- The
analysis/AlertSuppression.qlquery has moved to the root folder. Users that refer to this query by path should update their configurations. The query has been updated to support the new# codeql[query-id]supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy# lgtmand# lgtm[query-id]comments can now also be placed on the line before an alert. - Bumped the minimum keysize we consider secure for elliptic curve cryptography from 224 to 256 bits, following current best practices. This might effect results from the Use of weak cryptographic key (
py/weak-crypto-key) query. - Added modeling of
getpass.getpassas a source of passwords, which will be an additional source forpy/clear-text-logging-sensitive-data,py/clear-text-storage-sensitive-data, andpy/weak-sensitive-data-hashing.