upgrade query to detect redash CVE too

2025-12-24 12:46:34 +01:00 · 2023-06-30 22:14:50 +10:00
parent 7a17b99c17
commit 816799c4ba
436 changed files with 13346 additions and 1089 deletions
--- a/javascript/ql/lib/change-notes/released/0.6.3.md
+++ b/javascript/ql/lib/change-notes/released/0.6.3.md
@@ -0,0 +1,19 @@
+## 0.6.3
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.1.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`.
+* Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`.
+* Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead.
+* Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead.
+* Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead.
+* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
+* Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
+  * `command-line-injection` to `command-injection`
+  * `credentials[kind]` to `credentials-kind`
+* Added a support of sub modules in `node_modules`.