Skip to content

Releases: doyensec/electronegativity

v1.10.0 Release

07 Dec 10:31
Compare
Choose a tag to compare
  • New check for setWindowOpenHandler previously only included in ElectroNG, fixes #92
  • Fix the parserPlugins previously throwing an error if Electronegativity was used as a library #98
  • Update mocha dependency #100
  • New support for i18n, with Spanish and French as locales.

v1.9.1 Release

23 May 09:40
Compare
Choose a tag to compare
  • Improved SecurityWarningsDisabledJSONCheck and CustomArgumentsJSONCheck, closes #94
  • Added better docs for the eng-disable annotations for GlobalChecks
  • Upgraded most dependencies
  • Removed npm-shrinkwrap.json, closes #91

v1.9.0 Release

27 Mar 11:10
Compare
Choose a tag to compare
  • A new Github Action for the tool is available at doyensec/electronegativity-action to easily integrate Electronegativity in your continuous integration pipeline
  • Improved LimitNavigationGlobalCheck 6a8639e
  • Global checks can now be disabled using inline annotations #78
  • Dependencies upgrade dc2a6b2, 2dca108

v1.8.1 Release

10 Feb 11:24
Compare
Choose a tag to compare
  • Fix broken sarif export #80
  • Fix console output #81
  • Fix error code and unhandled promise #82

v1.8.0 Release

28 Jan 15:02
Compare
Choose a tag to compare
  • Allow inline annotations in source code to ignore a check (// eng-disable) #78
  • Introduce a new exclusion flag (-x) to exclude specific checks 1497db6
  • The verbose flag (-v) is now enabled by default, the checks descriptions will now be shown in the results table 733e44a
  • Add options for parser plugins (-p or --parser-plugins <plugins>) #76
  • Fix false positive for global navigation check in typescript #77
  • Upgrade npm dependencies

Thanks to @bchurchill for the last two PRs!

v1.7.0 Release

11 Sep 11:17
Compare
Choose a tag to compare
  • Don't require customScan when running programmatically #72
  • Don't fail in CSPGlobalCheck if CSP is invalid #68, 86fb1ed
  • Better Electron version detection #67
  • Consider Electron version and update checks according to new defaults (fixes #23, #58) #66
  • Update NodeIntegrationJSCheck to respect the default changes 3d1beb7
  • Pass webPreferences defaults to checkers 29a8627
  • Don't fail in version check if Electron version is unknown #65
    ...and other non-tracked issues

Thanks @baltpeter for the valuable contributions on this release! <3

v1.6.0 Release

08 May 13:12
b9048ec
Compare
Choose a tag to compare
  • Electronegativity now features a Node API-friendly function that can be used programmatically (thanks @baltpeter!) #59
const run = require('@doyensec/electronegativity')
// or: import run from '@doyensec/electronegativity';

run({
  // input (directory, .js, .html, .asar)
  input: '/path/to/electron/app',
  // save the results to a file in csv or sarif format (optional)
  output: '/path/for/output/file',
  // true to save output as sarif, false to save as csv (optional)
  isSarif: false,
  // only run the specified checks
  customScan: ['dangerousfunctionsjscheck', 'remotemodulejscheck'],
  // only return findings with the specified level of severity or above (optional)
  severitySet: 'high',
  // only return findings with the specified level of confidence or above (optional)
  confidenceSet: 'certain',
  // show relative path for files (optional)
  isRelative: false,
  // run Electron upgrade checks, eg -u 7..8 to check upgrade from Electron 7 to 8 (optional)
  electronUpgrade: '7..8'
})
    .then(result => console.log(result))
    .catch(err => console.error(err));

v1.5.2 Release

01 May 09:08
Compare
Choose a tag to compare
  • Add Electron upgrade checks to Electronegativity. The intention of this feature is for developers to discover the breaking changes that will affect them when they upgrade to a newer version of Electron. As it currently stands this feature will add checks for Electron versions 5-8. To use this feature a new argument -u or --upgrade has been added (thanks @jkleinsc!) #60
  • Add new Remote Module Check #57
  • Fix a dependency issue of Electronegativity preventing it from running properly #63
  • The Electron releases' file is now stored in the correct temporary path for every OS #54

v1.4.0 Release

29 Oct 17:36
Compare
Choose a tag to compare
  • This minor release includes several bug fixes for #56, #54, 81d48a8, and other non-tracked issues
  • Support for nodeintegrationinsubframes both for JS/HTML resources #52
  • Introduced of a global check called HTTP_RESOURCES_WITH_NODE_INTEGRATION_GLOBAL_CHECK to review the use of plain HTTP resources loaded in node-integrated contexts 71acdd8
  • Migrated to cli-table3, word wrapping in columns is now working correctly
  • Introduced the -v (--verbose) flag to display the issues' short description 6e14dc8

v1.3.2 Release

29 Jul 08:27
Compare
Choose a tag to compare
  • This patch release includes a fix for #53. Weak etags were occasionally returned by Github Raw CDN, breaking the syncing routine of the releases.json file. (0ed8287)