mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
24 lines
1.7 KiB
Markdown
24 lines
1.7 KiB
Markdown
## 2.0.0
|
|
|
|
### Breaking Changes
|
|
|
|
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
|
|
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.
|
|
* Local source models for reading and parsing environment variables have been added for the following libraries:
|
|
* os
|
|
* syscall
|
|
* github.com/caarlos0/env
|
|
* github.com/gobuffalo/envy
|
|
* github.com/hashicorp/go-envparse
|
|
* github.com/joho/godotenv
|
|
* github.com/kelseyhightower/envconfig
|
|
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
|
|
|
|
### Bug Fixes
|
|
|
|
* Golang vendor directories not at the root of a repository are now correctly excluded from the baseline Go file count. This means code coverage information will be more accurate.
|