Release preparation for version 2.10.2

2025-12-16 16:53:25 +01:00 · 2022-07-28 13:38:35 +00:00
parent e43755b34f
commit 212786ed91
71 changed files with 141 additions and 72 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.3.2
+
+### Bug Fixes
+
+* Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.
+
 ## 0.3.1

 ### Minor Analysis Improvements
--- a/cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
+++ b/cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
@@ -1,4 +1,5 @@
---
-category: fix
---
+## 0.3.2
+
+### Bug Fixes
+
 * Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.3.2-dev
+version: 0.3.2
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.3.1
+
 ## 0.3.0

 ### Breaking Changes
--- a/cpp/ql/src/change-notes/released/0.3.1.md
+++ b/cpp/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1 @@
+## 0.3.1
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.2.2
+
 ## 1.2.1

 ## 1.2.0
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.2.2.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.2.2.md
@@ -0,0 +1 @@
+## 1.2.2
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.1
+lastReleaseVersion: 1.2.2
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.2.2-dev
+version: 1.2.2
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.2.2
+
 ## 1.2.1

 ## 1.2.0
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.2.2.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.2.2.md
@@ -0,0 +1 @@
+## 1.2.2
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.1
+lastReleaseVersion: 1.2.2
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.2.2-dev
+version: 1.2.2
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.3.2
+
 ## 0.3.1

 ## 0.3.0
--- a/csharp/ql/lib/change-notes/released/0.3.2.md
+++ b/csharp/ql/lib/change-notes/released/0.3.2.md
@@ -0,0 +1 @@
+## 0.3.2
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.3.2-dev
+version: 0.3.2
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.3.1
+
 ## 0.3.0

 ### Breaking Changes
--- a/csharp/ql/src/change-notes/released/0.3.1.md
+++ b/csharp/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1 @@
+## 0.3.1
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.2.2
+
 ## 0.2.1

 ## 0.2.0
--- a/go/ql/lib/change-notes/released/0.2.2.md
+++ b/go/ql/lib/change-notes/released/0.2.2.md
@@ -0,0 +1 @@
+## 0.2.2
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.2.2-dev
+version: 0.2.2
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.2.2
+
 ## 0.2.1

 ## 0.2.0
--- a/go/ql/src/change-notes/released/0.2.2.md
+++ b/go/ql/src/change-notes/released/0.2.2.md
@@ -0,0 +1 @@
+## 0.2.2
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.2.2-dev
+version: 0.2.2
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.3.2
+
+### New Features
+
+* The QL predicate `Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.
+
+### Minor Analysis Improvements
+
+* The JUnit5 version of `AssertNotNull` is now recognized, which removes
+  related false positives in the nullness queries.
+* Added data flow models for `java.util.Scanner`.
+
 ## 0.3.1

 ### New Features
--- a/java/ql/lib/change-notes/2022-05-12-get-underlying-expr.md
+++ b/java/ql/lib/change-notes/2022-05-12-get-underlying-expr.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* The QL predicate `Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.
--- a/java/ql/lib/change-notes/2022-07-26-scanner-models.md
+++ b/java/ql/lib/change-notes/2022-07-26-scanner-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added data flow models for `java.util.Scanner`.
--- a/java/ql/lib/change-notes/2022-07-27-nullness-junit5.md
+++ b/java/ql/lib/change-notes/2022-07-27-nullness-junit5.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The JUnit5 version of `AssertNotNull` is now recognized, which removes
-  related false positives in the nullness queries.
--- a/java/ql/lib/change-notes/released/0.3.2.md
+++ b/java/ql/lib/change-notes/released/0.3.2.md
@@ -0,0 +1,11 @@
+## 0.3.2
+
+### New Features
+
+* The QL predicate `Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.
+
+### Minor Analysis Improvements
+
+* The JUnit5 version of `AssertNotNull` is now recognized, which removes
+  related false positives in the nullness queries.
+* Added data flow models for `java.util.Scanner`.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.3.2-dev
+version: 0.3.2
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.3.1
+
 ## 0.3.0

 ### Breaking Changes
--- a/java/ql/src/change-notes/released/0.3.1.md
+++ b/java/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1 @@
+## 0.3.1
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.2.2
+
 ## 0.2.1

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/released/0.2.2.md
+++ b/javascript/ql/lib/change-notes/released/0.2.2.md
@@ -0,0 +1 @@
+## 0.2.2
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.2.2-dev
+version: 0.2.2
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.1
+
+### New Queries
+
+- A new query "Case-sensitive middleware path" (`js/case-sensitive-middleware-path`) has been added.
+  It highlights middleware routes that can be bypassed due to having a case-sensitive regular expression path.
+
 ## 0.3.0

 ### Breaking Changes
--- a/javascript/ql/src/change-notes/2022-06-27-case-sensitive-middleware.md
+++ b/javascript/ql/src/change-notes/2022-06-27-case-sensitive-middleware.md
@@ -1,6 +1,6 @@
---
-category: newQuery
---
+## 0.3.1
+
+### New Queries

 - A new query "Case-sensitive middleware path" (`js/case-sensitive-middleware-path`) has been added.
  It highlights middleware routes that can be bypassed due to having a case-sensitive regular expression path.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - javascript
  - queries
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.5.2
+
 ## 0.5.1

 ### Deprecated APIs
--- a/python/ql/lib/change-notes/released/0.5.2.md
+++ b/python/ql/lib/change-notes/released/0.5.2.md
@@ -0,0 +1 @@
+## 0.5.2
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.1
+lastReleaseVersion: 0.5.2
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.5.2-dev
+version: 0.5.2
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.0
+
+### Breaking Changes
+
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/python-all` package.
+
 ## 0.3.0

 ### Breaking Changes
--- a/python/ql/src/change-notes/2022-07-15-move-contextual-queries.md
+++ b/python/ql/src/change-notes/2022-07-15-move-contextual-queries.md
@@ -1,5 +1,5 @@
---
-category: breaking
---
-* Contextual queries and the query libraries they depend on have been moved to the `codeql/python-all` package.
+## 0.4.0

+### Breaking Changes
+
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/python-all` package.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.4.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.3.1-dev
+version: 0.4.0
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.2
+
+### Minor Analysis Improvements
+
+* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
+- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
+
 ## 0.3.1

 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2022-07-18-sqli-in-activerecord-relation-annotate.md
+++ b/ruby/ql/lib/change-notes/2022-07-18-sqli-in-activerecord-relation-annotate.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-
- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
--- a/ruby/ql/lib/change-notes/2022-07-19-arel.md
+++ b/ruby/ql/lib/change-notes/2022-07-19-arel.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
--- a/ruby/ql/lib/change-notes/released/0.3.2.md
+++ b/ruby/ql/lib/change-notes/released/0.3.2.md
@@ -0,0 +1,6 @@
+## 0.3.2
+
+### Minor Analysis Improvements
+
+* Calls to `Arel.sql` are now recognised as propagating taint from their argument.
+- Calls to `ActiveRecord::Relation#annotate` are now recognized as`SqlExecution`s so that it will be considered as a sink for queries like rb/sql-injection.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.3.2-dev
+version: 0.3.2
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.1
+
+### New Queries
+
+* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
+* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
+
 ## 0.3.0

 ### Breaking Changes
--- a/ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
+++ b/ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
--- a/ruby/ql/src/change-notes/2022-07-21-weak-params.md
+++ b/ruby/ql/src/change-notes/2022-07-21-weak-params.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
--- a/ruby/ql/src/change-notes/released/0.3.1.md
+++ b/ruby/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1,6 @@
+## 0.3.1
+
+### New Queries
+
+* Added a new experimental query, `rb/manually-checking-http-verb`, to detect cases when the HTTP verb for an incoming request is checked and then used as part of control flow.
+* Added a new experimental query, `rb/weak-params`, to detect cases when the rails strong parameters pattern isn't followed and values flow into persistent store writes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups: 
  - ruby
  - queries