6371 Commits

Author	SHA1	Message	Date
Michael Nebel	8009ddebce	Merge pull request #20329 from michaelnebel/javascript/ql4ql ... JS: Fix some Ql4Ql violations.	2025-09-04 13:01:37 +02:00
Napalys Klicius	8fc81f4263	Merge branch 'main' into js/remote-property-injection-update	2025-09-03 14:02:19 +02:00
github-actions[bot]	e8a2600a0c	Post-release preparation for codeql-cli-2.23.0	2025-09-02 11:46:23 +00:00
github-actions[bot]	0bfa93828b	Release preparation for version 2.23.0	2025-09-02 11:09:32 +00:00
Michael Nebel	8b10ad49d7	JS: Fix some Ql4Ql violations.	2025-09-01 15:17:53 +02:00
Napalys Klicius	e0916c8750	JS: add change note	2025-08-27 10:32:45 +00:00
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model ... JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
Napalys Klicius	3f9061abdb	Added change note	2025-07-31 13:20:38 +02:00
Napalys Klicius	021aa13ee2	Added change note	2025-07-31 12:45:34 +02:00
Napalys Klicius	791a7e242e	Updated qhelp for cors permissive configuration	2025-07-31 11:31:10 +02:00
Napalys Klicius	358617f533	Move CORS misconfiguration query from experimental to Security	2025-07-30 10:22:59 +00:00
github-actions[bot]	37cc78255a	Post-release preparation for codeql-cli-2.22.2	2025-07-22 14:22:20 +00:00
github-actions[bot]	997547b8ef	Release preparation for version 2.22.2	2025-07-22 14:04:14 +00:00
Nick Rolfe	825c813095	Revert "Release preparation for version 2.22.2"	2025-07-22 14:33:45 +01:00
github-actions[bot]	c8632b70b7	Release preparation for version 2.22.2	2025-07-21 16:45:45 +00:00
Nick Rolfe	ad9b637bec	Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" ... This reverts commit e5b4a15e35, reversing changes made to 33e63109bb.	2025-07-21 15:18:59 +01:00
Michael Nebel	2f29459cda	Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck ... Ql4ql: Quality query tagging.	2025-07-17 14:53:14 +02:00
github-actions[bot]	24a0ac1223	Post-release preparation for codeql-cli-2.22.2	2025-07-07 18:15:04 +00:00
github-actions[bot]	f12daefabe	Release preparation for version 2.22.2	2025-07-07 14:00:26 +00:00
Michael Nebel	aefd941135	Java/Javascript: Fix violations.	2025-07-03 11:56:33 +02:00
Asger F	98319ce2ad	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2025-07-03 08:44:33 +02:00
Asger F	47a90c8b32	Merge branch 'main' into js/no-type-extraction	2025-07-02 13:18:05 +02:00
Michael Nebel	233b54c7fa	Merge pull request #19891 from michaelnebel/michaelnebel/freezemoresuites ... Go/Ruby/Python: Freeze quality queries in `security-and-quality`.	2025-07-01 09:04:19 +02:00
Asger F	3247babfa5	Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements ... Improve TypeORM model	2025-06-30 10:40:38 +02:00
Michael Nebel	145ada53f2	C#/Java/JavaScript: Re-factor query suites to use the new selector.	2025-06-26 14:19:27 +02:00
Vasco-jofra	8a7516528d	Update formatting	2025-06-26 09:29:07 +02:00
Asger F	aef362152e	JS: Change notes	2025-06-25 14:31:25 +02:00
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa ... JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries ... JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server ... JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
github-actions[bot]	6972c7a872	Post-release preparation for codeql-cli-2.22.1	2025-06-24 12:55:14 +00:00
Asger F	54bfde9b7a	Update javascript/ql/src/change-notes/2025-06-23-remove-legacy-actions-queries.md ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-06-24 11:22:37 +02:00
github-actions[bot]	3e074b2425	Release preparation for version 2.22.1	2025-06-24 08:55:31 +00:00
Napalys Klicius	d8b5cb5862	JS: moved execa out of experimental	2025-06-24 09:07:43 +02:00
Asger F	4fc5738ded	JS: Change note	2025-06-23 16:08:21 +02:00
Asger F	b1da23968c	JS: Change note	2025-06-23 14:50:09 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection ... Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak ... Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00
Asger F	3a00e8d1c5	JS: Remove js/actions/pull-request-target ... Superseded by actions/untrusted-checkout/{medium,high,critical}	2025-06-23 14:37:21 +02:00
Asger F	f5ac3fd611	JS: Remove old metric-meta query TypedExprs.ql ... This was used in the very old dist-compare tool, but has no use anymore	2025-06-23 12:55:12 +02:00
Asger F	fcb6882f16	JS: Update API usage in MissingAwait	2025-06-23 12:55:09 +02:00
Asger F	fb92d9b034	JS: Update type usage in UnreachableMethodOverloads ... This query depended on the cons-hashing performed by type extraction to determine if two types are the same. This is not trivial to restore, but not important enough to reimplement right now, so for now just simplifying the query's ability to recognise that two types are the same.	2025-06-23 12:55:06 +02:00
Napalys Klicius	bca536c5b6	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-20 11:30:20 +02:00
Napalys Klicius	7c25bcdad1	Changed js/duplicate-condition to reliability and correctness	2025-06-20 08:06:03 +02:00
Napalys Klicius	aa3e9c6579	Changed js/unreachable-statement to reliability and correctness	2025-06-19 19:52:03 +02:00
Napalys Klicius	32dd665472	Changed js/unused-loop-variable to reliability and correctness	2025-06-19 19:45:20 +02:00