Release preparation for version 2.18.2

2025-12-17 01:03:14 +01:00 · 2024-08-07 14:02:38 +00:00
parent eea9df894a
commit 019da8c287
163 changed files with 425 additions and 180 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,18 @@
 ## 1.4.0
 ### New Features
 * A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
 * An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
 * A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
 * A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
 ### Minor Analysis Improvements
 * The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
 * Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
 * A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
 ## 1.3.0
 ### New Features
--- a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md
+++ b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md
@@ -1,4 +0,0 @@
 ---
 category: feature
 ---
 * A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
--- a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md
+++ b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
--- a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md
+++ b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
--- a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md
+++ b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
--- a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md
+++ b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md
@@ -1,4 +0,0 @@
 ---
 category: feature
 ---
 * A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
--- a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md
+++ b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md
@@ -1,5 +0,0 @@
 ---
 category: feature
 ---
 * An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
 * A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
--- a/cpp/ql/lib/change-notes/released/1.4.0.md
+++ b/cpp/ql/lib/change-notes/released/1.4.0.md
@@ -0,0 +1,14 @@
 ## 1.4.0
 ### New Features
 * A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
 * An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
 * A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
 * A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
 ### Minor Analysis Improvements
 * The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
 * Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
 * A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.4.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 1.3.1-dev
+version: 1.4.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,16 @@
 ## 1.2.0
 ### Query Metadata Changes
 * The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
 ### Minor Analysis Improvements
 * Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
 * The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
 * The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
 * The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
 ## 1.1.0
 ### Query Metadata Changes
--- a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md
+++ b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md
@@ -1,4 +0,0 @@
 ---
 category: queryMetadata
 ---
 * The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
--- a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md
+++ b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
--- a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md
+++ b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
--- a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md
+++ b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
--- a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md
+++ b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
--- a/cpp/ql/src/change-notes/released/1.2.0.md
+++ b/cpp/ql/src/change-notes/released/1.2.0.md
@@ -0,0 +1,12 @@
 ## 1.2.0
 ### Query Metadata Changes
 * The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
 ### Minor Analysis Improvements
 * Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
 * The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
 * The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
 * The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.2.0
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.1.1-dev
+version: 1.2.0
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.22
 No user-facing changes.
 ## 1.7.21
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md
@@ -0,0 +1,3 @@
 ## 1.7.22
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.21
+lastReleaseVersion: 1.7.22
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.22-dev
+version: 1.7.22
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.22
 No user-facing changes.
 ## 1.7.21
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md
@@ -0,0 +1,3 @@
 ## 1.7.22
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.21
+lastReleaseVersion: 1.7.22
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.22-dev
+version: 1.7.22
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/csharp/ql/lib/change-notes/released/1.0.5.md
+++ b/csharp/ql/lib/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 1.0.5-dev
+version: 1.0.5
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/csharp/ql/src/change-notes/released/1.0.5.md
+++ b/csharp/ql/src/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.5-dev
+version: 1.0.5
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.5.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.5-dev
+version: 1.0.5
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.1.4
 No user-facing changes.
 ## 1.1.3
 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/released/1.1.4.md
+++ b/go/ql/lib/change-notes/released/1.1.4.md
@@ -0,0 +1,3 @@
 ## 1.1.4
 No user-facing changes.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.3
+lastReleaseVersion: 1.1.4
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 1.1.4-dev
+version: 1.1.4
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/go/ql/src/change-notes/released/1.0.5.md
+++ b/go/ql/src/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.0.5-dev
+version: 1.0.5
 groups:
  - go
  - queries
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/1.0.5.md
+++ b/java/ql/automodel/src/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 1.0.5-dev
+version: 1.0.5
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,23 @@
 ## 3.0.0
 ### Breaking Changes
 * The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
 ### New Features
 * Java support for `build-mode: none` is now out of beta, and generally available.
 ### Major Analysis Improvements
 * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
 ### Minor Analysis Improvements
 * Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
 * Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
 * Adds models for request handlers using the `org.lastaflute.web` web framework.
 ## 2.0.0
 ### Breaking Changes
--- a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md
+++ b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Adds models for request handlers using the `org.lastaflute.web` web framework.
--- a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md
+++ b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
--- a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md
+++ b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
--- a/java/ql/lib/change-notes/2024-07-25-env-vars.md
+++ b/java/ql/lib/change-notes/2024-07-25-env-vars.md
@@ -1,4 +0,0 @@
 ---
 category: breaking
 ---
 * The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
--- a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md
+++ b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md
@@ -1,4 +0,0 @@
 ---
 category: feature
 ---
 * Java support for `build-mode: none` is now out of beta, and generally available.
--- a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md
+++ b/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md
@@ -1,4 +1,19 @@
---
+## 3.0.0
-category: majorAnalysis
+
---
+### Breaking Changes
 * The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
 ### New Features
 * Java support for `build-mode: none` is now out of beta, and generally available.
 ### Major Analysis Improvements
 * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
 ### Minor Analysis Improvements
 * Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
 * Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
 * Adds models for request handlers using the `org.lastaflute.web` web framework.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.0
+lastReleaseVersion: 3.0.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 2.0.1-dev
+version: 3.0.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,12 @@
 ## 1.1.2
 ### Minor Analysis Improvements
 * Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
 * The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
 * Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
 * Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
 ## 1.1.1
 ### Minor Analysis Improvements
@@ -325,7 +334,7 @@ No user-facing changes.
 ### New Queries
 * Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
-* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
+* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
 ## 0.4.1
--- a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
+++ b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
--- a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md
+++ b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
--- a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md
+++ b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
--- a/java/ql/src/change-notes/2024-07-30-unused.md
+++ b/java/ql/src/change-notes/2024-07-30-unused.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
--- a/java/ql/src/change-notes/released/1.1.2.md
+++ b/java/ql/src/change-notes/released/1.1.2.md
@@ -0,0 +1,8 @@
 ## 1.1.2
 ### Minor Analysis Improvements
 * Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
 * The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
 * Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
 * Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.1
+lastReleaseVersion: 1.1.2
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.1.2-dev
+version: 1.1.2
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.1.2
 No user-facing changes.
 ## 1.1.1
 No user-facing changes.
--- a/javascript/ql/lib/change-notes/released/1.1.2.md
+++ b/javascript/ql/lib/change-notes/released/1.1.2.md
@@ -0,0 +1,3 @@
 ## 1.1.2
 No user-facing changes.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.1
+lastReleaseVersion: 1.1.2
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 1.1.2-dev
+version: 1.1.2
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.1.1
 No user-facing changes.
 ## 1.1.0
 ### New Queries
--- a/javascript/ql/src/change-notes/released/1.1.1.md
+++ b/javascript/ql/src/change-notes/released/1.1.1.md
@@ -0,0 +1,3 @@
 ## 1.1.1
 No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.1.1-dev
+version: 1.1.1
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.5.md
+++ b/misc/suite-helpers/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.5-dev
+version: 1.0.5
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.0.5
 ### Minor Analysis Improvements
 * Added support for `DictionaryElement[<key>]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/)
 ## 1.0.4
 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md
+++ b/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md
@@ -1,4 +1,5 @@
---
+## 1.0.5
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Added support for `DictionaryElement[<key>]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/)
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 1.0.5-dev
+version: 1.0.5
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
 ## 1.1.0
 ### New Queries
 * The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. 
 ### Minor Analysis Improvements
 * Added models of `streamlit` PyPI package.
 ## 1.0.4
 No user-facing changes.
--- a/python/ql/src/change-notes/2024-07-26-streamlit-models.md
+++ b/python/ql/src/change-notes/2024-07-26-streamlit-models.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added models of `streamlit` PyPI package.
--- a/python/ql/src/change-notes/2024-07-19-cookie-injection.md
+++ b/python/ql/src/change-notes/2024-07-19-cookie-injection.md
@@ -1,4 +1,9 @@
---
+## 1.1.0
-category: newQuery
+
---
+### New Queries
 * The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. 
 ### Minor Analysis Improvements
 * Added models of `streamlit` PyPI package.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.1.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.0.5-dev
+version: 1.1.0
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/ruby/ql/lib/change-notes/released/1.0.5.md
+++ b/ruby/ql/lib/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 1.0.5-dev
+version: 1.0.5
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.1.0
 ### New Queries
 * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm.
 ## 1.0.4
 No user-facing changes.
--- a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md
+++ b/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md
@@ -1,4 +1,5 @@
---
+## 1.1.0
-category: newQuery
+
---
+### New Queries
 * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.1.0
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.0.5-dev
+version: 1.1.0
 groups:
  - ruby
  - queries
--- a/shared/controlflow/CHANGELOG.md
+++ b/shared/controlflow/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.5
 No user-facing changes.
 ## 1.0.4
 No user-facing changes.
--- a/shared/controlflow/change-notes/released/1.0.5.md
+++ b/shared/controlflow/change-notes/released/1.0.5.md
@@ -0,0 +1,3 @@
 ## 1.0.5
 No user-facing changes.
--- a/shared/controlflow/codeql-pack.release.yml
+++ b/shared/controlflow/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.4
+lastReleaseVersion: 1.0.5
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 1.3.0`	`lastReleaseVersion: 1.4.0`