mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
32 lines
1.8 KiB
Markdown
32 lines
1.8 KiB
Markdown
## 2.6.0
|
|
|
|
### New Features
|
|
|
|
* Extraction now supports regular expressions with the `v` flag, using the new operators:
|
|
- Intersection `&&`
|
|
- Subtraction `--`
|
|
- `\q` quoted string
|
|
|
|
### Major Analysis Improvements
|
|
|
|
* Added support for TypeScript 5.8.
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* Added support for additional `fs-extra` methods as sinks in path-injection queries.
|
|
* Added support for the newer version of `Hapi` with the `@hapi/hapi` import and `server` function.
|
|
* Improved modeling of the `node:fs` module: `await`-ed calls to `read` and `readFile` are now supported.
|
|
* Added support for the `@sap/hana-client`, `@sap/hdbext` and `hdb` packages.
|
|
* Enhanced `axios` support with new methods (`postForm`, `putForm`, `patchForm`, `getUri`, `create`) and added support for `interceptors.request` and `interceptors.response`.
|
|
* Improved support for `got` package with `Options`, `paginate()` and `extend()`
|
|
* Added support for the `ApolloServer` class from `@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input.
|
|
* Improved support for `superagent` to handle the case where the package is directly called as a function, or via the `.del()` or `.agent()` method.
|
|
* Added support for the `underscore.string` package.
|
|
* Added additional flow step for `unescape()` and `escape()`.
|
|
* Added support for the `@tanstack/vue-query` package.
|
|
* Added taint-steps for `unescape()`.
|
|
* Added support for the `@tanstack/angular-query-experimental` package.
|
|
* Improved support for the `@angular/common/http` package, detecting outgoing HTTP requests in more cases.
|
|
* Improved the modeling of the `markdown-table` package to ensure it handles nested arrays properly.
|
|
* Added support for the `react-relay` library.
|