hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 18:20:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
216911dad92ac32398dc5ef0e10ff2b4b6a784c8
codeql/javascript/ql/src/change-notes/released/0.6.2.md
github-actions[bot] 7aa23cf11d Release preparation for version 2.13.3
2023-05-22 20:47:00 +00:00

859 B
Raw Blame History

0.6.2

Major Analysis Improvements

  • Added taint sources from the @actions/core and @actions/github packages.
  • Added command-injection sinks from the @actions/exec package.

Minor Analysis Improvements

  • The js/indirect-command-line-injection query no longer flags command arguments that cannot be interpreted as a shell string.
  • The js/unsafe-deserialization query no longer flags deserialization through the js-yaml library, except when it is used with an unsafe schema.
  • The Forge module in CryptoLibraries.qll now correctly classifies SHA-512/224, SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.

Bug Fixes

  • Fixed a spurious diagnostic warning about comments in JSON files being illegal. Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.