From 2f96e32ec995fd8fecabd88c475f1a245a1fc3a4 Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Fri, 26 Sep 2025 10:08:31 +0100 Subject: [PATCH 1/3] Update 2.1.0.md --- javascript/ql/src/change-notes/released/2.1.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/change-notes/released/2.1.0.md b/javascript/ql/src/change-notes/released/2.1.0.md index e0ef5ddd6e15..6b5696816cff 100644 --- a/javascript/ql/src/change-notes/released/2.1.0.md +++ b/javascript/ql/src/change-notes/released/2.1.0.md @@ -10,4 +10,4 @@ * Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions. * Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test. * The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. -* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. +* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who submitted the original experimental query! From 09833e2541e36e678993b9fa613113dba0fac32f Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Fri, 26 Sep 2025 10:09:30 +0100 Subject: [PATCH 2/3] Update CHANGELOG for query promotion and acknowledgment Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor. --- javascript/ql/src/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 619bc14bf299..4067c050c2a1 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -10,7 +10,7 @@ * Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions. * Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test. * The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. -* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. +* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)! ## 2.0.3 From ba520c60d23a6e7bbd091eade91b5d6544525e41 Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Fri, 26 Sep 2025 10:11:03 +0100 Subject: [PATCH 3/3] Update 2.1.0.md --- javascript/ql/src/change-notes/released/2.1.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/change-notes/released/2.1.0.md b/javascript/ql/src/change-notes/released/2.1.0.md index 6b5696816cff..c95b5add20b7 100644 --- a/javascript/ql/src/change-notes/released/2.1.0.md +++ b/javascript/ql/src/change-notes/released/2.1.0.md @@ -10,4 +10,4 @@ * Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions. * Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test. * The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. -* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who submitted the original experimental query! +* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!