no	no	8.96s
✅ REPOSITORY	syft	yes		no	no	1.72s
✅ REPOSITORY	trivy	yes		no	no	14.66s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.69s
⚠️ REPOSITORY	trufflehog	yes		1	no	56.32s
✅ SPELL	cspell	718		0	0	12.37s
⚠️ SPELL	lychee	349		30	0	38.89s
✅ XML	xmllint	3	0	0	0	0.7s
✅ YAML	prettier	160	0	0	0	3.44s
✅ YAML	v8r	103		0	0	22.91s
✅ YAML	yamllint	161		0	0	3.02s

See detailed report in MegaLinter reports