Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1

Post-release preparation for codeql-cli-2.9.1
2025-12-17 01:03:14 +01:00 · 2022-05-06 13:15:17 +01:00
parent ca2959cf37 1a25457178
commit 176e40f139
71 changed files with 182 additions and 100 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* More Windows pool allocation functions are now detected as `AllocationFunction`s.
+* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
+
 ## 0.1.0

 ### Breaking Changes
--- a/cpp/ql/lib/change-notes/2022-04-22-no-size-array.md
+++ b/cpp/ql/lib/change-notes/2022-04-22-no-size-array.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
--- a/cpp/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/cpp/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/cpp/ql/lib/change-notes/2022-04-25-windows-pool-allocation-functions.md
+++ b/cpp/ql/lib/change-notes/2022-04-25-windows-pool-allocation-functions.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* More Windows pool allocation functions are now detected as `AllocationFunction`s.
--- a/cpp/ql/lib/change-notes/released/0.2.0.md
+++ b/cpp/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,10 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* More Windows pool allocation functions are now detected as `AllocationFunction`s.
+* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.1.1
+
+### New Queries
+
+* An new query `cpp/external-entity-expansion` has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
+
 ## 0.1.0

 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/2022-04-13-pexternal-entity-expansion.md
+++ b/cpp/ql/src/change-notes/2022-04-13-pexternal-entity-expansion.md
@@ -1,4 +1,5 @@
---
-category: newQuery
---
+## 0.1.1
+
+### New Queries
+
 * An new query `cpp/external-entity-expansion` has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.1.1
+
 ## 1.1.0

 ## 1.0.7
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.1.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.1.md
@@ -0,0 +1 @@
+## 1.1.1
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.1.1-dev
+version: 1.1.2-dev
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.1.1
+
 ## 1.1.0

 ## 1.0.7
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.1.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.1.md
@@ -0,0 +1 @@
+## 1.1.1
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.1.1-dev
+version: 1.1.2-dev
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
 ## 0.1.0

 ### Breaking Changes
--- a/csharp/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/csharp/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/csharp/ql/lib/change-notes/released/0.2.0.md
+++ b/csharp/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,5 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0

 ## 0.0.13
--- a/csharp/ql/src/change-notes/released/0.1.1.md
+++ b/csharp/ql/src/change-notes/released/0.1.1.md
@@ -0,0 +1 @@
+## 0.1.1
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - csharp
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
+
 ## 0.1.0

 ### Breaking Changes
--- a/java/ql/lib/change-notes/2022-03-28-JumpStmt-as-superclass.md
+++ b/java/ql/lib/change-notes/2022-03-28-JumpStmt-as-superclass.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
--- a/java/ql/lib/change-notes/2022-04-01-spring-models-improvements.md
+++ b/java/ql/lib/change-notes/2022-04-01-spring-models-improvements.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added data-flow models for the Spring Framework component `spring-beans`.
--- a/java/ql/lib/change-notes/2022-04-17-jms.md
+++ b/java/ql/lib/change-notes/2022-04-17-jms.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
- * Added flow sources and steps for JMS versions 1 and 2.
- * Added flow sources and steps for RabbitMQ.
- * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
--- a/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md
+++ b/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
--- a/java/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/java/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/java/ql/lib/change-notes/released/0.2.0.md
+++ b/java/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,17 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
+
 ## 0.1.0

 ### Query Metadata Changes
--- a/java/ql/src/change-notes/2022-04-26-insecure-cookie-named-constants.md
+++ b/java/ql/src/change-notes/2022-04-26-insecure-cookie-named-constants.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Query `java/insecure-cookie` no longer produces a false positive if 
-`cookie.setSecure(...)` is called passing a constant that always equals 
-`true`.
--- a/java/ql/src/change-notes/released/0.1.1.md
+++ b/java/ql/src/change-notes/released/0.1.1.md
@@ -0,0 +1,5 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0

 ### Bug Fixes
--- a/javascript/ql/lib/change-notes/released/0.1.1.md
+++ b/javascript/ql/lib/change-notes/released/0.1.1.md
@@ -0,0 +1 @@
+## 0.1.1
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* The call graph now deals more precisely with calls to accessors (getters and setters).
+  Previously, calls to static accessors were not resolved, and some method calls were
+  incorrectly seen as calls to an accessor. Both issues have been fixed.
+
 ## 0.1.0

 ### New Queries
--- a/javascript/ql/src/change-notes/2022-04-21-static-accessors.md
+++ b/javascript/ql/src/change-notes/2022-04-21-static-accessors.md
@@ -1,6 +1,7 @@
---
-category: minorAnalysis
---
+## 0.1.1
+
+### Minor Analysis Improvements
+
 * The call graph now deals more precisely with calls to accessors (getters and setters).
  Previously, calls to static accessors were not resolved, and some method calls were
  incorrectly seen as calls to an accessor. Both issues have been fixed.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - javascript
  - queries
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
 ## 0.1.0

 ### Breaking Changes
--- a/python/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/python/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/python/ql/lib/change-notes/released/0.2.0.md
+++ b/python/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,5 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0

 ## 0.0.13
--- a/python/ql/src/change-notes/released/0.1.1.md
+++ b/python/ql/src/change-notes/released/0.1.1.md
@@ -0,0 +1 @@
+## 0.1.1
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
 ## 0.1.0

 ### Breaking Changes
@@ -11,8 +17,8 @@

 ### Minor Analysis Improvements

-*  Whereas `ConstantValue::getString()` previously returned both string and regular-expression values, it now returns only string values. The same applies to `ConstantValue::isString(value)`.
-*  Regular-expression values can now be accessed with the new predicates `ConstantValue::getRegExp()`, `ConstantValue::isRegExp(value)`, and `ConstantValue::isRegExpWithFlags(value, flags)`.
+* Whereas `ConstantValue::getString()` previously returned both string and regular-expression values, it now returns only string values. The same applies to `ConstantValue::isString(value)`.
+* Regular-expression values can now be accessed with the new predicates `ConstantValue::getRegExp()`, `ConstantValue::isRegExp(value)`, and `ConstantValue::isRegExpWithFlags(value, flags)`.
 * The `ParseRegExp` and `RegExpTreeView` modules are now "internal" modules. Users should use `codeql.ruby.Regexp` instead.

 ## 0.0.13
--- a/ruby/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/ruby/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/ruby/ql/lib/change-notes/released/0.2.0.md
+++ b/ruby/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,5 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.1.1
+
+### New Queries
+
+* Added a new query, `rb/insecure-download`. The query finds cases where executables and other sensitive files are downloaded over an insecure connection, which may allow for man-in-the-middle attacks.
+* Added a new query, `rb/regex/missing-regexp-anchor`, which finds regular expressions which are improperly anchored. Validations using such expressions are at risk of being bypassed.
+* Added a new query, `rb/incomplete-sanitization`. The query finds string transformations that do not replace or escape all occurrences of a meta-character.
+
 ## 0.1.0

 ### New Queries
--- a/ruby/ql/src/change-notes/2022-04-13-incomplete-sanitization.md
+++ b/ruby/ql/src/change-notes/2022-04-13-incomplete-sanitization.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/incomplete-sanitization`. The query finds string transformations that do not replace or escape all occurrences of a meta-character.
--- a/ruby/ql/src/change-notes/2022-04-14-rb-insecure-download.md
+++ b/ruby/ql/src/change-notes/2022-04-14-rb-insecure-download.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/insecure-download`. The query finds cases where executables and other sensitive files are downloaded over an insecure connection, which may allow for man-in-the-middle attacks.
--- a/ruby/ql/src/change-notes/2022-04-14-rb-missing-regexp-anchor.md
+++ b/ruby/ql/src/change-notes/2022-04-14-rb-missing-regexp-anchor.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/regex/missing-regexp-anchor`, which finds regular expressions which are improperly anchored. Validations using such expressions are at risk of being bypassed.
--- a/ruby/ql/src/change-notes/released/0.1.1.md
+++ b/ruby/ql/src/change-notes/released/0.1.1.md
@@ -0,0 +1,7 @@
+## 0.1.1
+
+### New Queries
+
+* Added a new query, `rb/insecure-download`. The query finds cases where executables and other sensitive files are downloaded over an insecure connection, which may allow for man-in-the-middle attacks.
+* Added a new query, `rb/regex/missing-regexp-anchor`, which finds regular expressions which are improperly anchored. Validations using such expressions are at risk of being bypassed.
+* Added a new query, `rb/incomplete-sanitization`. The query finds string transformations that do not replace or escape all occurrences of a meta-character.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - ruby
  - queries