codeql/javascript/old-change-notes/2021-03-01-ajv.md

lgtm,codescanning

• The security queries now recognize the effect of JSON schema validation, and highlights cases where this validation is susceptible to denial-of-service attacks. Affects the package ajv.
• A new query, js/resource-exhaustion-from-deep-object-traversal, has been added to the query suite, highlighting denial-of-service attacks exploiting operations that traverse deeply user-controlled objects.
• The js/xss-through-exception query now recognizes JSON schema validation errors as a source, as they may contain part of the input data.