mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Release preparation for version 2.9.3
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,13 @@
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
9
cpp/ql/lib/change-notes/released/0.2.2.md
Normal file
9
cpp/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.2
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
6
cpp/ql/src/change-notes/released/0.1.3.md
Normal file
6
cpp/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 1.1.3
|
||||
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.2
|
||||
lastReleaseVersion: 1.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.1.3-dev
|
||||
version: 1.1.3
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 1.1.3
|
||||
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.2
|
||||
lastReleaseVersion: 1.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.1.3-dev
|
||||
version: 1.1.3
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.2.2
|
||||
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
1
csharp/ql/lib/change-notes/released/0.2.2.md
Normal file
1
csharp/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.2
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.2
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
1
csharp/ql/src/change-notes/released/0.1.3.md
Normal file
1
csharp/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Features
|
||||
|
||||
1
go/ql/lib/change-notes/released/0.1.3.md
Normal file
1
go/ql/lib/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
1
go/ql/src/change-notes/released/0.1.3.md
Normal file
1
go/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
### New Features
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
@@ -1,5 +1,10 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.2
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,17 @@
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/sensitive-log` has received several improvements.
|
||||
* It no longer considers usernames as sensitive information.
|
||||
* The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
|
||||
* A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Query Metadata Changes
|
||||
@@ -39,7 +53,7 @@ this respect.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
|
||||
## 0.0.11
|
||||
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
@@ -1,6 +1,12 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/sensitive-log` has received several improvements.
|
||||
* It no longer considers usernames as sensitive information.
|
||||
* The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,12 @@
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an
|
||||
attacker to execute arbitrary code in the workflow.
|
||||
The query previously existed an experimental query.
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
@@ -1,6 +1,8 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an
|
||||
attacker to execute arbitrary code in the workflow.
|
||||
The query previously existed an experimental query.
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.4.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used.
|
||||
|
||||
## 0.3.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 0.4.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.3.0
|
||||
lastReleaseVersion: 0.4.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 0.3.1-dev
|
||||
version: 0.4.0
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595).
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595).
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.2.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
Support for data flow through instance variables has been added.
|
||||
Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Support for data flow through instance variables has been added.
|
||||
10
ruby/ql/lib/change-notes/released/0.2.2.md
Normal file
10
ruby/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.2.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
Support for data flow through instance variables has been added.
|
||||
Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.2
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
1
ruby/ql/src/change-notes/released/0.1.3.md
Normal file
1
ruby/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
Reference in New Issue
Block a user