3.0.0 (2024-04-10)
- requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
2.1.1 (2024-02-14)
2.1.0 (2023-12-15)
2.0.0 (2023-10-17)
- switch the recommended config to flat (#118)
1.7.1 (2023-02-02)
- false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
1.7.0 (2023-01-26)
1.6.0 (2023-01-11)
- Add meta object documentation for all rules (#79) (fb1d9ef)
- detect-bidi-characters rule (#95) (4294d29)
- detect-non-literal-fs-filename: change to track non-top-level
require()as well (#105) (d3b1543) - extend detect non literal fs filename (#92) (08ba476)
- non-literal-require: support template literals (#81) (208019b)
- Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
- Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
- detect-child-process: false positive for destructuring with
exec(#102) (657921a) - detect-child-process: false positives for destructuring
spawn(#103) (fdfe37d) - Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
- Fix avoid crash when exec() is passed no arguments Closes #82 with ref as #23
- Fix incorrect method name in detect-buffer-noassert Closes #63 and #80
- Clean up source code formatting Fixes #4 and closes #78
- Add release script Script
- Add non-literal require TemplateLiteral support #81
- Add meta object documentation for all rules #79
- Added Git pre-commit hook to format JS files Pre-commit hook
- Added yarn installation method
- Fix linting errors and step Lint errors, Lint step
- Create workflows Check commit message on pull requests, Set up ci on main branch
- Update test and lint commands to work cross-platform Commit
- Merge pull request #47 from pdehaan/add-docs Add old liftsecurity blog posts to docs/ folder
- Bumped up dependencies
- Added
package-lock.json - Fixed typos in README and documentation Replaced dead links in README
- 1.4.0
- Stuff and things for 1.4.0 beep boop 🤖
- Merge pull request #14 from travi/recommended-example Add recommended ruleset to the usage example
- Merge pull request #19 from pdehaan/add-changelog Add basic CHANGELOG.md file
- Merge pull request #17 from pdehaan/issue-16 Remove filename from error output
- Add basic CHANGELOG.md file
- Remove filename from error output
- Add recommended ruleset to the usage example for #9
- Merge pull request #10 from pdehaan/issue-9 Add 'plugin:security/recommended' config to plugin
- Merge pull request #12 from tupaschoal/patch-1 Fix broken link for detect-object-injection
- Fix broken link for detect-object-injection The current link leads to a 404 page, the new one is the proper page.
- Add 'plugin:security/recommended' config to plugin
- 1.3.0
- Merge branch 'scottnonnenberg-update-docs'
- Fix merge conflicts because I can't figure out how to accept pr's in the right order
- Merge pull request #7 from HamletDRC/patch-1 README.md - documentation detect-new-buffer rule
- Merge pull request #8 from HamletDRC/patch-2 README.md - document detect-disable-mustache-escape rule
- Merge pull request #3 from jesusprubio/master A bit of love
- README.md - document detect-disable-mustache-escape rule
- README.md - documentation detect-new-buffer rule
- Merge pull request #6 from mathieumg/csrf-bug
Fixed crash with
detect-no-csrf-before-method-overriderule - Fixed crash with
detect-no-csrf-before-method-overriderule. - Finishing last commit
- Style guide applied to all the code involving the tests
- Removing a repeated test and style changes
- ESLint added to the workflow
- Removed not needed variables
- Fix to a problem with a rule detected implementing the tests
- Test engine with tests for all the rules
- Minor typos
- A little bit of massage to readme intro
- Add additional information to README for each rule
- 1.2.0
- updated to check for new RegExp too
- 1.1.0
- adding eslint rule to detect new buffer hotspot
- updated desc
- rules disabled by default
- update links
- beep boop