Release preparation for version 2.23.7

actions/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.4.22
+
+No user-facing changes.
+
 ## 0.4.21
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.22.md

@@ -0,0 +1,3 @@
+## 0.4.22
+
+No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.21
+lastReleaseVersion: 0.4.22

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.22-dev
+version: 0.4.22
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.14
+
+No user-facing changes.
+
 ## 0.6.13
 
 No user-facing changes.

actions/ql/src/change-notes/released/0.6.14.md

@@ -0,0 +1,3 @@
+## 0.6.14
+
+No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.13
+lastReleaseVersion: 0.6.14

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.14-dev
+version: 0.6.14
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 6.1.1
+
+### Minor Analysis Improvements
+
+* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
+
 ## 6.1.0
 
 ### New Features

cpp/ql/lib/change-notes/released/6.1.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 6.1.1
+
+### Minor Analysis Improvements
+
 * The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.0
+lastReleaseVersion: 6.1.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.1-dev
+version: 6.1.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.5
+
+No user-facing changes.
+
 ## 1.5.4
 
 No user-facing changes.

cpp/ql/src/change-notes/released/1.5.5.md

@@ -0,0 +1,3 @@
+## 1.5.5
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.4
+lastReleaseVersion: 1.5.5

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.5-dev
+version: 1.5.5
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.53.md

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.53

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.53-dev
+version: 1.7.53
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.53.md

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.53

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.53-dev
+version: 1.7.53
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.
+
 ## 5.4.0
 
 ### Deprecated APIs

csharp/ql/lib/change-notes/2025-11-17-compiler-error-debug.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Compilation errors are now included in the debug log when using build-mode none.

csharp/ql/lib/change-notes/2025-11-17-dependencies-directory.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.

csharp/ql/lib/change-notes/2025-11-19-autobuilder-stability.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.

csharp/ql/lib/change-notes/released/5.4.1.md

@@ -0,0 +1,7 @@
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.0
+lastReleaseVersion: 5.4.1

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.4.1-dev
+version: 5.4.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.1
+
+No user-facing changes.
+
 ## 1.5.0
 
 ### New Queries

csharp/ql/src/change-notes/released/1.5.1.md

@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.0
+lastReleaseVersion: 1.5.1

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.5.1-dev
+version: 1.5.1
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.36
+
+No user-facing changes.
+
 ## 1.0.35
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.36.md

@@ -0,0 +1,3 @@
+## 1.0.36
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.35
+lastReleaseVersion: 1.0.36

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.36-dev
+version: 1.0.36
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 5.0.3
+
+No user-facing changes.
+
 ## 5.0.2
 
 ### Bug Fixes

go/ql/lib/change-notes/released/5.0.3.md

@@ -0,0 +1,3 @@
+## 5.0.3
+
+No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.2
+lastReleaseVersion: 5.0.3

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 5.0.3-dev
+version: 5.0.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
+* Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
+* Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.
+
 ## 1.4.9
 
 No user-facing changes.

go/ql/src/change-notes/2025-11-10-insecure-cookie.md

@@ -1,5 +0,0 @@
----
-category: newQuery
----
-* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
-* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.

go/ql/src/change-notes/released/1.5.0.md

@@ -1,5 +1,8 @@
----
-category: newQuery
----
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
 * Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
 * Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.9
+lastReleaseVersion: 1.5.0

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.10-dev
+version: 1.5.0
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 7.8.0
+
+### Deprecated APIs
+
+* The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.
+
 ## 7.7.4
 
 No user-facing changes.

java/ql/lib/change-notes/released/7.8.0.md

@@ -1,4 +1,5 @@
----
-category: deprecated
----
+## 7.8.0
+
+### Deprecated APIs
+
 * The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.7.4
+lastReleaseVersion: 7.8.0

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.7.5-dev
+version: 7.8.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.10.1
+
+### Minor Analysis Improvements
+
+* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
+
 ## 1.10.0
 
 ### Query Metadata Changes

java/ql/src/change-notes/released/1.10.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.10.1
+
+### Minor Analysis Improvements
+
 * Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.0
+lastReleaseVersion: 1.10.1

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.1-dev
+version: 1.10.1
 groups:
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 2.6.16
+
+### Minor Analysis Improvements
+
+- JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.
+
 ## 2.6.15
 
 No user-facing changes.

javascript/ql/lib/change-notes/released/2.6.16.md

@@ -1,5 +1,5 @@
----
-category: minorAnalysis
----
+## 2.6.16
+
+### Minor Analysis Improvements
 
 - JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.15
+lastReleaseVersion: 2.6.16

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.16-dev
+version: 2.6.16
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 2.2.1
+
+### Minor Analysis Improvements
+
+* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in the `app/pages` folder.
+
 ## 2.2.0
 
 ### Query Metadata Changes

javascript/ql/src/change-notes/released/2.2.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 2.2.1
+
+### Minor Analysis Improvements
+
 * Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in the `app/pages` folder.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.2.0
+lastReleaseVersion: 2.2.1

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.2.1-dev
+version: 2.2.1
 groups:
   - javascript
   - queries

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.36
+
+No user-facing changes.
+
 ## 1.0.35
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/1.0.36.md

@@ -0,0 +1,3 @@
+## 1.0.36
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.35
+lastReleaseVersion: 1.0.36

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.36-dev
+version: 1.0.36
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 5.0.1
+
+### Bug Fixes
+
+- Fixed a bug in the Python extractor's import handling where failing to find an import in `find_module` would cause a `KeyError` to be raised. (Contributed by @akoeplinger.)
+
 ## 5.0.0
 
 ### Breaking Changes

python/ql/lib/change-notes/released/5.0.1.md

@@ -1,5 +1,5 @@
----
-category: fix
----
+## 5.0.1
+
+### Bug Fixes
 
 - Fixed a bug in the Python extractor's import handling where failing to find an import in `find_module` would cause a `KeyError` to be raised. (Contributed by @akoeplinger.)

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.0
+lastReleaseVersion: 5.0.1

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 5.0.1-dev
+version: 5.0.1
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0
 
 ### Query Metadata Changes

python/ql/src/change-notes/released/1.7.1.md

@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.1

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.7.1-dev
+version: 1.7.1
 groups:
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 5.1.4
+
+No user-facing changes.
+
 ## 5.1.3
 
 No user-facing changes.

ruby/ql/lib/change-notes/released/5.1.4.md

@@ -0,0 +1,3 @@
+## 5.1.4
+
+No user-facing changes.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.3
+lastReleaseVersion: 5.1.4

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 5.1.4-dev
+version: 5.1.4
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.1
+
+No user-facing changes.
+
 ## 1.5.0
 
 ### Query Metadata Changes

ruby/ql/src/change-notes/released/1.5.1.md

@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.0
+lastReleaseVersion: 1.5.1

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.5.1-dev
+version: 1.5.1
 groups:
   - ruby
   - queries

rust/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The type `DataFlow::Node` is now based directly on the AST instead of the CFG, which means that predicates like `asExpr()` return AST nodes instead of CFG nodes.
+
+### Minor Analysis Improvements
+
+* Added more detailed models for `std::fs` and `std::path`.
+
 ## 0.1.20
 
 ### Minor Analysis Improvements

rust/ql/lib/change-notes/2025-11-19-dataflow-ast.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* The type `DataFlow::Node` is now based directly on the AST instead of the CFG, which means that predicates like `asExpr()` return AST nodes instead of CFG nodes.

rust/ql/lib/change-notes/2025-11-21-fs.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added more detailed models for `std::fs` and `std::path`.

rust/ql/lib/change-notes/released/0.2.0.md

@@ -0,0 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The type `DataFlow::Node` is now based directly on the AST instead of the CFG, which means that predicates like `asExpr()` return AST nodes instead of CFG nodes.
+
+### Minor Analysis Improvements
+
+* Added more detailed models for `std::fs` and `std::path`.

rust/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.20
+lastReleaseVersion: 0.2.0

rust/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.1.21-dev
+version: 0.2.0
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme

rust/ql/src/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 0.1.21
+
+### New Queries
+
+* Added a new query `rust/xss`, to detect cross-site scripting security vulnerabilities.
+* Added a new query `rust/disabled-certificate-check`, to detect disabled TLS certificate checks.
+* Added three example queries (`rust/examples/empty-if`, `rust/examples/simple-sql-injection` and `rust/examples/simple-constant-password`) to help developers learn to write CodeQL queries for Rust.
+
+### Minor Analysis Improvements
+
+* The `rust/access-invalid-pointer` query has been improved with new flow sources and barriers.
+
 ## 0.1.20
 
 ### Minor Analysis Improvements

rust/ql/src/change-notes/2025-11-07-example-queries.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added three example queries (`rust/examples/empty-if`, `rust/examples/simple-sql-injection` and `rust/examples/simple-constant-password`) to help developers learn to write CodeQL queries for Rust.

rust/ql/src/change-notes/2025-11-12-disabled-certificate-check.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added a new query `rust/disabled-certificate-check`, to detect disabled TLS certificate checks.

rust/ql/src/change-notes/2025-11-17-access-invalid-pointer.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The `rust/access-invalid-pointer` query has been improved with new flow sources and barriers.

rust/ql/src/change-notes/2025-11-24-xss-query.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added a new query `rust/xss`, to detect cross-site scripting security vulnerabilities.

rust/ql/src/change-notes/released/0.1.21.md

@@ -0,0 +1,11 @@
+## 0.1.21
+
+### New Queries
+
+* Added a new query `rust/xss`, to detect cross-site scripting security vulnerabilities.
+* Added a new query `rust/disabled-certificate-check`, to detect disabled TLS certificate checks.
+* Added three example queries (`rust/examples/empty-if`, `rust/examples/simple-sql-injection` and `rust/examples/simple-constant-password`) to help developers learn to write CodeQL queries for Rust.
+
+### Minor Analysis Improvements
+
+* The `rust/access-invalid-pointer` query has been improved with new flow sources and barriers.

rust/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.20
+lastReleaseVersion: 0.1.21

rust/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-queries
-version: 0.1.21-dev
+version: 0.1.21
 groups:
   - rust
   - queries

shared/concepts/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.10
+
+No user-facing changes.
+
 ## 0.0.9
 
 No user-facing changes.

shared/concepts/change-notes/released/0.0.10.md

@@ -0,0 +1,3 @@
+## 0.0.10
+
+No user-facing changes.