- Added support for TypeScript 4.7.
- All new ECMAScript 2022 features are now supported.
- The
isLibaryFilepredicate fromClassifyFiles.qllhas been renamed toisLibraryFileto fix a typo.
- The
ReflectedXss,StoredXss,XssThroughDom, andExceptionXssmodules fromXss.qllhave been deprecated.
Use theCustomizations.qllfile belonging to the query instead.
- The cash library is now modelled as an alias for JQuery.
Sinks and sources from cash should now be handled by all XSS queries. - Added the
Selectionapi as a DOM text source in thejs/xss-through-domquery. - The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
- The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
- The following predicates on
API::Nodehave been changed so as not to include the receiver. The receiver should now only be accessed viagetReceiver().getParameter(int i)previously included the receiver wheni = -1getAParameter()previously included the receivergetLastParameter()previously included the receiver for calls with no arguments
- Some predicates from
DefUse.qll,DataFlow.qll,TaintTracking.qll,DOM.qll,Definitions.qllthat weren't used by any query have been deprecated. The documentation for each predicate points to an alternative. - Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
- Some modules that started with a lowercase letter have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
- All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
- Added support for TypeScript 4.6.
- Added sources from the
jsziplibrary to thejs/zipslipquery.
- The
codeql/javascript-upgradesCodeQL pack has been removed. All upgrades scripts have been merged into thecodeql/javascript-allCodeQL pack.
- TypeScript 4.5 is now supported.