Merge pull request #622 from github/post-release/v2.7.3

Post release/v2.7.3

external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml

@@ -0,0 +1,27 @@
+- description: Selectors for selecting the Code-Scanning-relevant queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    - alert
+    - path-alert
+    precision:
+    - high
+    - very-high
+    problem.severity:
+    - error
+    - warning
+    tags contain:
+    - security
+- include:
+    kind:
+    - diagnostic
+- include:
+    kind:
+    - metric
+    tags contain:
+    - summary
+- exclude:
+    deprecated: //
+- exclude:
+    query path: /^experimental\/.*/

external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml

@@ -0,0 +1,12 @@
+- description: Selectors for excluding queries that LGTM doesn't display by default
+- exclude:
+    kind:
+    - problem
+    - path-problem
+    precision: medium
+- exclude:
+    kind:
+    - problem
+    - path-problem
+    precision: high
+    problem.severity: recommendation

external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml

@@ -0,0 +1,25 @@
+- description: Selectors for selecting the LGTM-relevant queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision: medium
+    problem.severity:
+      - error
+      - warning
+- include:
+    kind:
+      - definitions
+      - alert-suppression
+      - file-classifier
+- exclude:
+    deprecated: //
+- exclude:
+    query path: /^experimental\/.*/

external-packs/codeql/suite-helpers/0.0.2/qlpack.yml

@@ -0,0 +1,3 @@
+name: codeql/suite-helpers
+version: 0.0.2
+library: true

external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml

@@ -0,0 +1,29 @@
+- description: Selectors for selecting the security-and-quality queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision: medium
+    problem.severity:
+      - error
+      - warning
+- include:
+    kind:
+    - diagnostic
+- include:
+    kind:
+    - metric
+    tags contain:
+    - summary
+- exclude:
+    deprecated: //
+- exclude:
+    query path: /^experimental\/.*/
+

external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml

@@ -0,0 +1,34 @@
+- description: Selectors for selecting the security-extended queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+    tags contain:
+    - security
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - medium
+    problem.severity:
+    - error
+    - warning
+    tags contain:
+    - security
+- include:
+    kind:
+    - diagnostic
+- include:
+    kind:
+    - metric
+    tags contain:
+    - summary
+- exclude:
+    deprecated: //
+- exclude:
+    query path: /^experimental\/.*/
+

ql/lib/CHANGELOG.md

@@ -0,0 +1 @@
+## 0.0.3

ql/lib/change-notes/released/0.0.3.md

@@ -0,0 +1 @@
+## 0.0.3

ql/lib/codeql-pack.release.yml

@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.3

ql/lib/qlpack.yml

@@ -1,7 +1,8 @@
 name: codeql/go-all
-version: 0.0.2
+version: 0.0.4-dev
+groups: go
 dbscheme: go.dbscheme
 extractor: go
 library: true
 dependencies:
-    codeql/go-upgrades: ^0.0.2
+    codeql/go-upgrades: ~0.0.3

ql/src/CHANGELOG.md

@@ -0,0 +1,11 @@
+## 0.0.3
+
+### New Queries
+
+* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods.
+
+### Major Analysis Improvements
+
+* The query "Incorrect conversion between integer types" has been improved to
+  treat `math.MaxUint` and `math.MaxInt` as the values they would be on a
+  32-bit architecture. This should lead to fewer false positive results.

ql/src/change-notes/released/0.0.3.md

@@ -0,0 +1,11 @@
+## 0.0.3
+
+### New Queries
+
+* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods.
+
+### Major Analysis Improvements
+
+* The query "Incorrect conversion between integer types" has been improved to
+  treat `math.MaxUint` and `math.MaxInt` as the values they would be on a
+  32-bit architecture. This should lead to fewer false positive results.

ql/src/codeql-pack.release.yml

@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.3

ql/src/qlpack.yml

@@ -1,8 +1,9 @@
 name: codeql/go-queries
-version: 0.0.2
+version: 0.0.4-dev
+groups: go
 suites: codeql-suites
 extractor: go
 defaultSuiteFile: codeql-suites/go-code-scanning.qls
 dependencies:
   codeql/go-all: "*"
-  codeql/suite-helpers: "*"
+  codeql/suite-helpers: ~0.0.2

ql/test/qlpack.yml

@@ -1,7 +1,7 @@
 name: codeql/go-tests
-version: 0.0.2
+groups: [go,test]
 dependencies:
-    codeql/go-queries: ^0.0.2
-    codeql/go-all: ^0.0.2
-    codeql/go-examples: ^0.0.2
+    codeql/go-queries: "*"
+    codeql/go-all: "*"
+    codeql/go-examples: "*"
 extractor: go

upgrades/CHANGELOG.md

@@ -0,0 +1 @@
+## 0.0.3

upgrades/change-notes/released/0.0.3.md

@@ -0,0 +1 @@
+## 0.0.3

upgrades/codeql-pack.release.yml

@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.3

upgrades/qlpack.yml

@@ -1,4 +1,5 @@
 name: codeql/go-upgrades
-version: 0.0.2
+version: 0.0.4-dev
+groups: go
 upgrades: .
 library: true