Merge pull request #1816 from felicity-semmle/1.22/js-finalize-change-notes

semmle-qlci · web-flow · commit e37751e36538 · 2019-08-24T14:52:41.000+01:00
Approved by asger-semmle
diff --git a/change-notes/1.22/analysis-javascript.md b/change-notes/1.22/analysis-javascript.md
@@ -16,7 +16,9 @@
 * Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts.
 
 * Taint tracking through object property names has been made more precise, resulting in fewer false positive results.
-  
+
+* Method calls are now resolved in more cases, due to improved class hierarchy analysis. This may produce more security alerts.
+
 ## New queries
 
 | **Query**                                                                 | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
@@ -28,14 +30,14 @@
 
 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
-| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |
-| Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. |
-| Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
-| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |
+| Conflicting HTML element attributes (`js/conflicting-html-attribute`) | No changes to results | Results are no longer shown on LGTM by default. |
+| Shift out of range (`js/shift-out-of-range`| Fewer false positive results | This rule now correctly handles BigInt shift operands. |
+| Superfluous trailing arguments (`js/superfluous-trailing-arguments`) | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
+| Undocumented parameter (`js/jsdoc/missing-parameter`) | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |
 
 ## Changes to QL libraries
 
-- The `getName()` predicate on functions and classes now gets a name
+- The `getName()` predicate on functions and classes now gets a name that is
   inferred from the context if the function or class was not declared with a name.
 - The two-argument and three-argument variants of `DataFlow::Configuration::isBarrier` and
   `TaintTracking::Configuration::isSanitizer` have been deprecated. Overriding them no
