Release preparation for version 2.10.2

2026-04-27 17:55:19 +02:00 · 2022-07-28 13:38:35 +00:00
parent e43755b34f
commit 212786ed91
71 changed files with 141 additions and 72 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.2
+
+### Minor Analysis Improvements
+
+* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
+- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
+
 ## 0.3.1

 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2022-07-18-sqli-in-activerecord-relation-annotate.md
+++ b/ruby/ql/lib/change-notes/2022-07-18-sqli-in-activerecord-relation-annotate.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-
- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
--- a/ruby/ql/lib/change-notes/2022-07-19-arel.md
+++ b/ruby/ql/lib/change-notes/2022-07-19-arel.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
--- a/ruby/ql/lib/change-notes/released/0.3.2.md
+++ b/ruby/ql/lib/change-notes/released/0.3.2.md
@@ -0,0 +1,6 @@
+## 0.3.2
+
+### Minor Analysis Improvements
+
+* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
+- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.3.2-dev
+version: 0.3.2
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.1
+
+### New Queries
+
+* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
+* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
+
 ## 0.3.0

 ### Breaking Changes
--- a/ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
+++ b/ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
--- a/ruby/ql/src/change-notes/2022-07-21-weak-params.md
+++ b/ruby/ql/src/change-notes/2022-07-21-weak-params.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
--- a/ruby/ql/src/change-notes/released/0.3.1.md
+++ b/ruby/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1,6 @@
+## 0.3.1
+
+### New Queries
+
+* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
+* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - ruby
  - queries