v6.1.0

What's Changed

• docs: add banner and center badges with TML format by @fraxken in #85
• Add dependabot yml configuration by @fabnguess in #86
• chore(deps-dev): bump @slimio/is from 1.5.1 to 2.0.0 by @dependabot in #92
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #91
• chore(deps): bump actions/setup-node from 2 to 3 by @dependabot in #90
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #89
• chore(deps): bump github/codeql-action from 2.1.27 to 2.1.39 by @dependabot in #88
• chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #87
• chore(StepSecurity): Apply security best practices by @step-security-bot in #94
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #96
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.4 by @dependabot in #99
• ci: disable nsci warnings by @fraxken in #104
• Update dependabot frequency by @fabnguess in #102
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #103
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #101
• feat: add shady-link warning by @PierreDemailly in #105
• docs: add PierreDemailly as a contributor for code, and test by @allcontributors in #106
• fix(security): add missing workflow top level permissions by @fraxken in #107
• feat: add removeHTMLComments option by @fraxken in #114
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #110
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #112
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #113
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #111

New Contributors

• @fabnguess made their first contribution in #86
• @step-security-bot made their first contribution in #94

Full Changelog: v6.0.1...v6.1.0

v6.0.1

What's Changed

• fix: parsing-error because of unhandled syntax or null values by @fraxken in #84

Full Changelog: v6.0.0...v6.0.1

v6.0.0

What's Changed

• test: add isAssignmentExpression tests by @PierreDemailly in #48
• test: add isFunctionDeclaration tests by @PierreDemailly in #47
• [Snyk] Upgrade meriyah from 4.3.0 to 4.3.1 by @fraxken in #49
• test: add isBinaryExpression probe UT by @fraxken in #50
• test: add isRegexObject UT by @fraxken in #51
• test: add ut for isMemberExpression by @M4gie in #53
• refactor: use estree-ast-utils functions by @fraxken in #54
• [Snyk] Upgrade meriyah from 4.3.1 to 4.3.2 by @fraxken in #55
• test: add UT for isLiteralRegex probe by @fraxken in #56
• docs: add M4gie as a contributor for code by @allcontributors in #58
• refactor: use file urls in tests by @targos in #60
• [Snyk] Upgrade meriyah from 4.3.2 to 4.3.3 by @snyk-bot in #63
• refactor: implement new VariableTracer by @fraxken in #57
• chore(deps): bump json5 from 2.2.1 to 2.2.3 by @dependabot in #64
• fix(ASTDeps): depName.trim is not a function by @fraxken in #65
• docs: add targos as a contributor for code, and bug by @allcontributors in #66
• refactor: enhance parseScript to always support ESM by @fraxken in #67
• test(probes): implement isImportDeclaration by @fraxken in #68
• feat: adding new probes to improve short identifiers detection by @fraxken in #69
• Enhance security by @fraxken in #70
• test: add UT for isLiteral probe by @fraxken in #71
• test: implement isRequire probe UT and remove old/unused tests by @fraxken in #72
• test: add isArrayExpression probe by @fraxken in #73
• feat: add coverage with c8 by @fraxken in #74
• docs: update title and badges by @fraxken in #75
• test: add isUnaryExpression probe by @fraxken in #76
• test: add isVariableDeclaration probe by @fraxken in #77
• Enhance ut coverage by @fraxken in #78
• fix(dts): add missing .js extension by @fraxken in #79
• refactor: detect function parameters and handle isFunctionExpression by @fraxken in #81
• chore: update @nodesecure/sec-literal (1.1.0 to 1.2.0) by @fraxken in #82
• feat: add suspicious-file warning by @fraxken in #83

New Contributors

• @M4gie made their first contribution in #53
• @targos made their first contribution in #60
• @snyk-bot made their first contribution in #63
• @dependabot made their first contribution in #64

Full Changelog: v5.1.0...v6.0.0

v5.1.0

What's Changed

• test(probes): add ut for isObjectExpression probe (#24) by @PierreDemailly in #39
• docs: add PierreDemailly as a contributor for test by @allcontributors in #40
• Redefined Dependency Interface as required in @nodesecure/scanner by @Aekk0 in #43
• docs: add Aekk0 as a contributor for code by @allcontributors in #45
• fix: remove Node.js WG security disclosure by @fraxken in #46

New Contributors

• @PierreDemailly made their first contribution in #39
• @Aekk0 made their first contribution in #43

Full Changelog: v5.0.1...v5.1.0

v5.0.1

What's changed

• Add missing /types directory in the published npm tarball (package.json files whitelist).

Full Changelog: v5.0.0...v5.0.1

v5.0.0

What's Changed

Warning: Breaking changes with exported warnings and TS definitions.

• refactor: improve warnings usage and TS definitions by @fraxken in #38
• docs: fix unsafe regex title by @fraxken

Full Changelog: v4.5.0...v5.0.0

v4.5.0

What's Changed

• feat(warnings): add new severity property to warnings by @Mathieuka in #28
• Add tests around probes by @Kawacrepe in #29
• feat: detect weak crypto algorithm by @tony-go in #30
• chore: add few jsdoc to probes (with links to estree and code examples) by @fraxken in #34
• Documentation enhancement by @fraxken in #36
• chore(package): update devDependencies by @fraxken
• chore: add CONTRIBUTING.md file by @fraxken

---

• docs: add Kawacrepe as a contributor for code, test by @allcontributors in #31
• docs: add tony-go as a contributor for code, doc, test by @allcontributors in #33
• docs: add Mathieuka as a contributor for code by @allcontributors in #27

New Contributors

• @Kawacrepe made their first contribution in #29
• @tony-go made their first contribution in #30
• @fraxken made their first contribution in #34

Full Changelog: v4.4.0...v4.5.0

v4.4.0

What's Changed

• Enhance exported warnings to include i18n token by @Mathieuka in #23
• Update dependencies by @fraxken
• Fix npm audit issue for minimist by @fraxken

New Contributors

• @Mathieuka made their first contribution in #23

Full Changelog: v4.3.0...v4.4.0