codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00

Author	SHA1	Message	Date
erik-krogh	2eb6b1adb3	JS: fix two typos	2022-11-23 14:38:12 +01:00
github-actions[bot]	5b14ebf22a	Post-release preparation for codeql-cli-2.11.4	2022-11-18 11:26:00 +00:00
Chris Smowton	0219c2b02b	Copyedit Javascript changelog	2022-11-17 17:02:01 +00:00
Chris Smowton	80b2f0d3cd	Coopyedit Javascript changelog	2022-11-17 17:01:43 +00:00
github-actions[bot]	e105c13e77	Release preparation for version 2.11.4	2022-11-17 16:40:45 +00:00
Mauro Baluda	784475dd66	Merge branch 'main' into main	2022-11-16 11:06:27 +01:00
Mauro Baluda	84cb59b942	Create 2022-11-08-hapi-glue.md	2022-11-16 11:05:23 +01:00
erik-krogh	75ef5b1b0b	add support for `satisfies`-expressions	2022-11-15 22:07:24 +01:00
Asger F	5f18484fa9	JS: Change note	2022-11-14 15:09:30 +01:00
Asger F	44e94f6615	JS: Change note	2022-11-08 11:51:26 +01:00
github-actions[bot]	fca754bddd	Post-release preparation for codeql-cli-2.11.3	2022-11-05 14:30:48 +00:00
Dave Bartolomeo	013b7eff1c	Apply suggestions from code review Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-11-04 18:46:32 -04:00
github-actions[bot]	508327235a	Release preparation for version 2.11.3	2022-11-04 20:16:23 +00:00
Erik Krogh Kristensen	c82d8cbacc	Merge pull request #11013 from erik-krogh/sndCmd JS: second-order-command-injection	2022-11-04 10:58:50 +01:00
Erik Krogh Kristensen	1f51bd4594	add dash in description Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-11-03 16:24:59 +01:00
erik-krogh	96ec54e5be	fix minor issues in qhelp	2022-11-03 14:01:58 +01:00
erik-krogh	b5666888b1	rewrite @description of second-order-command-injection	2022-11-03 14:00:29 +01:00
Dave Bartolomeo	9d5e5e3ee7	`${workspace}` all the things	2022-11-01 13:29:05 -04:00
Dave Bartolomeo	49c4c554c4	Merge from `main`	2022-11-01 13:22:40 -04:00
erik-krogh	6f3ca40fed	expand the explanation to include with arguments make the commands vulnerable	2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen	8fd6424db9	fix the qhelp Co-authored-by: Asger F <asgerf@github.com>	2022-11-01 14:05:25 +01:00
erik-krogh	5e5160d4fc	add which commands are flagged in the change-note	2022-10-31 21:42:59 +01:00
erik-krogh	fc2112831c	add second-order-command-injection query	2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Taus	503cc560cf	Merge pull request #10943 from bananabr/main Javascript/Python: Tokens built from predictable UUIDs	2022-10-27 14:12:34 +02:00
Jeroen Ketema	1d7efd8e82	Merge pull request #10905 from jsoref/spelling-code-scanning-product Spelling code scanning product	2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00
Dave Bartolomeo	23b572e9b7	Use `${workspace}` for intra-workspace dependencies Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release. Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.	2022-10-26 16:40:01 -04:00
Daniel Santos	64da2cec50	removed unnecessary getACall and fixed formatting	2022-10-26 12:02:55 -05:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
Daniel Santos	a2ad924376	Minor formatting fixes	2022-10-24 09:38:17 -05:00
Daniel Santos	066ffb7520	Tokens built from predictable UUIDs	2022-10-22 11:15:43 -05:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Josh Soref	c5c9f4d746	spelling: dependencies Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Erik Krogh Kristensen	71135da7ff	Merge pull request #10768 from erik-krogh/fixFileLoops JS: fix that js/file-system-race could have FPs related to loops	2022-10-17 12:01:55 +02:00
erik-krogh	a6c83a7b14	add change-note	2022-10-14 09:20:33 +02:00
Josh Soref	9d6ea28448	spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 04:40:26 -04:00
erik-krogh	7500a31814	fix that js/file-system-race could have FPs related to loops	2022-10-11 13:41:51 +02:00
Josh Soref	e8754967ea	spelling: explaining Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	cbea5ec40c	spelling: executables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
Josh Soref	3358c5f664	spelling: apparent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
Asger F	9bbbece8a7	Merge pull request #10670 from tyage/property-stringify JS: Improve detection of XSS when JSON.stringify()	2022-10-10 18:16:09 +02:00
Asger F	b1a165ee98	JS: Edit change note	2022-10-10 16:08:21 +02:00

1 2 3 4 5 ...

5458 Commits