Releases: SonarSource/SonarJS
Releases · SonarSource/SonarJS
7.0.1
Revert custom rule API removal
7.0.0
All rules rely on TypeScript parser.
6.7.0.14237
Update rule metadata (#2346)
6.6.0.13923
Many new rules related to cryptography (see MMF-1894 ) and many rules migrated to ESLint parser
6.5.0.13383
Update rule metadata (#2175)
SonarJS 6.2.2
Bugfix release:
- Fix potential security vulnerability where eslint-bridge component opens http server on all local interface (0.0.0.0) (SSF-122)
SonarJS 6.4.1
Bugfix release:
- Filtering out huge files is now applied only to JS/TS.
SonarJS 6.4
New rules:
- S2598: File uploads should be restricted (formidable)
- S4502: Disabling CSRF protection is security-sensitive
- S4507: Delivering code in production with debug features activated is security-sensitive
- S5689: Recovering fingerprints from web application technologies should not be possible
- S5691: Statically serving hidden files is security-sensitive
- S5693: Allowing requests with excessive content length is security-sensitive
Improved rules:
- S5122: now raised only when permissive CORS policy is obvious; Support for
corsmiddleware.
Deprecated rules:
Changes in the requirements:
- The plugin now requires Node.js 10
- The plugin no longer relies on user-provided TypeScript: TypeScript is now shipped with the analyzer.
- Support for solution-style
tsconfigs - Very large files are now excluded from analysis by default (property
sonar.javascript.maxFileSizecontrols the threshold)
6.3.0.12464
Hardening and bugfixes
Analyzer for JavaScript/TypeScript 6.2.1
Fix bug in SonarLint when analyzing JS file before TS file (#1680)