hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
tausbn/python-add-models-for-zstd-compression
codeql/javascript/ql/lib/change-notes/released/0.8.1.md
github-actions[bot] 3b3c036626 Release preparation for version 2.15.1
2023-10-16 17:49:39 +00:00

1.6 KiB
Raw Permalink Blame History

0.8.1

Minor Analysis Improvements

  • The contents of .jsp files are now extracted, and any <script> tags inside these files will be parsed as JavaScript.
  • Import attributes are now supported in JavaScript code. Note that import attributes are an evolution of an earlier proposal called "import assertions", which were implemented in TypeScript 4.5. The QL library includes new predicates named getImportAttributes() that should be used in favor of the now deprecated getImportAssertion(); in addition, the getImportAttributes() method of the DynamicImportExpr has been renamed to getImportOptions().
  • Deleted the deprecated getAnImmediateUse, getAUse, getARhs, and getAValueReachingRhs predicates from the API::Node class.
  • Deleted the deprecated mayReferToParameter predicate from DataFlow::Node.
  • Deleted the deprecated getStaticMethod and getAStaticMethod predicates from DataFlow::ClassNode.
  • Deleted the deprecated isLibaryFile predicate from ClassifyFiles.qll, use isLibraryFile instead.
  • Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead.
  • Deleted the deprecated semmle.javascript.security.performance folder, use semmle.javascript.security.regexp instead.
  • Tagged template literals have been added to DataFlow::CallNode. This allows the analysis to find flow into functions called with a tagged template literal, and the arguments to a tagged template literal are part of the API-graph in ApiGraphs.qll.