mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Release preparation for version 2.8.2
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,5 @@
|
||||
## 0.0.11
|
||||
|
||||
## 0.0.10
|
||||
|
||||
## 0.0.9
|
||||
|
||||
1
javascript/ql/lib/change-notes/released/0.0.11.md
Normal file
1
javascript/ql/lib/change-notes/released/0.0.11.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.0.11
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.10
|
||||
lastReleaseVersion: 0.0.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.0.11-dev
|
||||
version: 0.0.11
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,25 @@
|
||||
## 0.0.11
|
||||
|
||||
### New Queries
|
||||
|
||||
* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
|
||||
that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
|
||||
The query is run by default.
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
|
||||
but these are now handled by two different queries:
|
||||
* `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
|
||||
`high` and is now shown by default (it was previously in the `security-extended` suite).
|
||||
* `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
|
||||
but simply flags a subset of what the old query did.
|
||||
This has precision `medium` and is part of the `security-extended` suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
|
||||
|
||||
## 0.0.10
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
|
||||
that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
|
||||
The query is run by default.
|
||||
@@ -1,6 +1,13 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
## 0.0.11
|
||||
|
||||
### New Queries
|
||||
|
||||
* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
|
||||
that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
|
||||
The query is run by default.
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
|
||||
but these are now handled by two different queries:
|
||||
* `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
|
||||
@@ -8,3 +15,7 @@ category: queryMetadata
|
||||
* `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
|
||||
but simply flags a subset of what the old query did.
|
||||
This has precision `medium` and is part of the `security-extended` suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.10
|
||||
lastReleaseVersion: 0.0.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.0.11-dev
|
||||
version: 0.0.11
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
Reference in New Issue
Block a user