Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0

Post-release preparation for codeql-cli-2.11.0
2026-05-01 19:55:15 +02:00 · 2022-09-23 18:13:59 -04:00
parent 79c0178a7c 6cef0af5df
commit 3bd456e52d
129 changed files with 555 additions and 293 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,75 @@
+## 0.3.0
+
+### Breaking Changes
+
+* Many library models have been rewritten to use dataflow nodes instead of the AST.
+  The types of some classes have been changed, and these changes may break existing code.
+  Other classes and predicates have been renamed, in these cases the old name is still available as a deprecated feature.
+
+* The basetype of the following list of classes has changed from an expression to a dataflow node, and thus code using these classes might break. 
+  The fix to these breakages is usually to use `asExpr()` to get an expression from a dataflow node, or to use `.flow()` to get a dataflow node from an expression.  
+   - DOM.qll#WebStorageWrite
+   - CryptoLibraries.qll#CryptographicOperation
+   - Express.qll#Express::RequestBodyAccess
+   - HTTP.qll#HTTP::ResponseBody
+   - HTTP.qll#HTTP::CookieDefinition
+   - HTTP.qll#HTTP::ServerDefinition
+   - HTTP.qll#HTTP::RouteSetup
+   - NoSQL.qll#NoSql::Query
+   - SQL.qll#SQL::SqlString
+   - SQL.qll#SQL::SqlSanitizer
+   - HTTP.qll#ResponseBody
+   - HTTP.qll#CookieDefinition
+   - HTTP.qll#ServerDefinition
+   - HTTP.qll#RouteSetup
+   - HTTP.qll#HTTP::RedirectInvocation
+   - HTTP.qll#RedirectInvocation
+   - Express.qll#Express::RouterDefinition
+   - AngularJSCore.qll#LinkFunction
+   - Connect.qll#Connect::StandardRouteHandler
+   - CryptoLibraries.qll#CryptographicKeyCredentialsExpr
+   - AWS.qll#AWS::Credentials
+   - Azure.qll#Azure::Credentials
+   - Connect.qll#Connect::Credentials
+   - DigitalOcean.qll#DigitalOcean::Credentials
+   - Express.qll#Express::Credentials
+   - NodeJSLib.qll#NodeJSLib::Credentials
+   - PkgCloud.qll#PkgCloud::Credentials
+   - Request.qll#Request::Credentials
+   - ServiceDefinitions.qll#InjectableFunctionServiceRequest
+   - SensitiveActions.qll#SensitiveVariableAccess
+   - SensitiveActions.qll#CleartextPasswordExpr
+   - Connect.qll#Connect::ServerDefinition
+   - Restify.qll#Restify::ServerDefinition
+   - Connect.qll#Connect::RouteSetup
+   - Express.qll#Express::RouteSetup
+   - Fastify.qll#Fastify::RouteSetup
+   - Hapi.qll#Hapi::RouteSetup
+   - Koa.qll#Koa::RouteSetup
+   - Restify.qll#Restify::RouteSetup
+   - NodeJSLib.qll#NodeJSLib::RouteSetup
+   - Express.qll#Express::StandardRouteHandler
+   - Express.qll#Express::SetCookie
+   - Hapi.qll#Hapi::RouteHandler
+   - HTTP.qll#HTTP::Servers::StandardHeaderDefinition
+   - HTTP.qll#Servers::StandardHeaderDefinition
+   - Hapi.qll#Hapi::ServerDefinition
+   - Koa.qll#Koa::AppDefinition
+   - SensitiveActions.qll#SensitiveCall
+
+### Deprecated APIs
+
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.8.
+
+### Minor Analysis Improvements
+
+* A model for the `mermaid` library has been added. XSS queries can now detect flow through the `render` method of the `mermaid` library. 
+
 ## 0.2.5

 ## 0.2.4
--- a/javascript/ql/lib/change-notes/2022-05-24-typescript-4-8.md
+++ b/javascript/ql/lib/change-notes/2022-05-24-typescript-4-8.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Added support for TypeScript 4.8.
--- a/javascript/ql/lib/change-notes/2022-08-09-mermaid.md
+++ b/javascript/ql/lib/change-notes/2022-08-09-mermaid.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* A model for the `mermaid` library has been added. XSS queries can now detect flow through the `render` method of the `mermaid` library. 
--- a/javascript/ql/lib/change-notes/2022-09-12-uppercase.md
+++ b/javascript/ql/lib/change-notes/2022-09-12-uppercase.md
@@ -1,5 +0,0 @@
---
-category: deprecated
---
-* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
-  The old name still exists as a deprecated alias.
--- a/javascript/ql/lib/change-notes/2022-04-04-dataflow-models.md
+++ b/javascript/ql/lib/change-notes/2022-04-04-dataflow-models.md
@@ -1,6 +1,7 @@
---
-category: breaking
---
+## 0.3.0
+
+### Breaking Changes
+
 * Many library models have been rewritten to use dataflow nodes instead of the AST.
  The types of some classes have been changed, and these changes may break existing code.
  Other classes and predicates have been renamed, in these cases the old name is still available as a deprecated feature.
@@ -54,4 +55,17 @@ category: breaking
   - HTTP.qll#Servers::StandardHeaderDefinition
   - Hapi.qll#Hapi::ServerDefinition
   - Koa.qll#Koa::AppDefinition
-   - SensitiveActions.qll#SensitiveCall
+   - SensitiveActions.qll#SensitiveCall
+
+### Deprecated APIs
+
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.8.
+
+### Minor Analysis Improvements
+
+* A model for the `mermaid` library has been added. XSS queries can now detect flow through the `render` method of the `mermaid` library. 
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.5
+lastReleaseVersion: 0.3.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.3.0-dev
+version: 0.3.1-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript