diff --git a/change-notes/1.22/analysis-javascript.md b/change-notes/1.22/analysis-javascript.md index 98f531c143ab..861258829c32 100644 --- a/change-notes/1.22/analysis-javascript.md +++ b/change-notes/1.22/analysis-javascript.md @@ -16,7 +16,9 @@ * Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts. * Taint tracking through object property names has been made more precise, resulting in fewer false positive results. - + +* Method calls are now resolved in more cases, due to improved class hierarchy analysis. This may produce more security alerts. + ## New queries | **Query** | **Tags** | **Purpose** | @@ -28,14 +30,14 @@ | **Query** | **Expected impact** | **Change** | |--------------------------------|------------------------------|---------------------------------------------------------------------------| -| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. | -| Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. | -| Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. | -| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. | +| Conflicting HTML element attributes (`js/conflicting-html-attribute`) | No changes to results | Results are no longer shown on LGTM by default. | +| Shift out of range (`js/shift-out-of-range`| Fewer false positive results | This rule now correctly handles BigInt shift operands. | +| Superfluous trailing arguments (`js/superfluous-trailing-arguments`) | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. | +| Undocumented parameter (`js/jsdoc/missing-parameter`) | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. | ## Changes to QL libraries -- The `getName()` predicate on functions and classes now gets a name +- The `getName()` predicate on functions and classes now gets a name that is inferred from the context if the function or class was not declared with a name. - The two-argument and three-argument variants of `DataFlow::Configuration::isBarrier` and `TaintTracking::Configuration::isSanitizer` have been deprecated. Overriding them no