CodeQL 2.23.1 Expands Language Support

CodeQL, the static analysis engine for GitHub code scanning, has released version 2.23.1. This update introduces support for TypeScript 5.9 and Swift 6.1.3, among other enhancements.

In JavaScript and TypeScript, support for TypeScript 5.9 has been added. For Swift, projects using Swift 6.1.3 can now be analyzed.

Improvements and additions have been made to queries across several languages. In Java, the java/dereferenced-value-may-be-null query has been reimplemented to reduce false positives. The js/cors-permissive-configuration query in JavaScript and TypeScript has been promoted from experimental status to the default security suite, detecting misconfigurations of CORS HTTP headers that could lead to credential leaks.

Python queries such as py/missing-call-to-init, py/missing-calls-to-del, py/multiple-calls-to-init, and py/multiple-calls-to-del have been modernized for more precise results and clearer messages, with updated documentation. In C#, the cs/call-to-object-tostring query has been improved to suppress false positives for enum types.

For GitHub Actions, file coverage information is now displayed on the code scanning tool status page, enhancing the observability of analysis completeness. Every new version of CodeQL is automatically deployed to GitHub code scanning users on github.com. The new features in CodeQL 2.23.1 will also be included in a GitHub Enterprise Server (GHES) 3.20 release. Users of older GHES versions can manually upgrade their CodeQL version.