Files
codeql/javascript/ql/src/change-notes/released/2.1.0.md
2025-09-26 10:11:03 +01:00

857 B

2.1.0

Major Analysis Improvements

  • Added support for TypeScript 5.9
  • Added support for import defer syntax in JavaScript and TypeScript.

Minor Analysis Improvements

  • Data flow is now tracked through the Promise.try and Array.prototype.with functions.
  • Query js/index-out-of-bounds no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
  • The query js/remote-property-injection now detects property injection vulnerabilities through object enumeration patterns such as Object.keys().
  • The query "Permissive CORS configuration" (js/cors-permissive-configuration) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who submitted the original experimental query!