Merge branch 'github:main' into JS-Allow-Truncated-Hash-Forge-NonKeyCipher

2026-04-25 16:55:19 +02:00 · 2023-04-19 13:40:32 -04:00
parent 4f7275f064 7285704807
commit bda0ef3a75
594 changed files with 13806 additions and 4206 deletions
--- a/javascript/ql/src/change-notes/2023-03-16-block-modes.md
+++ b/javascript/ql/src/change-notes/2023-03-16-block-modes.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
-  such as AES-ECB.
--- a/javascript/ql/src/change-notes/2023-03-27-disabling-certificate-validation.md
+++ b/javascript/ql/src/change-notes/2023-03-27-disabling-certificate-validation.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `DisablingCertificateValidation.ql` query has been updated to check `createServer` from `https` for disabled certificate validation.
--- a/javascript/ql/src/change-notes/2023-03-27-jquery-callback-sinks.md
+++ b/javascript/ql/src/change-notes/2023-03-27-jquery-callback-sinks.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved the model of jQuery to account for XSS sinks where the HTML string
-  is provided via a callback. This may lead to more results for the `js/xss` query.
--- a/javascript/ql/src/change-notes/2023-04-04-getset-in-pattern.md
+++ b/javascript/ql/src/change-notes/2023-04-04-getset-in-pattern.md
@@ -1,5 +0,0 @@
---
-category: fix
---
-* Fixed a bug where a destructuring pattern could not be parsed if it had a property
-  named `get` or `set` with a default value.
--- a/javascript/ql/src/change-notes/2023-04-14-more-call-graph-steps.md
+++ b/javascript/ql/src/change-notes/2023-04-14-more-call-graph-steps.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Improved the call graph to better handle the case where a function is stored on
+  a plain object and subsequently copied to a new host object via an `extend` call.
--- a/javascript/ql/src/change-notes/released/0.6.0.md
+++ b/javascript/ql/src/change-notes/released/0.6.0.md
@@ -0,0 +1,14 @@
+## 0.6.0
+
+### Minor Analysis Improvements
+
+* The `DisablingCertificateValidation.ql` query has been updated to check `createServer` from `https` for disabled certificate validation.
+* Improved the model of jQuery to account for XSS sinks where the HTML string
+  is provided via a callback. This may lead to more results for the `js/xss` query.
+* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
+  such as AES-ECB.
+
+### Bug Fixes
+
+* Fixed a bug where a destructuring pattern could not be parsed if it had a property
+  named `get` or `set` with a default value.