Merge pull request #19429 from owen-mc/fix-cwe-tags-missing-leading-zero

Fix cwe tags to include leading zero

javascript/ql/src/Electron/DisablingWebSecurity.ql

@@ -7,7 +7,7 @@
  * @precision very-high
  * @tags security
  *       frameworks/electron
- *       external/cwe/cwe-79
+ *       external/cwe/cwe-079
  * @id js/disabling-electron-websecurity
  */
 

javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql

@@ -5,7 +5,7 @@
  *              to it.
  * @id js/count-untrusted-data-external-api
  * @kind table
- * @tags security external/cwe/cwe-20
+ * @tags security external/cwe/cwe-020
  */
 
 import javascript

javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql

@@ -6,7 +6,7 @@
  * @precision low
  * @problem.severity error
  * @security-severity 7.8
- * @tags security external/cwe/cwe-20
+ * @tags security external/cwe/cwe-020
  */
 
 import javascript

javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md

@@ -0,0 +1,8 @@
+---
+category: queryMetadata
+---
+
+* The tag `external/cwe/cwe-79` has been removed from `js/disabling-electron-websecurity` and the tag `external/cwe/cwe-079` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `js/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api-more-sources` and the tag `external/cwe/cwe-020` has been added.

javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql

@@ -7,7 +7,7 @@
  * @problem.severity error
  * @security-severity 7.8
  * @tags experimental
- *       security external/cwe/cwe-20
+ *       security external/cwe/cwe-020
  */
 
 import javascript