build: updated project to include semgrep as an experimental dependency

Makefile

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 # Use bash as the shell when executing a rule's recipe. For more details:
@@ -200,7 +200,7 @@ upgrade: .venv/upgraded-on
 .venv/upgraded-on: pyproject.toml
 	python -m pip install --upgrade pip
 	python -m pip install --upgrade wheel
-	python -m pip install --upgrade --upgrade-strategy eager --editable .[actions,dev,docs,hooks,test,test-docker]
+	python -m pip install --upgrade --upgrade-strategy eager --editable .[actions,dev,docs,hooks,test,test-docker,experimental]
 	$(MAKE) upgrade-quiet
 force-upgrade:
 	rm -f .venv/upgraded-on

pyproject.toml

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 # https://flit.pypa.io/en/latest/pyproject_toml.html
@@ -105,6 +105,10 @@ test-docker = [
     "ruamel.yaml >=0.18.6,<1.0.0",
 ]
 
+experimental = [
+    "semgrep == 1.102.0",
+]
+
 [project.urls]
 Homepage = "https://github.com/oracle/macaron"
 Changelog = "https://github.com/oracle/macaron/blob/main/CHANGELOG.md"

src/macaron/config/defaults.ini

@@ -596,5 +596,5 @@ epoch_threshold = 3
 day_publish_error = 4
 
 # yaml configuration file containing suspicious patterns. Can be full path or relative to
-# folder where macaron is installed
+# folder where macaron is installed. This will be normalised to the OS path type.
 suspicious_patterns_file = src/macaron/malware_analyzer/pypi_heuristics/sourcecode/suspicious_patterns.yaml