hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.9.2

Browse Source
This commit is contained in:
github-actions[bot]
2022-05-12 10:17:28 +00:00
parent e0c74d4390
commit ee9980b31c
74 changed files with 268 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 0.1.2
### Deprecated APIs
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
Use the `Customizations.qll` file belonging to the query instead.
### Minor Analysis Improvements
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
Sinks and sources from cash should now be handled by all XSS queries.
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
## 0.1.1
## 0.1.0

5
javascript/ql/lib/change-notes/2022-04-11-drag-and-drop-data.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.

5
javascript/ql/lib/change-notes/2022-04-22-xss-library.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
Use the `Customizations.qll` file belonging to the query instead.

4
javascript/ql/lib/change-notes/2022-04-30-xss-selection-source.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.

5
javascript/ql/lib/change-notes/2022-05-09-cash.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
Sinks and sources from cash should now be handled by all XSS queries.

14
javascript/ql/lib/change-notes/released/0.1.2.md Normal file
View File

@@ -0,0 +1,14 @@
## 0.1.2
### Deprecated APIs
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
Use the `Customizations.qll` file belonging to the query instead.
### Minor Analysis Improvements
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
Sinks and sources from cash should now be handled by all XSS queries.
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.

2
javascript/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.1
lastReleaseVersion: 0.1.2

2
javascript/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 0.1.2-dev
version: 0.1.2
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript

7
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.1.2
### New Queries
* The `js/missing-origin-check` query has been added. It highlights "message" event handlers that do not check the origin of the event.
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.
## 0.1.1
### Minor Analysis Improvements

9
javascript/ql/src/change-notes/2022-04-12-postmessage-origin-verification.md → javascript/ql/src/change-notes/released/0.1.2.md
View File

@@ -1,5 +1,6 @@
---
category: newQuery
---
## 0.1.2
### New Queries
* The `js/missing-origin-check` query has been added. It highlights "message" event handlers that do not check the origin of the event.
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.1
lastReleaseVersion: 0.1.2

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 0.1.2-dev
version: 0.1.2
groups:
- javascript
- queries