hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #442 from xiemaisi/js/change-notes

Browse Source 
Approved by esben-semmle
This commit is contained in:
semmle-qlci
2018-11-09 10:38:39 +00:00
committed by GitHub
parent a7290e5aeb 71bbbb77eb
commit e35cb3a98a
2 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
change-notes/1.19/analysis-javascript.md
View File

@@ -9,9 +9,7 @@
* Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
- file system access, for example through [fs-extra](https://github.com/jprichardson/node-fs-extra) or [globby](https://www.npmjs.com/package/globby)
- outbound network access, for example through the [fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
- the [Google Cloud Spanner](https://cloud.google.com/spanner), [lodash](https://lodash.com), [underscore](https://underscorejs.org/), [async](https://www.npmjs.com/package/async) and [async-es](https://www.npmjs.com/package/async-es) libraries
* The type inference now handles nested imports (that is, imports not appearing at the toplevel). This may yield fewer false-positive results on projects that use this non-standard language feature.
- the [lodash](https://lodash.com), [underscore](https://underscorejs.org/), [async](https://www.npmjs.com/package/async) and [async-es](https://www.npmjs.com/package/async-es) libraries
* Type inference for function calls has been improved. This may give additional results for queries that rely on type inference.
@@ -39,7 +37,6 @@
| Server-side URL redirect | More results | This rule now recognizes redirection calls in more cases. |
| Unused variable, import, function or class | Fewer false-positive results | This rule now flags fewer variables that may be used by `eval` calls. |
| Unused variable, import, function or class | Fewer results | This rule now flags import statements with multiple unused imports once. |
| User-controlled bypass of security check | Fewer results | This rule no longer flags conditions that guard early returns. The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
| Whitespace contradicts operator precedence | Fewer false-positive results | This rule no longer flags operators with asymmetric whitespace. |
| Unused import | Fewer false-positive results | This rule no longer flags imports used by the `transform-react-jsx` Babel plugin. |
| Self assignment | Fewer false-positive results | This rule now ignores self-assignments preceded by a JSDoc comment with a `@type` tag. |

2
change-notes/1.19/extractor-javascript.md
View File

@@ -21,8 +21,6 @@
## Changes to code extraction
* Destructuring assignments are now modeled more precisely, which fixes both false-negative and false-positive results for the rules
"Missing variable declaration" and "Useless assignment to local variable" in certain corner cases.
* The TypeScript compiler is now bundled with the distribution, and no longer needs to be installed manually.
Should the compiler version need to be overridden, set the `SEMMLE_TYPESCRIPT_HOME` environment variable to
point to an installation of the `typescript` NPM package.