Release preparation for version 2.13.3

2026-04-25 16:55:19 +02:00 · 2023-05-22 20:47:00 +00:00
parent a319fc0044
commit 7aa23cf11d
116 changed files with 347 additions and 159 deletions
--- a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md
+++ b/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
-  SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
--- a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md
+++ b/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
-  when it is used with an unsafe schema.
--- a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md
+++ b/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md
@@ -1,5 +0,0 @@
---
-category: fix
---
-* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
-  Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
--- a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md
+++ b/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md
@@ -1,5 +0,0 @@
---
-category: majorAnalysis
---
-* Added taint sources from the `@actions/core` and `@actions/github` packages.
-* Added command-injection sinks from the `@actions/exec` package.
--- a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md
+++ b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string.
--- a/javascript/ql/src/change-notes/released/0.6.2.md
+++ b/javascript/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,19 @@
+## 0.6.2
+
+### Major Analysis Improvements
+
+* Added taint sources from the `@actions/core` and `@actions/github` packages.
+* Added command-injection sinks from the `@actions/exec` package.
+
+### Minor Analysis Improvements
+
+* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string.
+* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
+  when it is used with an unsafe schema.
+* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
+  SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
+
+### Bug Fixes
+
+* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
+  Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.