Paolo Tranquilli
dfe451128e
Merge branch 'main' into redsun82/bazel-9
2026-02-19 11:05:32 +01:00
github-actions[bot]
b5898c5a30
Post-release preparation for codeql-cli-2.24.2
2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb
Release preparation for version 2.24.2
2026-02-16 13:29:25 +00:00
Paolo Tranquilli
10a2824b82
refactor: migrate BUILD files to explicit rules_java imports
...
Add explicit load statements for java_library and java_test from
@rules_java//java:defs.bzl in:
- javascript/extractor/BUILD.bazel
- javascript/extractor/test/com/semmle/js/extractor/test/BUILD.bazel
2026-02-10 13:44:06 +01:00
github-actions[bot]
73d06f26cb
Post-release preparation for codeql-cli-2.24.1
2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0
Release preparation for version 2.24.1
2026-02-02 12:09:09 +00:00
Tom Hvitved
b974a84bef
Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering
...
Shared: Provenance-based filtering of flow summaries
2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1
Add change notes
2026-01-26 12:40:22 +01:00
Tom Hvitved
93dad867cd
JS: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:21 +01:00
yoff
d05901ad3f
python/javascript/ruby: mark internal predicates
2026-01-22 17:30:24 +01:00
yoff
75bd4a7a12
javascript: add MaD model
...
- consider if the model is in the right place
- consider if the barrier kind (sink kind) is the appropriate one
2026-01-22 17:30:24 +01:00
yoff
da2f77d615
javascript: remove sanitizer to be replaced by model
2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b
python: add machinery for MaD barriers
...
and reinstate previously removed barrier
now as a MaD row
2026-01-22 17:30:24 +01:00
Ian Lynagh
a299174f4d
javascript: Add up/downgrade scripts
2026-01-20 11:56:15 +00:00
Ian Lynagh
4140121e96
javascript: Use more standard shared dbscheme sections
...
We now use the shared "Overlay support" and "Database metadata".
2026-01-20 11:56:14 +00:00
github-actions[bot]
48475e66af
Post-release preparation for codeql-cli-2.24.0
2026-01-19 15:49:08 +00:00
Nick Rolfe
1739e135f5
Fix list formatting inconsistency
2026-01-19 15:17:11 +00:00
github-actions[bot]
4142b9c4ce
Release preparation for version 2.24.0
2026-01-19 14:49:14 +00:00
Asger F
bedb80346a
Merge pull request #20940 from asgerf/js/detect-minified-files
...
JS: Skip minified file if avg line length > 200
2026-01-19 14:31:09 +01:00
Asger F
077bbb24ac
Merge pull request #21159 from asgerf/js/vue-prop-function
...
JS: Add support for props callbacks in Vue router configs
2026-01-19 10:13:49 +01:00
Asger F
ff580410fe
Merge pull request #20733 from asgerf/js/incremental-api-graphs
...
JS: Incremental API graph
2026-01-14 12:49:41 +01:00
Asger F
06cc323aee
Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
...
Co-authored-by: Taus <tausbn@github.com >
2026-01-14 11:40:01 +01:00
Asger F
b47ae420ca
Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-14 11:40:01 +01:00
Asger F
0eadebcabd
Update javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-14 11:40:01 +01:00
Asger F
739ed4b3bb
JS: Change note
2026-01-14 11:40:01 +01:00
Asger F
7ab52a81a7
JS: Add environment variable to opt out of the behaviour if needed
2026-01-14 11:40:01 +01:00
Asger F
2892ab61ae
JS: Make sure a file is not seen as minified
2026-01-14 11:40:01 +01:00
Asger F
84f6b6f67a
JS: Accept test change due to file no longer being extracted
2026-01-14 11:40:01 +01:00
Asger F
98c8b4c080
JS: Skip minified file if avg line length > 200
2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3
Merge pull request #20916 from asgerf/js/next-folders2
...
JS: Handle Next.js files named 'page' or 'route'
2026-01-14 11:10:57 +01:00
Ian Lynagh
63f78e7609
Merge pull request #21156 from igfoo/igfoo/mb
...
Merge rc/3.20 into main
2026-01-13 12:11:37 +00:00
Asger F
9fa856f974
JS: Change note
2026-01-13 11:49:33 +01:00
Asger F
7cd820ea86
JS: Add support for props callbacks in router configs
2026-01-13 11:46:12 +01:00
Asger F
40c35341d1
JS: Add props to Vue router test case
2026-01-13 11:44:07 +01:00
Asger F
da9aafc3b0
JS: Also track additional use-steps crossing the overlay boundary
2026-01-13 10:54:16 +01:00
Asger F
ca52fe59e8
Merge pull request #20918 from asgerf/js/response-default-content-type
...
JS: Handle default 'content-type' header in Response() objects
2026-01-13 10:34:40 +01:00
Asger F
d2e6ae5e14
Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll
...
Co-authored-by: Napalys Klicius <napalys@github.com >
2026-01-13 10:34:25 +01:00
Ian Lynagh
dcd0a69759
Merge remote-tracking branch 'upstream/main' into igfoo/mb
2026-01-13 01:01:35 +00:00
Asger F
cf0b77074f
JS: Workaround forceLocal not supporting 'result' column
...
A bug made it into the release which causes compilation errors when
forceLocal is used on a predicate with a result column.
This commit works around the issue by converting the result column
to a positional parameter, for the predicates that we use forceLocal on.
It should be safe to revert this commit once the compiler fix has made
it into a stable release.
2026-01-07 11:05:41 +01:00
Asger F
e16cacd48d
JS: Rename "in scope" to "in active file"
2026-01-07 11:05:41 +01:00
Asger F
87049bd07e
Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll
...
Co-authored-by: Taus <tausbn@github.com >
2026-01-07 11:05:41 +01:00
Asger F
56a6fe4c08
Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-07 11:05:41 +01:00
Asger F
d0dbc91aa9
Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-07 11:05:41 +01:00
Asger F
9721b4e0f5
JS: Fix bad join in export logic
2026-01-07 11:05:41 +01:00
Asger F
cae27c40be
JS: Add a missing needsDefNode restriction
...
Previously this was implied by MkClassInstance but that's no longer
the case.
2026-01-07 11:05:41 +01:00
Asger F
369848a870
JS: Fix some QL4QL alerts
2026-01-07 11:05:41 +01:00
Asger F
97d369cf4e
JS: Make API::Node overlay[local?]
...
We want the type itself to be local but nearly all its member predicates
are global.
2026-01-07 11:05:41 +01:00
Asger F
27e8bcb347
JS: Add back promisify-all support
...
This was somehow lost in a rebase
2026-01-07 11:05:41 +01:00
Asger F
8731eee10e
JS: Work around an issue with overlay-invariance
2026-01-07 11:05:41 +01:00
Asger F
962c128f20
JS: Update test output to reflect Node.toString() change
2026-01-07 11:05:41 +01:00