Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0

Post-release preparation for codeql-cli-2.15.0
2026-04-26 17:25:19 +02:00 · 2023-10-11 17:39:04 +01:00
parent a31f946d6f ae6af17c74
commit 1a370bfbbe
157 changed files with 447 additions and 238 deletions
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.9.0
+
+### New Queries
+
+* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
+
+### Minor Analysis Improvements
+
+* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
+* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
+
 ## 0.8.5

 No user-facing changes.
--- a/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md
+++ b/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
--- a/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md
+++ b/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
--- a/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md
+++ b/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
--- a/python/ql/src/change-notes/released/0.9.0.md
+++ b/python/ql/src/change-notes/released/0.9.0.md
@@ -0,0 +1,10 @@
+## 0.9.0
+
+### New Queries
+
+* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
+
+### Minor Analysis Improvements
+
+* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
+* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.9.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.0-dev
+version: 0.9.1-dev
 groups:
  - python
  - queries