Release preparation for version 2.23.1

2025-12-16 16:53:25 +01:00 · 2025-09-16 14:14:42 +00:00
parent 7670a2bd77
commit 02a1b1efcb
182 changed files with 500 additions and 189 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 2.6.11
+
+### Minor Analysis Improvements
+
+* Added modeling for promisification libraries `@gar/promisify`, `es6-promisify`, `util.promisify`, `thenify-all`, `call-me-maybe`, `@google-cloud/promisify`, and `util-promisify`.
+* Data flow is now tracked through promisified user-defined functions. 
+
 ## 2.6.10

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-09-15-promisifications.md
+++ b/javascript/ql/lib/change-notes/2025-09-15-promisifications.md
@@ -1,5 +1,6 @@
---
-category: minorAnalysis
---
+## 2.6.11
+
+### Minor Analysis Improvements
+
 * Added modeling for promisification libraries `@gar/promisify`, `es6-promisify`, `util.promisify`, `thenify-all`, `call-me-maybe`, `@google-cloud/promisify`, and `util-promisify`.
 * Data flow is now tracked through promisified user-defined functions. 
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.10
+lastReleaseVersion: 2.6.11
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.11-dev
+version: 2.6.11
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 2.1.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.9
+* Added support for `import defer` syntax in JavaScript and TypeScript.
+
+### Minor Analysis Improvements
+
+* Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
+* Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
+* The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. 
+* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
+
 ## 2.0.3

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2025-07-31-cors-move-out-of-experimental.md
+++ b/javascript/ql/src/change-notes/2025-07-31-cors-move-out-of-experimental.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
--- a/javascript/ql/src/change-notes/2025-08-27-remote-property-injection-update.md
+++ b/javascript/ql/src/change-notes/2025-08-27-remote-property-injection-update.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. 
--- a/javascript/ql/src/change-notes/2025-09-05-typescript-5.9.md
+++ b/javascript/ql/src/change-notes/2025-09-05-typescript-5.9.md
@@ -1,5 +0,0 @@
---
-category: majorAnalysis
---
-* Added support for TypeScript 5.9
-* Added support for `import defer` syntax in JavaScript and TypeScript.
--- a/javascript/ql/src/change-notes/2025-09-12-off-by-one.md
+++ b/javascript/ql/src/change-notes/2025-09-12-off-by-one.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
--- a/javascript/ql/src/change-notes/2025-09-16-promise-try-array-with.md
+++ b/javascript/ql/src/change-notes/2025-09-16-promise-try-array-with.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
--- a/javascript/ql/src/change-notes/released/2.1.0.md
+++ b/javascript/ql/src/change-notes/released/2.1.0.md
@@ -0,0 +1,13 @@
+## 2.1.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.9
+* Added support for `import defer` syntax in JavaScript and TypeScript.
+
+### Minor Analysis Improvements
+
+* Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
+* Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
+* The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. 
+* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.3
+lastReleaseVersion: 2.1.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.0.4-dev
+version: 2.1.0
 groups:
  - javascript
  - queries