Release preparation for version 2.13.0

2026-04-27 09:45:15 +02:00 · 2023-04-14 13:31:30 +00:00
parent 9169ddb9c1
commit 075d063370
142 changed files with 545 additions and 323 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.
+
+### Minor Analysis Improvements
+
+* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
+3.1 and 3.2.
+* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
+* Accesses of `params` in Sinatra applications are now recognised as HTTP input accesses.
+* Data flow is tracked from Sinatra route handlers to ERB files.
+* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
+
+### Bug Fixes
+
+* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
+
 ## 0.5.6

 No user-facing changes.
--- a/ruby/ql/lib/change-notes/2023-03-13-sinatra.md
+++ b/ruby/ql/lib/change-notes/2023-03-13-sinatra.md
@@ -1,6 +0,0 @@
---
- category: minorAnalysis
---
-* Accesses of `params` in Sinatra applications are now recognised as HTTP input accesses.
-* Data flow is tracked from Sinatra route handlers to ERB files.
-* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
--- a/ruby/ql/lib/change-notes/2023-03-16-cleartext-hash-flow.md
+++ b/ruby/ql/lib/change-notes/2023-03-16-cleartext-hash-flow.md
@@ -1,4 +0,0 @@
---
- category: minorAnalysis
---
-* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
--- a/ruby/ql/lib/change-notes/2023-03-21-evaluation-order.md
+++ b/ruby/ql/lib/change-notes/2023-03-21-evaluation-order.md
@@ -1,5 +0,0 @@
---
- category: minorAnalysis
---
-* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
-3.1 and 3.2.
--- a/ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md
+++ b/ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md
@@ -1,6 +0,0 @@
---
-category: deprecated
---
-* The recently introduced new data flow and taint tracking APIs have had a
-  number of module and predicate renamings. The old APIs remain in place for
-  now.
--- a/ruby/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md
+++ b/ruby/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
--- a/ruby/ql/lib/change-notes/released/0.6.0.md
+++ b/ruby/ql/lib/change-notes/released/0.6.0.md
@@ -0,0 +1,20 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.
+
+### Minor Analysis Improvements
+
+* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
+3.1 and 3.2.
+* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
+* Accesses of `params` in Sinatra applications are now recognised as HTTP input accesses.
+* Data flow is tracked from Sinatra route handlers to ERB files.
+* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
+
+### Bug Fixes
+
+* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.6
+lastReleaseVersion: 0.6.0
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.0-dev
+version: 0.6.0
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme