hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
acdafd9646e853a7ce0fac13f66858a333f1f364
codeql/go/ql/lib/change-notes/released/2.0.0.md
github-actions[bot] acdafd9646 Release preparation for version 2.19.0
2024-09-16 10:56:10 +00:00

1.7 KiB
Raw Blame History

2.0.0

Breaking Changes

  • Deleted many deprecated taint-tracking configurations based on TaintTracking::Configuration.
  • Deleted the deprecated explorationLimit predicate from DataFlow::Configuration, use FlowExploration<explorationLimit> instead.

Minor Analysis Improvements

  • When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.
  • Local source models for reading and parsing environment variables have been added for the following libraries:
    • os
    • syscall
    • github.com/caarlos0/env
    • github.com/gobuffalo/envy
    • github.com/hashicorp/go-envparse
    • github.com/joho/godotenv
    • github.com/kelseyhightower/envconfig
  • Local source models have been added for the APIs which open files in the io/fs, io/ioutil and os packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see Analyzing your code with CodeQL queries and Customizing your advanced setup for code scanning.

Bug Fixes

  • Golang vendor directories not at the root of a repository are now correctly excluded from the baseline Go file count. This means code coverage information will be more accurate.