mirror of
https://github.com/github/codeql.git
synced 2025-12-19 10:23:15 +01:00
9 lines
493 B
Markdown
9 lines
493 B
Markdown
lgtm,codescanning
|
|
* URIs used in the Apollo-link libraries are now recognized as sinks for `js/request-forgery`.
|
|
Affected packages are
|
|
[apollo-link-http](https://www.npmjs.com/package/apollo-link-http),
|
|
[apollo-client](https://www.npmjs.com/package/apollo-client),
|
|
[apollo-boost](https://www.npmjs.com/package/apollo-boost),
|
|
[apollo-client-preset](https://www.npmjs.com/package/apollo-client-preset), and
|
|
[apollo-link-ws](https://www.npmjs.com/package/apollo-link-ws)
|