Merge pull request #1816 from felicity-semmle/1.22/js-finalize-change-notes

Approved by asger-semmle
2026-04-29 10:45:15 +02:00 · 2019-08-24 14:52:41 +01:00
parent f17c670f90 0ef81b5932
commit e37751e365
1 changed files with 8 additions and 6 deletions
--- a/change-notes/1.22/analysis-javascript.md
+++ b/change-notes/1.22/analysis-javascript.md
@@ -16,7 +16,9 @@
 * Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts.

 * Taint tracking through object property names has been made more precise, resulting in fewer false positive results.
-  
+
+* Method calls are now resolved in more cases, due to improved class hierarchy analysis. This may produce more security alerts.
+
 ## New queries

 | **Query**                                                                 | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
@@ -28,14 +30,14 @@

 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
-| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |
-| Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. |
-| Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
-| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |
+| Conflicting HTML element attributes (`js/conflicting-html-attribute`) | No changes to results | Results are no longer shown on LGTM by default. |
+| Shift out of range (`js/shift-out-of-range`| Fewer false positive results | This rule now correctly handles BigInt shift operands. |
+| Superfluous trailing arguments (`js/superfluous-trailing-arguments`) | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
+| Undocumented parameter (`js/jsdoc/missing-parameter`) | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |

 ## Changes to QL libraries

- The `getName()` predicate on functions and classes now gets a name
+- The `getName()` predicate on functions and classes now gets a name that is
  inferred from the context if the function or class was not declared with a name.
 - The two-argument and three-argument variants of `DataFlow::Configuration::isBarrier` and
  `TaintTracking::Configuration::isSanitizer` have been deprecated. Overriding them no