Chris Smowton
49bc524fd0
Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main
2022-12-08 11:12:30 +00:00
erik-krogh
9ef4f12261
add change-note
2022-12-07 14:12:43 +01:00
Arthur Baars
889eea92c2
Merge branch 'main' into ruby-more-flow
2022-12-05 11:13:46 +01:00
Arthur Baars
83423854d2
Merge pull request #11339 from aibaars/active_support_enumerable
...
Ruby: Active support enumerable
2022-12-05 11:02:19 +01:00
github-actions[bot]
31ab22e3a0
Release preparation for version 2.11.5
2022-12-01 20:05:14 +00:00
Alex Ford
7de5113e67
Ruby: rails/globalid changenote
2022-11-30 13:01:27 +00:00
Arthur Baars
cbf4197575
Ruby: add change note
2022-11-30 11:57:35 +01:00
Harry Maclean
d20d1e5e75
Ruby: Add change note
2022-11-30 13:18:44 +13:00
Harry Maclean
e3def7c22f
Ruby: Add change note
2022-11-30 11:50:47 +13:00
Harry Maclean
375403fb9d
Merge pull request #11114 from hmac/case-barrier-guard-3
...
Ruby: Add case string comparison barrier guard
2022-11-30 11:21:07 +13:00
Arthur Baars
a8effd1961
Ruby: add change note
2022-11-28 13:02:22 +01:00
Edoardo Pirovano
6c33ddcd47
Merge pull request #11349 from github/edoardo/2.11.4-mergeback
...
Merge `rc/3.8` into `main`
2022-11-21 18:08:27 +00:00
Erik Krogh Kristensen
b4661f4a59
Merge pull request #11245 from erik-krogh/rb-redosMod
...
Ruby: use the shared regex pack
2022-11-21 15:34:20 +01:00
github-actions[bot]
e105c13e77
Release preparation for version 2.11.4
2022-11-17 16:40:45 +00:00
Harry Maclean
762ebad66e
Ruby: Add change note
2022-11-16 13:46:51 +13:00
erik-krogh
f6255e497b
Merge branch 'main' into rb-redosMod
2022-11-15 17:14:19 +01:00
Nick Rolfe
8d854e0a6b
Merge pull request #11252 from github/nickrolfe/active_support_enumerable
...
Ruby: add flow summary for Enumerable#index_by
2022-11-15 10:40:42 +00:00
erik-krogh
10fff4e2ef
Merge branch 'main' into rb-redosMod
2022-11-14 21:31:10 +01:00
Nick Rolfe
c80fbff648
Ruby: add changenote for Enumerable#index_by flow summary
2022-11-14 12:47:50 +00:00
Nick Rolfe
83b3312467
Merge pull request #11207 from github/nickrolfe/arel-sql
...
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
2022-11-14 10:21:37 +00:00
Nick Rolfe
e3ebf1c668
Merge pull request #11187 from github/nickrolfe/actioncable
...
Ruby: add ActionCable channel RPC params as remote flow sources
2022-11-11 11:32:13 +00:00
Nick Rolfe
0337ccb93a
Ruby: add change notes for Arel.sql / SqlConstruction changes
2022-11-10 14:11:14 +00:00
Nick Rolfe
199b3f4d71
Ruby: add change note for ActionCable channel remote flow sources
2022-11-09 14:18:44 +00:00
Harry Maclean
4bc9096446
Ruby: Add case string comparison barrier guard
...
This recognises barriers of the form
STRINGS = ["foo", "bar"]
case foo
when "some string literal"
foo
when *["other", "strings"]
foo
when *STRINGS
foo
end
where the reads of `foo` inside each `when` are guarded by the comparison
of `foo` with the string literals.
We don't yet recognise this construct:
case foo
when "foo", "bar"
foo
end
This is due to a limitation in the shared barrier guard logic.
2022-11-09 15:03:13 +13:00
Nick Rolfe
865d0ca64a
Ruby: add changenote for ActiveSupport Hash extension summaries
2022-11-08 15:52:21 +00:00
Harry Maclean
d392cdaab6
Merge pull request #11022 from hmac/try-code-injection
...
Ruby: try/try! as code execution
2022-11-08 09:42:52 +13:00
erik-krogh
7a8e7150f0
add change-note
2022-11-07 14:36:55 +01:00
Dave Bartolomeo
013b7eff1c
Apply suggestions from code review
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-11-04 18:46:32 -04:00
github-actions[bot]
508327235a
Release preparation for version 2.11.3
2022-11-04 20:16:23 +00:00
Harry Maclean
0dd63c007e
Ruby: Add change note
2022-10-31 11:53:22 +13:00
Harry Maclean
ca7b48c3d5
Add change note
2022-10-28 11:31:55 +13:00
thiggy1342
3659eaa780
add markdown file extension
2022-10-25 10:13:19 -04:00
thiggy1342
952ad6ea46
Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new
2022-10-24 09:52:24 -04:00
Nick Rolfe
9fb436e22b
Ruby: add change note for localTaintStep fix
2022-10-21 16:33:29 +01:00
thiggy1342
4e5c1f210d
Update ruby/ql/lib/change-notes/2022-10-20-expand-faraday-model-for-ssrf-sink
...
Co-authored-by: Rahul Zhade <rzhade3@users.noreply.github.com >
2022-10-20 17:33:17 -04:00
thiggy1342
244a3329e0
Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new
2022-10-20 16:37:57 -04:00
thiggy1342
4c3e3e442a
Add Faraday::Connection.new as sink for SSRF query
2022-10-20 20:32:08 +00:00
Arthur Baars
45c9a0d0b1
Apply suggestions from code review
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-10-20 15:22:29 +02:00
github-actions[bot]
9a0848bbc4
Release preparation for version 2.11.2
2022-10-20 11:05:19 +00:00
erik-krogh
dfdf8c7869
add change-note
2022-10-14 13:28:36 +02:00
Arthur Baars
9ccf5a7798
Merge pull request #10749 from aibaars/run_request
...
Ruby: treat Faraday#run_request as remote source
2022-10-14 12:24:39 +02:00
Harry Maclean
7d23170fb2
Merge pull request #10602 from hmac/hmac/actiondispatch-request
...
Ruby: Model ActionDispatch::Request
2022-10-14 22:17:20 +13:00
Arthur Baars
9abd599024
Ruby: treat Faraday#run_request as remote source
2022-10-13 15:44:21 +02:00
Harry Maclean
8e55e62b15
Ruby: Add change note
2022-10-13 13:24:16 +13:00
Alex Ford
0536d4b540
Merge branch 'main' into ruby/activejob-deserialize
2022-10-12 15:04:12 +01:00
Nick Rolfe
e38cfd5f7d
Ruby: add changenote for ActionMailer params
2022-10-10 10:25:19 +01:00
Alex Ford
d0bdbe65ef
Ruby: ActiveJob::Serializers.deserialize changenote
2022-10-09 22:47:52 +01:00
Dave Bartolomeo
5ee7986649
Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1
...
Post-release preparation for codeql-cli-2.11.1
2022-10-07 14:23:31 -04:00
Harry Maclean
75cb0efecb
Merge pull request #10538 from hmac/hmac/actioncontroller-parameters
...
Ruby: Model flow through ActionController::Parameters
2022-10-07 22:21:40 +13:00
github-actions[bot]
a02dcdc5e1
Release preparation for version 2.11.1
2022-10-07 02:20:28 +00:00
