Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1

Post-release preparation for codeql-cli-2.9.1
2026-04-29 18:55:14 +02:00 · 2022-05-06 13:15:17 +01:00
parent ca2959cf37 1a25457178
commit 176e40f139
71 changed files with 182 additions and 100 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
+
 ## 0.1.0

 ### Breaking Changes
--- a/java/ql/lib/change-notes/2022-03-28-JumpStmt-as-superclass.md
+++ b/java/ql/lib/change-notes/2022-03-28-JumpStmt-as-superclass.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
--- a/java/ql/lib/change-notes/2022-04-01-spring-models-improvements.md
+++ b/java/ql/lib/change-notes/2022-04-01-spring-models-improvements.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added data-flow models for the Spring Framework component `spring-beans`.
--- a/java/ql/lib/change-notes/2022-04-17-jms.md
+++ b/java/ql/lib/change-notes/2022-04-17-jms.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
- * Added flow sources and steps for JMS versions 1 and 2.
- * Added flow sources and steps for RabbitMQ.
- * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
--- a/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md
+++ b/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
--- a/java/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
+++ b/java/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
--- a/java/ql/lib/change-notes/released/0.2.0.md
+++ b/java/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,17 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.1.1-dev
+version: 0.2.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
+
 ## 0.1.0

 ### Query Metadata Changes
--- a/java/ql/src/change-notes/2022-04-26-insecure-cookie-named-constants.md
+++ b/java/ql/src/change-notes/2022-04-26-insecure-cookie-named-constants.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Query `java/insecure-cookie` no longer produces a false positive if 
-`cookie.setSecure(...)` is called passing a constant that always equals 
-`true`.
--- a/java/ql/src/change-notes/released/0.1.1.md
+++ b/java/ql/src/change-notes/released/0.1.1.md
@@ -0,0 +1,5 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: 
  - java
  - queries