From 8b6f969cdb9b1a09ce4379ccadad1e2c9ca46677 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 29 May 2026 11:27:54 +0000 Subject: [PATCH] Release preparation for version 2.25.6 --- actions/ql/lib/CHANGELOG.md | 6 ++++++ .../0.4.37.md} | 9 +++++---- actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 19 +++++++++++++++++++ .../2026-05-05-untrusted-checkout-high.md | 4 ---- .../2026-05-12-sha256-pinned-actions.md | 4 ---- ...n-untrusted-checkout-improvements-alert.md | 4 ---- ...ntrusted-checkout-improvements-helpfile.md | 4 ---- ...ntrusted-checkout-improvements-metadata.md | 4 ---- .../ql/src/change-notes/released/0.6.29.md | 18 ++++++++++++++++++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 16 ++++++++++++++++ .../change-notes/2026-05-15-secure-scanf.md | 5 ----- .../change-notes/2026-05-16-alias-template.md | 4 ---- .../lib/change-notes/2026-05-18-alias-type.md | 4 ---- .../change-notes/2026-05-21-generated-from.md | 4 ---- cpp/ql/lib/change-notes/released/10.2.0.md | 15 +++++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.6.4.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.68.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.68.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 7 +++++++ .../2026-05-12-user-increment-decrement.md | 4 ---- .../6.0.2.md} | 8 +++++--- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.7.4.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.51.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/7.1.2.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.6.4.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 6 ++++++ .../9.1.2.md} | 7 ++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.11.4.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 ++++++ .../2.7.2.md} | 7 ++++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/2.3.11.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.51.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++++ .../7.1.2.md} | 7 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/1.8.4.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/5.2.2.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/1.6.4.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 6 ++++++ .../0.2.15.md} | 7 ++++--- rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 4 ++++ rust/ql/src/change-notes/released/0.1.36.md | 3 +++ rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 ++++ .../concepts/change-notes/released/0.0.25.md | 3 +++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.35.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/2.1.7.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.51.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 ++++ .../quantum/change-notes/released/0.0.29.md | 3 +++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.51.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.51.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/2.0.27.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.51.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.51.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.51.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../change-notes/released/0.0.32.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.35.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.51.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.38.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.51.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.51.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 10 ++++++++++ .../change-notes/2026-05-19-swift-6.3.2.md | 4 ---- .../6.7.0.md} | 11 ++++++++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.3.4.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 175 files changed, 455 insertions(+), 149 deletions(-) rename actions/ql/lib/change-notes/{2026-05-12-improved-alphanumeric-regex.md => released/0.4.37.md} (80%) delete mode 100644 actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md delete mode 100644 actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md delete mode 100644 actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md delete mode 100644 actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md delete mode 100644 actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md create mode 100644 actions/ql/src/change-notes/released/0.6.29.md delete mode 100644 cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md delete mode 100644 cpp/ql/lib/change-notes/2026-05-16-alias-template.md delete mode 100644 cpp/ql/lib/change-notes/2026-05-18-alias-type.md delete mode 100644 cpp/ql/lib/change-notes/2026-05-21-generated-from.md create mode 100644 cpp/ql/lib/change-notes/released/10.2.0.md create mode 100644 cpp/ql/src/change-notes/released/1.6.4.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md delete mode 100644 csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md rename csharp/ql/lib/change-notes/{2026-05-20-csharp14-dotnet10.md => released/6.0.2.md} (67%) create mode 100644 csharp/ql/src/change-notes/released/1.7.4.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.51.md create mode 100644 go/ql/lib/change-notes/released/7.1.2.md create mode 100644 go/ql/src/change-notes/released/1.6.4.md rename java/ql/lib/change-notes/{2026-05-19-avro-mads.md => released/9.1.2.md} (61%) create mode 100644 java/ql/src/change-notes/released/1.11.4.md rename javascript/ql/lib/change-notes/{2026-05-14-sensitive-data.md => released/2.7.2.md} (89%) create mode 100644 javascript/ql/src/change-notes/released/2.3.11.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.51.md rename python/ql/lib/change-notes/{2026-05-14-sensitive-data.md => released/7.1.2.md} (90%) create mode 100644 python/ql/src/change-notes/released/1.8.4.md create mode 100644 ruby/ql/lib/change-notes/released/5.2.2.md create mode 100644 ruby/ql/src/change-notes/released/1.6.4.md rename rust/ql/lib/change-notes/{2026-05-14-sensitive-data.md => released/0.2.15.md} (89%) create mode 100644 rust/ql/src/change-notes/released/0.1.36.md create mode 100644 shared/concepts/change-notes/released/0.0.25.md create mode 100644 shared/controlflow/change-notes/released/2.0.35.md create mode 100644 shared/dataflow/change-notes/released/2.1.7.md create mode 100644 shared/mad/change-notes/released/1.0.51.md create mode 100644 shared/quantum/change-notes/released/0.0.29.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.51.md create mode 100644 shared/regex/change-notes/released/1.0.51.md create mode 100644 shared/ssa/change-notes/released/2.0.27.md create mode 100644 shared/threat-models/change-notes/released/1.0.51.md create mode 100644 shared/tutorial/change-notes/released/1.0.51.md create mode 100644 shared/typeflow/change-notes/released/1.0.51.md create mode 100644 shared/typeinference/change-notes/released/0.0.32.md create mode 100644 shared/typetracking/change-notes/released/2.0.35.md create mode 100644 shared/typos/change-notes/released/1.0.51.md create mode 100644 shared/util/change-notes/released/2.0.38.md create mode 100644 shared/xml/change-notes/released/1.0.51.md create mode 100644 shared/yaml/change-notes/released/1.0.51.md delete mode 100644 swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md rename swift/ql/lib/change-notes/{2026-05-14-sensitive-data.md => released/6.7.0.md} (76%) create mode 100644 swift/ql/src/change-notes/released/1.3.4.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index ddd0b0f1aec..7a61a60c379 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.37 + +### Minor Analysis Improvements + +* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used. + ## 0.4.36 ### Minor Analysis Improvements diff --git a/actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md b/actions/ql/lib/change-notes/released/0.4.37.md similarity index 80% rename from actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md rename to actions/ql/lib/change-notes/released/0.4.37.md index df3aaf3613f..4809796b3ab 100644 --- a/actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md +++ b/actions/ql/lib/change-notes/released/0.4.37.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used. \ No newline at end of file +## 0.4.37 + +### Minor Analysis Improvements + +* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 45433e3ec03..df274514780 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.36 +lastReleaseVersion: 0.4.37 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index ae4a57aa944..71c9cadbf28 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.37-dev +version: 0.4.37 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 1670f0af5be..c37cd20761b 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,22 @@ +## 0.6.29 + +### Query Metadata Changes + +* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`. + +### Major Analysis Improvements + +* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query. + +### Minor Analysis Improvements + +* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`. +* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes. + +### Bug Fixes + +* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check. + ## 0.6.28 ### Query Metadata Changes diff --git a/actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md b/actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md deleted file mode 100644 index 098c60a3753..00000000000 --- a/actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md b/actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md deleted file mode 100644 index 521a5878c37..00000000000 --- a/actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes. diff --git a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md deleted file mode 100644 index f5ad3271a62..00000000000 --- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md deleted file mode 100644 index 83e6528c86b..00000000000 --- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md deleted file mode 100644 index 5df1f3347ea..00000000000 --- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`. \ No newline at end of file diff --git a/actions/ql/src/change-notes/released/0.6.29.md b/actions/ql/src/change-notes/released/0.6.29.md new file mode 100644 index 00000000000..82ca8174954 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.29.md @@ -0,0 +1,18 @@ +## 0.6.29 + +### Query Metadata Changes + +* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`. + +### Major Analysis Improvements + +* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query. + +### Minor Analysis Improvements + +* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`. +* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes. + +### Bug Fixes + +* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 90f3f09295a..e785984cacc 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.28 +lastReleaseVersion: 0.6.29 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 33ab175fb18..3615c08b583 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.29-dev +version: 0.6.29 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 3b95c10fbb5..0b3413f9d3c 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 10.2.0 + +### Deprecated APIs + +* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead. + +### New Features + +* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations. +* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations. + +### Minor Analysis Improvements + +* Added flow source models for `scanf_s` and related functions. +* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported. + ## 10.1.1 ### Minor Analysis Improvements diff --git a/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md b/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md deleted file mode 100644 index 0b8d5a79a72..00000000000 --- a/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow source models for `scanf_s` and related functions. -* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-05-16-alias-template.md b/cpp/ql/lib/change-notes/2026-05-16-alias-template.md deleted file mode 100644 index 2777da94abf..00000000000 --- a/cpp/ql/lib/change-notes/2026-05-16-alias-template.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations. diff --git a/cpp/ql/lib/change-notes/2026-05-18-alias-type.md b/cpp/ql/lib/change-notes/2026-05-18-alias-type.md deleted file mode 100644 index b744dd2fa95..00000000000 --- a/cpp/ql/lib/change-notes/2026-05-18-alias-type.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead. diff --git a/cpp/ql/lib/change-notes/2026-05-21-generated-from.md b/cpp/ql/lib/change-notes/2026-05-21-generated-from.md deleted file mode 100644 index bf3ddcb1070..00000000000 --- a/cpp/ql/lib/change-notes/2026-05-21-generated-from.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations. diff --git a/cpp/ql/lib/change-notes/released/10.2.0.md b/cpp/ql/lib/change-notes/released/10.2.0.md new file mode 100644 index 00000000000..cb514b82cbb --- /dev/null +++ b/cpp/ql/lib/change-notes/released/10.2.0.md @@ -0,0 +1,15 @@ +## 10.2.0 + +### Deprecated APIs + +* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead. + +### New Features + +* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations. +* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations. + +### Minor Analysis Improvements + +* Added flow source models for `scanf_s` and related functions. +* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 940a668bbf3..a230efed2a4 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 10.1.1 +lastReleaseVersion: 10.2.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index bca102a1048..04ee2d76ae9 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 10.1.2-dev +version: 10.2.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 901d2092283..e8a2af1383c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/released/1.6.4.md b/cpp/ql/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 74055b4cf11..4915f969278 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.6.4-dev +version: 1.6.4 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index eefb35f174a..3ceb4374a77 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.68 + +No user-facing changes. + ## 1.7.67 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md new file mode 100644 index 00000000000..774ffcebdfe --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md @@ -0,0 +1,3 @@ +## 1.7.68 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 0293fdade8f..f737dfa0972 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.67 +lastReleaseVersion: 1.7.68 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 659dd5b0038..1de44f9e1d8 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.68-dev +version: 1.7.68 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index eefb35f174a..3ceb4374a77 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.68 + +No user-facing changes. + ## 1.7.67 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md new file mode 100644 index 00000000000..774ffcebdfe --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md @@ -0,0 +1,3 @@ +## 1.7.68 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 0293fdade8f..f737dfa0972 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.67 +lastReleaseVersion: 1.7.68 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index c7f243d86f0..e99c5a26b32 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.68-dev +version: 1.7.68 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 17fd83bcda7..a45a993832e 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 6.0.2 + +### Minor Analysis Improvements + +* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime. +* C# 14: Added support for user-defined instance increment/decrement operators. + ## 6.0.1 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md b/csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md deleted file mode 100644 index a840fdf4fe3..00000000000 --- a/csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 14: Added support for user-defined instance increment/decrement operators. diff --git a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md b/csharp/ql/lib/change-notes/released/6.0.2.md similarity index 67% rename from csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md rename to csharp/ql/lib/change-notes/released/6.0.2.md index 84e3833860a..ea98fb2257e 100644 --- a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md +++ b/csharp/ql/lib/change-notes/released/6.0.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 6.0.2 + +### Minor Analysis Improvements + * Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime. +* C# 14: Added support for user-defined instance increment/decrement operators. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index d1f3c68c812..70437ec53b8 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.0.1 +lastReleaseVersion: 6.0.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index b3a0dab7303..0745dfdd527 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 6.0.2-dev +version: 6.0.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 8c4388fe2bb..5c196df3614 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.4 + +No user-facing changes. + ## 1.7.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.7.4.md b/csharp/ql/src/change-notes/released/1.7.4.md new file mode 100644 index 00000000000..801ed5f5e71 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.7.4.md @@ -0,0 +1,3 @@ +## 1.7.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 9f9661b1e77..f4f3a4d5120 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.3 +lastReleaseVersion: 1.7.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index bfb1852bacb..d9269a9fd1b 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.7.4-dev +version: 1.7.4 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 512a5732ccd..14258018aea 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.51.md b/go/ql/consistency-queries/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 4c65036e5cf..c07260f76da 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.51-dev +version: 1.0.51 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 54afc3a977b..0d5738ad029 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 7.1.2 + +No user-facing changes. + ## 7.1.1 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/7.1.2.md b/go/ql/lib/change-notes/released/7.1.2.md new file mode 100644 index 00000000000..d55cf91e249 --- /dev/null +++ b/go/ql/lib/change-notes/released/7.1.2.md @@ -0,0 +1,3 @@ +## 7.1.2 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 8e970df6cae..547681cc440 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.1 +lastReleaseVersion: 7.1.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index f12cd33e5e0..8a9a9624de5 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.1.2-dev +version: 7.1.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 84d9ae7de59..c58883ee3c2 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.6.4.md b/go/ql/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/go/ql/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 40ad8f32001..601e81ea035 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.6.4-dev +version: 1.6.4 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index a6c0cfc278a..2e702064d7f 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 9.1.2 + +### Minor Analysis Improvements + +* Added LLM-generated source and sink models for `org.apache.avro`. + ## 9.1.1 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2026-05-19-avro-mads.md b/java/ql/lib/change-notes/released/9.1.2.md similarity index 61% rename from java/ql/lib/change-notes/2026-05-19-avro-mads.md rename to java/ql/lib/change-notes/released/9.1.2.md index 43368b098b1..c10b69f0fe9 100644 --- a/java/ql/lib/change-notes/2026-05-19-avro-mads.md +++ b/java/ql/lib/change-notes/released/9.1.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 9.1.2 + +### Minor Analysis Improvements + * Added LLM-generated source and sink models for `org.apache.avro`. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 02e630d3384..1fd7d868f4e 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 9.1.1 +lastReleaseVersion: 9.1.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index aa9a2957362..561ef7db55c 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 9.1.2-dev +version: 9.1.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index fbbc339797b..e013e79ce9e 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.11.4 + +No user-facing changes. + ## 1.11.3 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/released/1.11.4.md b/java/ql/src/change-notes/released/1.11.4.md new file mode 100644 index 00000000000..3ebd37b0be7 --- /dev/null +++ b/java/ql/src/change-notes/released/1.11.4.md @@ -0,0 +1,3 @@ +## 1.11.4 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 220561dc648..813a925461f 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.11.3 +lastReleaseVersion: 1.11.4 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 2005542ba0d..cfd8dbc56c8 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.11.4-dev +version: 1.11.4 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index c201b3a4b13..6471aa3fe68 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 2.7.2 + +### Minor Analysis Improvements + +* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `js/clear-text-logging`) may find more correct results and fewer false positive results after these changes. + ## 2.7.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md b/javascript/ql/lib/change-notes/released/2.7.2.md similarity index 89% rename from javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md rename to javascript/ql/lib/change-notes/released/2.7.2.md index f6e6caed325..9d0eca2cb4e 100644 --- a/javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md +++ b/javascript/ql/lib/change-notes/released/2.7.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 2.7.2 + +### Minor Analysis Improvements + * The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `js/clear-text-logging`) may find more correct results and fewer false positive results after these changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 820fb65a5c7..5160df7b1b7 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.7.1 +lastReleaseVersion: 2.7.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 6e8e84b394d..6caebf91399 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.7.2-dev +version: 2.7.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 1a69291d145..b3a62befc5e 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.3.11 + +No user-facing changes. + ## 2.3.10 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.3.11.md b/javascript/ql/src/change-notes/released/2.3.11.md new file mode 100644 index 00000000000..31b11998b74 --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.11.md @@ -0,0 +1,3 @@ +## 2.3.11 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index a4a2f98d509..5ac091006e8 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.3.10 +lastReleaseVersion: 2.3.11 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index e58cb3d2d94..03a7153c05a 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.11-dev +version: 2.3.11 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 8e20945c6bf..8f96c9ba8dd 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.51.md b/misc/suite-helpers/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index fd00605cfd1..a6aeeb719fa 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.51-dev +version: 1.0.51 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 3d09821803b..3efb4e57482 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.1.2 + +### Minor Analysis Improvements + +* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `py/clear-text-logging-sensitive-data`) may find more correct results and less fewer positive results after these changes. + ## 7.1.1 No user-facing changes. diff --git a/python/ql/lib/change-notes/2026-05-14-sensitive-data.md b/python/ql/lib/change-notes/released/7.1.2.md similarity index 90% rename from python/ql/lib/change-notes/2026-05-14-sensitive-data.md rename to python/ql/lib/change-notes/released/7.1.2.md index 49754de35ce..523a14edfbe 100644 --- a/python/ql/lib/change-notes/2026-05-14-sensitive-data.md +++ b/python/ql/lib/change-notes/released/7.1.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 7.1.2 + +### Minor Analysis Improvements + * The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `py/clear-text-logging-sensitive-data`) may find more correct results and less fewer positive results after these changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 8e970df6cae..547681cc440 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.1 +lastReleaseVersion: 7.1.2 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 981ab78ff33..a53a716fbf0 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.1.2-dev +version: 7.1.2 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 544b9778d4d..27698f1d3df 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.8.4 + +No user-facing changes. + ## 1.8.3 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.8.4.md b/python/ql/src/change-notes/released/1.8.4.md new file mode 100644 index 00000000000..9aef6d10d1c --- /dev/null +++ b/python/ql/src/change-notes/released/1.8.4.md @@ -0,0 +1,3 @@ +## 1.8.4 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 8071ef421ab..f2a60cd1327 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.8.3 +lastReleaseVersion: 1.8.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 2fc026ff480..afa318334b6 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.8.4-dev +version: 1.8.4 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 07859d0f0e6..d26bfa6f205 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.2.2 + +No user-facing changes. + ## 5.2.1 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/5.2.2.md b/ruby/ql/lib/change-notes/released/5.2.2.md new file mode 100644 index 00000000000..22402d6e8fa --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.2.2.md @@ -0,0 +1,3 @@ +## 5.2.2 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 1684d0e72a2..e3b1b0c079d 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.2.1 +lastReleaseVersion: 5.2.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index df8efbe68de..b36aada4770 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.2.2-dev +version: 5.2.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index c874059c151..384ca633202 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.6.4.md b/ruby/ql/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b68d13e5908..e0c8c6b4c0c 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.6.4-dev +version: 1.6.4 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index d85d27d88d6..3651026d737 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.15 + +### Minor Analysis Improvements + +* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `rust/cleartext-logging`) may find more correct results and fewer false positive results after these changes. + ## 0.2.14 No user-facing changes. diff --git a/rust/ql/lib/change-notes/2026-05-14-sensitive-data.md b/rust/ql/lib/change-notes/released/0.2.15.md similarity index 89% rename from rust/ql/lib/change-notes/2026-05-14-sensitive-data.md rename to rust/ql/lib/change-notes/released/0.2.15.md index 5aa6febd49b..3644126ec1f 100644 --- a/rust/ql/lib/change-notes/2026-05-14-sensitive-data.md +++ b/rust/ql/lib/change-notes/released/0.2.15.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.2.15 + +### Minor Analysis Improvements + * The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `rust/cleartext-logging`) may find more correct results and fewer false positive results after these changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index c53820a76d5..0f574e080e4 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.14 +lastReleaseVersion: 0.2.15 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 062c2f4e635..49c4dddd4c6 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.15-dev +version: 0.2.15 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index ad1e8ef3bfe..4f4807ff82e 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.36 + +No user-facing changes. + ## 0.1.35 No user-facing changes. diff --git a/rust/ql/src/change-notes/released/0.1.36.md b/rust/ql/src/change-notes/released/0.1.36.md new file mode 100644 index 00000000000..8685189c564 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.36.md @@ -0,0 +1,3 @@ +## 0.1.36 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index 6a5806eec2b..270bd27a7aa 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.35 +lastReleaseVersion: 0.1.36 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 67966540de6..853aefb020d 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.36-dev +version: 0.1.36 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index e2de2975455..787779674f0 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.25 + +No user-facing changes. + ## 0.0.24 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.25.md b/shared/concepts/change-notes/released/0.0.25.md new file mode 100644 index 00000000000..e41a9acfa06 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.25.md @@ -0,0 +1,3 @@ +## 0.0.25 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index b956773a07f..6d0e80a50c3 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.24 +lastReleaseVersion: 0.0.25 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index c51537b2228..98ae75ca6ca 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.25-dev +version: 0.0.25 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index dc02f115c99..8ac7faf2554 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.35 + +No user-facing changes. + ## 2.0.34 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.35.md b/shared/controlflow/change-notes/released/2.0.35.md new file mode 100644 index 00000000000..526e1fc9f4c --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.35.md @@ -0,0 +1,3 @@ +## 2.0.35 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 339a3ce7c57..27eb8ef8ece 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.34 +lastReleaseVersion: 2.0.35 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index e33617ca4f0..a28d74ae749 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.35-dev +version: 2.0.35 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 7ecbeda3b21..b2cf75110ac 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.1.7 + +No user-facing changes. + ## 2.1.6 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.1.7.md b/shared/dataflow/change-notes/released/2.1.7.md new file mode 100644 index 00000000000..af7772169fe --- /dev/null +++ b/shared/dataflow/change-notes/released/2.1.7.md @@ -0,0 +1,3 @@ +## 2.1.7 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 1c810b60c4a..cfa57a47251 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.6 +lastReleaseVersion: 2.1.7 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 2058b35be64..6564305a246 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.1.7-dev +version: 2.1.7 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 964c1bb1d98..6619a18079c 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.51.md b/shared/mad/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index fb135546a90..c8d8eb47b4a 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 7153b9314b1..c8b656e4f35 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.29 + +No user-facing changes. + ## 0.0.28 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.29.md b/shared/quantum/change-notes/released/0.0.29.md new file mode 100644 index 00000000000..4428927c79d --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.29.md @@ -0,0 +1,3 @@ +## 0.0.29 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index 3462db7d348..c81f1813120 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.28 +lastReleaseVersion: 0.0.29 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 951cce392ae..a8d3a71823b 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.29-dev +version: 0.0.29 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index e2a893046c9..a400a91f8c9 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.51.md b/shared/rangeanalysis/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 41f319731b0..5ea1c83b182 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index bb83dfc0a1f..c4b7fc6e87f 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.51.md b/shared/regex/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 198bf43da04..3c01106e9b8 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index f9145f2c88b..9cfe68398b2 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.27 + +No user-facing changes. + ## 2.0.26 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.27.md b/shared/ssa/change-notes/released/2.0.27.md new file mode 100644 index 00000000000..639cf77090e --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.27.md @@ -0,0 +1,3 @@ +## 2.0.27 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 63d57bef481..a047558f018 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.26 +lastReleaseVersion: 2.0.27 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 5f8de945745..c10e0892660 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.27-dev +version: 2.0.27 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 512a5732ccd..14258018aea 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.51.md b/shared/threat-models/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index c3ac3656b3a..855242656c8 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.51-dev +version: 1.0.51 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index c98a035d149..9e78286a1a4 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.51.md b/shared/tutorial/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index e68fe7948ff..39bfd9cc21d 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index de43834a84e..e9334c9da8d 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.51.md b/shared/typeflow/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 482138349ac..f06ea443f79 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 3bbb96e59a9..24dc81f3aa2 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.32 + +No user-facing changes. + ## 0.0.31 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.32.md b/shared/typeinference/change-notes/released/0.0.32.md new file mode 100644 index 00000000000..c390443f09a --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.32.md @@ -0,0 +1,3 @@ +## 0.0.32 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index 54b504d06ec..714fcfc1828 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.31 +lastReleaseVersion: 0.0.32 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index d7dbeae2e09..ece5dd3b6e8 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.32-dev +version: 0.0.32 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 313862d5bc7..e9b5492b0d8 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.35 + +No user-facing changes. + ## 2.0.34 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.35.md b/shared/typetracking/change-notes/released/2.0.35.md new file mode 100644 index 00000000000..526e1fc9f4c --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.35.md @@ -0,0 +1,3 @@ +## 2.0.35 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 339a3ce7c57..27eb8ef8ece 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.34 +lastReleaseVersion: 2.0.35 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 891f8d0b1b1..bd874407aff 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.35-dev +version: 2.0.35 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 5838cd3c535..dbafbea9b98 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.51.md b/shared/typos/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b4705122b0a..9a2ed996444 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 24a4f7d09a2..df741ed9d73 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.38 + +No user-facing changes. + ## 2.0.37 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.38.md b/shared/util/change-notes/released/2.0.38.md new file mode 100644 index 00000000000..0fab2ede165 --- /dev/null +++ b/shared/util/change-notes/released/2.0.38.md @@ -0,0 +1,3 @@ +## 2.0.38 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 108259a7400..4ec9eb0980c 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.37 +lastReleaseVersion: 2.0.38 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 6190a3b4275..dc654fca261 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.38-dev +version: 2.0.38 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 96dfbcadf56..685a8032d64 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.51.md b/shared/xml/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index c8e51461dae..40cf2695728 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e006acbeb21..4f57ee07cfa 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.51 + +No user-facing changes. + ## 1.0.50 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.51.md b/shared/yaml/change-notes/released/1.0.51.md new file mode 100644 index 00000000000..b96d48b8822 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.51.md @@ -0,0 +1,3 @@ +## 1.0.51 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 856137cc5db..232dbe38ec8 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.50 +lastReleaseVersion: 1.0.51 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index c499501ab26..0b4fd245f3b 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.51-dev +version: 1.0.51 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 01461fd5bfe..1eb5afb48e7 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.7.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.3.2. + +### Minor Analysis Improvements + +* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `swift/cleartext-logging`) may find more correct results and fewer false positive results after these changes. + ## 6.6.0 ### New Features diff --git a/swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md b/swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md deleted file mode 100644 index 530b7187e7a..00000000000 --- a/swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Upgraded to allow analysis of Swift 6.3.2. diff --git a/swift/ql/lib/change-notes/2026-05-14-sensitive-data.md b/swift/ql/lib/change-notes/released/6.7.0.md similarity index 76% rename from swift/ql/lib/change-notes/2026-05-14-sensitive-data.md rename to swift/ql/lib/change-notes/released/6.7.0.md index 70e96a3469c..8d7bf41cc1d 100644 --- a/swift/ql/lib/change-notes/2026-05-14-sensitive-data.md +++ b/swift/ql/lib/change-notes/released/6.7.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 6.7.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.3.2. + +### Minor Analysis Improvements + * The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `swift/cleartext-logging`) may find more correct results and fewer false positive results after these changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 4d7f31f2d8e..55a13d309e5 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.6.0 +lastReleaseVersion: 6.7.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 5e2f7c2942d..f62f77afa0e 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.6.1-dev +version: 6.7.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 4bd8088718a..4e3b53c37b3 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.4 + +No user-facing changes. + ## 1.3.3 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.3.4.md b/swift/ql/src/change-notes/released/1.3.4.md new file mode 100644 index 00000000000..5073aca7222 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.3.4.md @@ -0,0 +1,3 @@ +## 1.3.4 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index eb1f7dabc84..8263ddf2c8b 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.3 +lastReleaseVersion: 1.3.4 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index da4df6ae6d9..05710b29874 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.3.4-dev +version: 1.3.4 groups: - swift - queries