hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into max-schaefer/improve-command-injection-qhelp

Browse Source
This commit is contained in:
Max Schaefer
2023-07-13 12:11:15 +01:00
committed by GitHub
parent ae237247f2 60af9b062c
commit b8eb2ef8d8
542 changed files with 13211 additions and 2416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 0.7.0
### Bug Fixes
* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`js/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
## 0.6.4
No user-facing changes.
## 0.6.3
### Minor Analysis Improvements

5
javascript/ql/src/change-notes/2023-07-10-path-join-spread.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* The `fs/promises` package is now recognised as an alias for `require('fs').promises`.
* The `js/path-injection` query can now track taint through calls to `path.join()` with a spread argument, such as `path.join(baseDir, ...args)`.

3
javascript/ql/src/change-notes/released/0.6.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.4
No user-facing changes.

7
javascript/ql/src/change-notes/2023-06-16-zipslip-rename.md → javascript/ql/src/change-notes/released/0.7.0.md
View File

@@ -1,4 +1,5 @@
---
category: fix
---
## 0.7.0
### Bug Fixes
* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`js/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.3
lastReleaseVersion: 0.7.0

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 0.6.4-dev
version: 0.7.1-dev
groups:
- javascript
- queries