JavaScript: Downgrade a few "error" rules to "warning".

For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.

Author: Max Schaefer

change-notes/1.19/analysis-javascript.md

@@ -35,10 +35,15 @@
 
 | **Query**                      | **Expected impact**        | **Change**                                   |
 |--------------------------------|----------------------------|----------------------------------------------|
+| Ambiguous HTML id attribute | Lower severity | The severity of this rule has been revised to "warning". |
 | Client side cross-site scripting | More results | This rule now also flags HTML injection in the body of an email. |
 | Client-side URL redirect | Fewer false-positive results | This rule now recognizes safe redirects in more cases. |
+| Conflicting HTML element attributes | Lower severity | The severity of this rule has been revised to "warning". |
+| Duplicate 'if' condition | Lower severity | The severity of this rule has been revised to "warning". |
+| Duplicate switch case | Lower severity | The severity of this rule has been revised to "warning". |
 | Information exposure through a stack trace | More results | This rule now also flags cases where the entire exception object (including the stack trace) may be exposed. |
 | Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
+| Missing variable declaration | Lower severity | The severity of this rule has been revised to "warning". |
 | Regular expression injection | Fewer false-positive results | This rule now identifies calls to `String.prototype.search` with more precision. |
 | Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
 | Self assignment | Fewer false-positive results | This rule now ignores self-assignments preceded by a JSDoc comment with a `@type` tag. |

javascript/ql/src/DOM/AmbiguousIdAttribute.ql

@@ -4,7 +4,7 @@
  *              same id attribute, it may be interpreted differently
  *              by different browsers.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id js/duplicate-html-id
  * @tags maintainability
  *       correctness

javascript/ql/src/DOM/ConflictingAttributes.ql

@@ -3,7 +3,7 @@
  * @description If an HTML element has two attributes with the same name
  *              but different values, its behavior may be browser-dependent.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id js/conflicting-html-attribute
  * @tags maintainability
  *       correctness

javascript/ql/src/Declarations/MissingVarDecl.ql

@@ -3,7 +3,7 @@
  * @description If a variable is not declared as a local variable, it becomes a global variable
  *              by default, which may be unintentional and could lead to unexpected behavior.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id js/missing-variable-declaration
  * @tags reliability
  *       maintainability

javascript/ql/src/Expressions/DuplicateCondition.ql

@@ -3,7 +3,7 @@
  * @description If two conditions in an 'if'-'else if' chain are identical, the
  *              second condition will never hold.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id js/duplicate-condition
  * @tags maintainability
  *       correctness

javascript/ql/src/Expressions/DuplicateSwitchCase.ql

@@ -3,7 +3,7 @@
  * @description If two cases in a switch statement have the same label, the second case
  *              will never be executed.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id js/duplicate-switch-case
  * @tags maintainability
  *       correctness