Release preparation for version 2.22.1

2026-04-23 07:45:17 +02:00 · 2025-06-24 08:55:31 +00:00
parent 601e317bfe
commit 3e074b2425
184 changed files with 517 additions and 212 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 2.6.6
+
+### Minor Analysis Improvements
+
+* Calls to `sinon.match()` are no longer incorrectly identified as regular expression operations.
+* Improved data flow tracking through middleware to handle default value and similar patterns.
+* Added `req._parsedUrl` as a remote input source.
+* Improved taint tracking through calls to `serialize-javascript`.
+* Removed `encodeURI` and `escape` functions from the sanitizer list for request forgery.
+* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the `compilerOptions` part of the `tsconfig.json` file.
+* Added support for Axios instances in the `axios` module.
+
 ## 2.6.5

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-06-03-axios-instance-support.md
+++ b/javascript/ql/lib/change-notes/2025-06-03-axios-instance-support.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for Axios instances in the `axios` module.
--- a/javascript/ql/lib/change-notes/2025-06-05-skip-obviously-generated-files.md
+++ b/javascript/ql/lib/change-notes/2025-06-05-skip-obviously-generated-files.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the `compilerOptions` part of the `tsconfig.json` file.
--- a/javascript/ql/lib/change-notes/2025-06-13-remove-encodeuri.md
+++ b/javascript/ql/lib/change-notes/2025-06-13-remove-encodeuri.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Removed `encodeURI` and `escape` functions from the sanitizer list for request forgery.
--- a/javascript/ql/lib/change-notes/2025-06-16-middleware-express.md
+++ b/javascript/ql/lib/change-notes/2025-06-16-middleware-express.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved data flow tracking through middleware to handle default value and similar patterns.
-* Added `req._parsedUrl` as a remote input source.
--- a/javascript/ql/lib/change-notes/2025-06-16-serialize-js.md
+++ b/javascript/ql/lib/change-notes/2025-06-16-serialize-js.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved taint tracking through calls to `serialize-javascript`.
--- a/javascript/ql/lib/change-notes/2025-06-20-sinon.md
+++ b/javascript/ql/lib/change-notes/2025-06-20-sinon.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Calls to `sinon.match()` are no longer incorrectly identified as regular expression operations.
--- a/javascript/ql/lib/change-notes/released/2.6.6.md
+++ b/javascript/ql/lib/change-notes/released/2.6.6.md
@@ -0,0 +1,11 @@
+## 2.6.6
+
+### Minor Analysis Improvements
+
+* Calls to `sinon.match()` are no longer incorrectly identified as regular expression operations.
+* Improved data flow tracking through middleware to handle default value and similar patterns.
+* Added `req._parsedUrl` as a remote input source.
+* Improved taint tracking through calls to `serialize-javascript`.
+* Removed `encodeURI` and `escape` functions from the sanitizer list for request forgery.
+* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the `compilerOptions` part of the `tsconfig.json` file.
+* Added support for Axios instances in the `axios` module.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.5
+lastReleaseVersion: 2.6.6
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.6-dev
+version: 2.6.6
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,18 @@
+## 1.7.0
+
+### Query Metadata Changes
+
+* The `quality` tag has been added to multiple JavaScript quality queries, with tags for `reliability` or `maintainability` categories and their sub-categories. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
+* Added `reliability` tag to the `js/suspicious-method-name-declaration` query.
+* Added `reliability` and `language-features` tags to the `js/template-syntax-in-string-literal` query.
+
+### Minor Analysis Improvements
+
+* The `js/loop-iteration-skipped-due-to-shifting` query now has the `reliability` tag.
+* Fixed false positives in the `js/loop-iteration-skipped-due-to-shifting` query when the return value of `splice` is used to decide whether to adjust the loop counter.
+* Fixed false positives in the `js/template-syntax-in-string-literal` query where template syntax in string concatenation and "manual string interpolation" patterns were incorrectly flagged.
+* The `js/useless-expression` query now correctly flags only the innermost expressions with no effect, avoiding duplicate alerts on compound expressions.
+
 ## 1.6.2

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2025-05-30-dom-property-access.md
+++ b/javascript/ql/src/change-notes/2025-05-30-dom-property-access.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/useless-expression` query now correctly flags only the innermost expressions with no effect, avoiding duplicate alerts on compound expressions.
--- a/javascript/ql/src/change-notes/2025-06-12-loop-iteration-fix.md
+++ b/javascript/ql/src/change-notes/2025-06-12-loop-iteration-fix.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed false positives in the `js/loop-iteration-skipped-due-to-shifting` query when the return value of `splice` is used to decide whether to adjust the loop counter.
--- a/javascript/ql/src/change-notes/2025-06-12-loop-iteration.md
+++ b/javascript/ql/src/change-notes/2025-06-12-loop-iteration.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/loop-iteration-skipped-due-to-shifting` query now has the `reliability` tag.
--- a/javascript/ql/src/change-notes/2025-06-12-string-interpolation.md
+++ b/javascript/ql/src/change-notes/2025-06-12-string-interpolation.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed false positives in the `js/template-syntax-in-string-literal` query where template syntax in string concatenation and "manual string interpolation" patterns were incorrectly flagged.
--- a/javascript/ql/src/change-notes/2025-06-12-suspicious-method-name.md
+++ b/javascript/ql/src/change-notes/2025-06-12-suspicious-method-name.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* Added `reliability` tag to the `js/suspicious-method-name-declaration` query.
--- a/javascript/ql/src/change-notes/2025-06-12-template-syntax-metadata.md
+++ b/javascript/ql/src/change-notes/2025-06-12-template-syntax-metadata.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* Added `reliability` and `language-features` tags to the `js/template-syntax-in-string-literal` query.
--- a/javascript/ql/src/change-notes/2025-06-16-mass-promotion.md
+++ b/javascript/ql/src/change-notes/2025-06-16-mass-promotion.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* The `quality` tag has been added to multiple JavaScript quality queries, with tags for `reliability` or `maintainability` categories and their sub-categories. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
--- a/javascript/ql/src/change-notes/released/1.7.0.md
+++ b/javascript/ql/src/change-notes/released/1.7.0.md
@@ -0,0 +1,14 @@
+## 1.7.0
+
+### Query Metadata Changes
+
+* The `quality` tag has been added to multiple JavaScript quality queries, with tags for `reliability` or `maintainability` categories and their sub-categories. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
+* Added `reliability` tag to the `js/suspicious-method-name-declaration` query.
+* Added `reliability` and `language-features` tags to the `js/template-syntax-in-string-literal` query.
+
+### Minor Analysis Improvements
+
+* The `js/loop-iteration-skipped-due-to-shifting` query now has the `reliability` tag.
+* Fixed false positives in the `js/loop-iteration-skipped-due-to-shifting` query when the return value of `splice` is used to decide whether to adjust the loop counter.
+* Fixed false positives in the `js/template-syntax-in-string-literal` query where template syntax in string concatenation and "manual string interpolation" patterns were incorrectly flagged.
+* The `js/useless-expression` query now correctly flags only the innermost expressions with no effect, avoiding duplicate alerts on compound expressions.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.2
+lastReleaseVersion: 1.7.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.6.3-dev
+version: 1.7.0
 groups:
  - javascript
  - queries