Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2

Post-release preparation for codeql-cli-2.9.2
2026-05-01 11:45:14 +02:00 · 2022-05-17 10:01:37 +01:00
parent 3b07fe70a1 b7cbd8fd75
commit 1280d43e36
75 changed files with 269 additions and 130 deletions
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.3.0
+
+### Breaking Changes
+
+* The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
+
+### Minor Analysis Improvements
+
+* The modeling of `request.files` in Flask has been fixed, so we now properly handle assignments to local variables (such as `files = request.files; files['key'].filename`).
+* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
+
 ## 0.2.0

 ### Breaking Changes
--- a/python/ql/lib/change-notes/2022-03-29-add-taint-for-StringIO.md
+++ b/python/ql/lib/change-notes/2022-03-29-add-taint-for-StringIO.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
--- a/python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md
+++ b/python/ql/lib/change-notes/2022-04-20-export-python-under-DataFlow.md
@@ -1,4 +0,0 @@
---
- category: breaking
---
- * The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
--- a/python/ql/lib/change-notes/2022-05-02-flask-request-files-modeling.md
+++ b/python/ql/lib/change-notes/2022-05-02-flask-request-files-modeling.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-The modeling of `request.files` in Flask has been fixed, so we now properly handle
-assignments to local variables (such as `files = request.files; files['key'].filename`).
--- a/python/ql/lib/change-notes/released/0.3.0.md
+++ b/python/ql/lib/change-notes/released/0.3.0.md
@@ -0,0 +1,10 @@
+## 0.3.0
+
+### Breaking Changes
+
+* The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
+
+### Minor Analysis Improvements
+
+* The modeling of `request.files` in Flask has been fixed, so we now properly handle assignments to local variables (such as `files = request.files; files['key'].filename`).
+* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.0
+lastReleaseVersion: 0.3.0
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.2.1-dev
+version: 0.3.1-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.1.2
+
+### New Queries
+
+* "XML external entity expansion" (`py/xxe`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
+* "XML internal entity expansion" (`py/xml-bomb`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
+* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
+
 ## 0.1.1

 ## 0.1.0
--- a/python/ql/src/change-notes/2022-03-24-csrf-protection.md
+++ b/python/ql/src/change-notes/2022-03-24-csrf-protection.md
@@ -1,4 +0,0 @@
---
- category: newQuery
---
-* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
--- a/python/ql/src/change-notes/2022-04-05-add-xxe-and-xmlbomb.md
+++ b/python/ql/src/change-notes/2022-04-05-add-xxe-and-xmlbomb.md
@@ -1,5 +1,7 @@
---
-category: newQuery
---
+## 0.1.2
+
+### New Queries
+
 * "XML external entity expansion" (`py/xxe`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
 * "XML internal entity expansion" (`py/xml-bomb`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
+* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.1
+lastReleaseVersion: 0.1.2
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.1.2-dev
+version: 0.1.3-dev
 groups: 
  - python
  - queries