- Added support for TypeScript 4.7.
- All new ECMAScript 2022 features are now supported.
- The
isLibaryFile
predicate fromClassifyFiles.qll
has been renamed toisLibraryFile
to fix a typo.
- The
ReflectedXss
,StoredXss
,XssThroughDom
, andExceptionXss
modules fromXss.qll
have been deprecated.
Use theCustomizations.qll
file belonging to the query instead.
- The cash library is now modelled as an alias for JQuery.
Sinks and sources from cash should now be handled by all XSS queries. - Added the
Selection
api as a DOM text source in thejs/xss-through-dom
query. - The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
- The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
- The following predicates on
API::Node
have been changed so as not to include the receiver. The receiver should now only be accessed viagetReceiver()
.getParameter(int i)
previously included the receiver wheni = -1
getAParameter()
previously included the receivergetLastParameter()
previously included the receiver for calls with no arguments
- Some predicates from
DefUse.qll
,DataFlow.qll
,TaintTracking.qll
,DOM.qll
,Definitions.qll
that weren't used by any query have been deprecated. The documentation for each predicate points to an alternative. - Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
- Some modules that started with a lowercase letter have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
- All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
- Added support for TypeScript 4.6.
- Added sources from the
jszip
library to thejs/zipslip
query.
- The
codeql/javascript-upgrades
CodeQL pack has been removed. All upgrades scripts have been merged into thecodeql/javascript-all
CodeQL pack.
- TypeScript 4.5 is now supported.