mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
18 lines
1.6 KiB
Markdown
18 lines
1.6 KiB
Markdown
## 0.8.1
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* The contents of `.jsp` files are now extracted, and any `<script>` tags inside these files will be parsed as JavaScript.
|
|
* [Import attributes](https://github.com/tc39/proposal-import-attributes) are now supported in JavaScript code.
|
|
Note that import attributes are an evolution of an earlier proposal called "import assertions", which were implemented in TypeScript 4.5.
|
|
The QL library includes new predicates named `getImportAttributes()` that should be used in favor of the now deprecated `getImportAssertion()`;
|
|
in addition, the `getImportAttributes()` method of the `DynamicImportExpr` has been renamed to `getImportOptions()`.
|
|
* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
|
|
* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`.
|
|
* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`.
|
|
* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead.
|
|
* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead.
|
|
* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead.
|
|
* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal,
|
|
and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`.
|