From 37151791b42a7f056ca636dc18c4e69605aa9ff7 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Thu, 9 Oct 2025 12:24:58 +0100
Subject: [PATCH] Add change notes

---
 ...-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md | 4 ++++
 .../2025-10-09-sanitize-simple-types-request-forgery.md       | 4 ++++
 2 files changed, 8 insertions(+)
 create mode 100644 go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md
 create mode 100644 go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md

diff --git a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md
new file mode 100644
index 00000000000..647d9a4332c
--- /dev/null
+++ b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead.
diff --git a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md
new file mode 100644
index 00000000000..1bbf8c7f88a
--- /dev/null
+++ b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean.