codeql/2.6.1.md at codeql-cli-2.23.2

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Files

github-actions[bot] b961c5961d Release preparation for version 2.21.1

2025-04-14 09:53:06 +00:00

2.6.1

Data passed to the NextResponse constructor is now treated as a sink for js/reflected-xss.
Data received from NextRequest and Request is now treated as a remote user input source.
Added support for the make-dir package.
Added support for the open package.
Added taint propagation for Uint8Array, ArrayBuffer, SharedArrayBuffer and TextDecoder.decode().
Improved detection of WebSocket and SockJS usage.
Added data received from WebSocket clients as a remote flow source.
Added support for additional mkdirp methods as sinks in path-injection queries.
Added support for additional rimraf methods as sinks in path-injection queries.