11614 Commits

Author	SHA1	Message	Date
Paolo Tranquilli	f72ed627e1	Javascript: tentative fix to a weird build problem	2025-06-27 16:41:38 +02:00
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa ... JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Napalys Klicius	73126fef9e	JS: update change note.	2025-06-25 09:26:26 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries ... JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server ... JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
github-actions[bot]	6972c7a872	Post-release preparation for codeql-cli-2.22.1	2025-06-24 12:55:14 +00:00
Napalys Klicius	79a9d7def8	JS: removed execa parts from SystemCommandExecutors and moved it to Execa.qll	2025-06-24 12:41:22 +02:00
Napalys Klicius	0902ca0605	JS: address copilot suggestions	2025-06-24 11:37:07 +02:00
Asger F	54bfde9b7a	Update javascript/ql/src/change-notes/2025-06-23-remove-legacy-actions-queries.md ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-06-24 11:22:37 +02:00
github-actions[bot]	3e074b2425	Release preparation for version 2.22.1	2025-06-24 08:55:31 +00:00
Asger F	d428eaeef8	Merge pull request #19655 from GeekMasher/js-clientrests-axios ... JS: ClientRequests Axios Instance support	2025-06-24 10:35:51 +02:00
Napalys Klicius	2218a981f6	Merge pull request #19854 from Napalys/js/sinon ... JS: Explicitly Mark `Sinon` Package as Non RegExp	2025-06-24 10:24:13 +02:00
Napalys Klicius	8c345461f0	JS: add change note	2025-06-24 09:08:15 +02:00
Napalys Klicius	d05de1ba4e	JS: moved execa test cases outside experimental	2025-06-24 09:08:13 +02:00
Napalys Klicius	d8b5cb5862	JS: moved execa out of experimental	2025-06-24 09:07:43 +02:00
Napalys Klicius	33f42444d5	JS: add change note	2025-06-23 20:25:18 +02:00
Napalys Klicius	ef51ab172f	JS: exclude sinon module from regexp match calls	2025-06-23 20:25:17 +02:00
Napalys Klicius	584b4f51aa	JS: add false positive test cases for hostname regex detection	2025-06-23 20:25:10 +02:00
Asger F	ea0a80a06a	JS: Un-deprecate Actions.qll for now as we have some internal queries that use it.	2025-06-23 16:38:04 +02:00
Asger F	4fc5738ded	JS: Change note	2025-06-23 16:08:21 +02:00
Asger F	61887beae0	JS: Add test case for false positive	2025-06-23 16:03:41 +02:00
Asger F	cc1a28ac7e	JS: Add parameters of server functions as remote flow sources	2025-06-23 16:03:39 +02:00
Asger F	d9f4e4a90d	JS: Add tests for functions with "use server" directive	2025-06-23 16:03:38 +02:00
Asger F	7dd7246cd4	JS: Update tests.expected ... Mostly noise due to renamed predicates and reordered result sets	2025-06-23 16:03:35 +02:00
Asger F	180b023c7c	JS: Add inline expectations to React test	2025-06-23 16:03:33 +02:00
Asger F	1787d4dce8	JS: Enable inline expectations in test ... Will update files in next commit	2025-06-23 16:03:32 +02:00
Asger F	1a18e68364	JS: Remove reactLibraryRef ... This is not testing anything interesting, and is noisy when adding inline expectations	2025-06-23 16:03:30 +02:00
Asger F	99fb6b62ad	JS: Remove test_ prefix from query predicates	2025-06-23 16:03:29 +02:00
Asger F	8ff7182f3a	JS: Move React test predicates into one file	2025-06-23 15:37:15 +02:00
Asger F	980d0f46fa	JS: Add model for react 'use'	2025-06-23 15:27:21 +02:00
Asger F	768ccc6a54	JS: Add test for react 'use' function	2025-06-23 15:26:08 +02:00
Asger F	7da2d71a70	JS: Update query suite expectations	2025-06-23 14:57:23 +02:00
Asger F	b1da23968c	JS: Change note	2025-06-23 14:50:09 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection ... Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak ... Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00
Asger F	3a00e8d1c5	JS: Remove js/actions/pull-request-target ... Superseded by actions/untrusted-checkout/{medium,high,critical}	2025-06-23 14:37:21 +02:00
Asger F	0d3bb89195	JS: Deprecate Actions.qll	2025-06-23 14:36:15 +02:00
Asger F	93c891a987	Merge pull request #19822 from Fdawgs/patch-1 ... JS: Update Fastify tld	2025-06-23 12:49:42 +02:00
Taus	ac8b41a5da	Merge pull request #19680 from github/tausbn/javascript-exclude-obviously-generated-files ... JavaScript: Don't extract obviously generated files	2025-06-20 15:52:39 +02:00
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware ... JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	c1b2fd86b2	Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll ... Co-authored-by: Taus <tausbn@github.com>	2025-06-20 14:29:51 +02:00
Napalys Klicius	bca536c5b6	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-20 11:30:20 +02:00
Napalys Klicius	8c2bda32df	Merge pull request #19776 from Napalys/js/mass_quality_promotion ... JS: Mass promotion of queries to `quality` status	2025-06-20 10:53:32 +02:00
Napalys Klicius	7c25bcdad1	Changed js/duplicate-condition to reliability and correctness	2025-06-20 08:06:03 +02:00
Napalys Klicius	aa3e9c6579	Changed js/unreachable-statement to reliability and correctness	2025-06-19 19:52:03 +02:00
Napalys Klicius	32dd665472	Changed js/unused-loop-variable to reliability and correctness	2025-06-19 19:45:20 +02:00
Napalys Klicius	4fd3ef8f1c	Changed js/useless-assignment-in-return to reliability and correctness	2025-06-19 19:37:13 +02:00
Napalys Klicius	4bc97326d1	Changed js/label-in-switch to reliability and correctness	2025-06-19 19:30:53 +02:00
Napalys Klicius	125add1e19	Changed js/node/missing-exports-qualifier to reliability and correctness	2025-06-19 19:24:00 +02:00
Napalys Klicius	2ab35d6a45	Changed js/node/assignment-to-exports-variable to reliability and correctness	2025-06-19 19:21:06 +02:00