From d6055754b62ccd71f9474cef08f1a017569ae03a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 16 Mar 2026 12:15:34 +0000 Subject: [PATCH 01/13] Release preparation for version 2.25.0 --- actions/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/0.4.30.md | 3 +++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/0.6.22.md | 3 +++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 6 +++++ .../8.0.1.md} | 7 +++--- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.5.13.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.61.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.61.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 10 ++++++++ .../2026-02-24-partial-constructors.md | 4 ---- .../2026-03-02-post-update-nodes.md | 4 ---- ...-03-03-implicit-conversion-reverse-flow.md | 4 ---- .../2026-03-04-websocket-receiveasync.md | 4 ---- csharp/ql/lib/change-notes/released/5.4.9.md | 9 ++++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.6.4.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.44.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 +++++ .../ql/lib/change-notes/released/7.0.2.md | 7 +++--- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.5.8.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 23 +++++++++++++++++++ .../2026-03-04-binary-assignment.md | 4 ---- .../{2026-02-18-cfg.md => released/9.0.0.md} | 12 +++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.10.9.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 7 ++++++ ...-03-05-inline-expectation-space-after-$.md | 4 ---- .../2.6.24.md} | 8 ++++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/2.3.4.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.44.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 ++++++ .../7.0.1.md} | 7 +++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/1.7.9.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 +++++ ...-03-05-inline-expectation-space-after-$.md | 4 ---- .../ql/lib/change-notes/released/5.1.12.md | 7 +++--- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/1.5.9.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 7 ++++++ .../2026-02-26-neutral-models-map-from.md | 4 ---- ...-03-05-inline-expectation-space-after-$.md | 4 ---- .../ql/lib/change-notes/released/0.2.8.md | 8 ++++--- rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 4 ++++ rust/ql/src/change-notes/released/0.1.29.md | 3 +++ rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 ++++ .../concepts/change-notes/released/0.0.18.md | 3 +++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.28.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 6 +++++ .../2.1.0.md} | 9 ++++---- shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.44.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 ++++ .../quantum/change-notes/released/0.0.22.md | 3 +++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.44.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.44.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/2.0.20.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.44.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.44.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.44.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../change-notes/released/0.0.25.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.28.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.44.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.31.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.44.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.44.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 10 ++++++++ ...-03-05-inline-expectation-space-after-$.md | 4 ---- .../change-notes/2026-03-06-swift-6.2.4.md | 4 ---- .../ql/lib/change-notes/released/6.3.0.md | 11 ++++++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.2.18.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 175 files changed, 444 insertions(+), 154 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.30.md create mode 100644 actions/ql/src/change-notes/released/0.6.22.md rename cpp/ql/lib/change-notes/{2026-03-05-inline-expectation-space-after-$.md => released/8.0.1.md} (81%) create mode 100644 cpp/ql/src/change-notes/released/1.5.13.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md delete mode 100644 csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md delete mode 100644 csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md delete mode 100644 csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md delete mode 100644 csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md create mode 100644 csharp/ql/lib/change-notes/released/5.4.9.md create mode 100644 csharp/ql/src/change-notes/released/1.6.4.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.44.md rename csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md => go/ql/lib/change-notes/released/7.0.2.md (81%) create mode 100644 go/ql/src/change-notes/released/1.5.8.md delete mode 100644 java/ql/lib/change-notes/2026-03-04-binary-assignment.md rename java/ql/lib/change-notes/{2026-02-18-cfg.md => released/9.0.0.md} (70%) create mode 100644 java/ql/src/change-notes/released/1.10.9.md delete mode 100644 javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename javascript/ql/lib/change-notes/{2026-03-11-browser-source-kinds.md => released/2.6.24.md} (53%) create mode 100644 javascript/ql/src/change-notes/released/2.3.4.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.44.md rename python/ql/lib/change-notes/{2026-03-05-ignore-type-overloaded-methods-during-resolution.md => released/7.0.1.md} (54%) create mode 100644 python/ql/src/change-notes/released/1.7.9.md delete mode 100644 ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md => ruby/ql/lib/change-notes/released/5.1.12.md (81%) create mode 100644 ruby/ql/src/change-notes/released/1.5.9.md delete mode 100644 rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md delete mode 100644 rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md => rust/ql/lib/change-notes/released/0.2.8.md (52%) create mode 100644 rust/ql/src/change-notes/released/0.1.29.md create mode 100644 shared/concepts/change-notes/released/0.0.18.md create mode 100644 shared/controlflow/change-notes/released/2.0.28.md rename shared/dataflow/change-notes/{2026-03-04-flow-feature-escapes-source-call-context.md => released/2.1.0.md} (89%) create mode 100644 shared/mad/change-notes/released/1.0.44.md create mode 100644 shared/quantum/change-notes/released/0.0.22.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.44.md create mode 100644 shared/regex/change-notes/released/1.0.44.md create mode 100644 shared/ssa/change-notes/released/2.0.20.md create mode 100644 shared/threat-models/change-notes/released/1.0.44.md create mode 100644 shared/tutorial/change-notes/released/1.0.44.md create mode 100644 shared/typeflow/change-notes/released/1.0.44.md create mode 100644 shared/typeinference/change-notes/released/0.0.25.md create mode 100644 shared/typetracking/change-notes/released/2.0.28.md create mode 100644 shared/typos/change-notes/released/1.0.44.md create mode 100644 shared/util/change-notes/released/2.0.31.md create mode 100644 shared/xml/change-notes/released/1.0.44.md create mode 100644 shared/yaml/change-notes/released/1.0.44.md delete mode 100644 swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md delete mode 100644 swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md rename go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md => swift/ql/lib/change-notes/released/6.3.0.md (61%) create mode 100644 swift/ql/src/change-notes/released/1.2.18.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 0de191099ce..e482a61b06a 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.30 + +No user-facing changes. + ## 0.4.29 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.30.md b/actions/ql/lib/change-notes/released/0.4.30.md new file mode 100644 index 00000000000..db4b03e0b97 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.30.md @@ -0,0 +1,3 @@ +## 0.4.30 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index e8ce8a9cf2d..008b5d85453 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.29 +lastReleaseVersion: 0.4.30 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 58daff358ae..9a23a378da6 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.30-dev +version: 0.4.30 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 98d0c402d61..3b0f1c68853 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.22 + +No user-facing changes. + ## 0.6.21 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.22.md b/actions/ql/src/change-notes/released/0.6.22.md new file mode 100644 index 00000000000..e94a6b1f5a2 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.22.md @@ -0,0 +1,3 @@ +## 0.6.22 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 8842c194911..d34186b2833 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.21 +lastReleaseVersion: 0.6.22 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index cb88235175f..823050fa00b 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.22-dev +version: 0.6.22 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index ceed8215197..de37c16751a 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 8.0.1 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 8.0.0 ### Breaking Changes diff --git a/cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/cpp/ql/lib/change-notes/released/8.0.1.md similarity index 81% rename from cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to cpp/ql/lib/change-notes/released/8.0.1.md index 23fdce9b615..46866df058a 100644 --- a/cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/cpp/ql/lib/change-notes/released/8.0.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 8.0.1 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 0f48687270d..145ae8f5b47 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.0.0 +lastReleaseVersion: 8.0.1 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index f58f85ad943..286288140c4 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 8.0.1-dev +version: 8.0.1 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 46b9d362541..c29eaa31e44 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.13 + +No user-facing changes. + ## 1.5.12 No user-facing changes. diff --git a/cpp/ql/src/change-notes/released/1.5.13.md b/cpp/ql/src/change-notes/released/1.5.13.md new file mode 100644 index 00000000000..293a8ca4ee1 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.13.md @@ -0,0 +1,3 @@ +## 1.5.13 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 7a2ef006808..63816b66f59 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.12 +lastReleaseVersion: 1.5.13 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 82056b71c4d..5fb03d53434 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.13-dev +version: 1.5.13 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index e651f382fe1..86119cf97c4 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.61 + +No user-facing changes. + ## 1.7.60 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md new file mode 100644 index 00000000000..260a59b90af --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md @@ -0,0 +1,3 @@ +## 1.7.61 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c6e284f44d7..4235ee0663a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.60 +lastReleaseVersion: 1.7.61 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index db6b6b5e014..e2e83cd47e7 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.61-dev +version: 1.7.61 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index e651f382fe1..86119cf97c4 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.61 + +No user-facing changes. + ## 1.7.60 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md new file mode 100644 index 00000000000..260a59b90af --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md @@ -0,0 +1,3 @@ +## 1.7.61 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c6e284f44d7..4235ee0663a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.60 +lastReleaseVersion: 1.7.61 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index e0ee0aaab8f..ebbb19fa683 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.61-dev +version: 1.7.61 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 0546fef07b9..695a5611d94 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 5.4.9 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. +* Added reverse taint flow from implicit conversion operator calls to their arguments. +* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. +* C# 14: Added support for partial constructors. + ## 5.4.8 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md b/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md deleted file mode 100644 index 5ce442aaa10..00000000000 --- a/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 14: Added support for partial constructors. diff --git a/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md b/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md deleted file mode 100644 index d021cabf1a0..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. diff --git a/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md b/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md deleted file mode 100644 index 842c2069b3e..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added reverse taint flow from implicit conversion operator calls to their arguments. diff --git a/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md b/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md deleted file mode 100644 index 7b709cad7ca..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/released/5.4.9.md b/csharp/ql/lib/change-notes/released/5.4.9.md new file mode 100644 index 00000000000..00b802f5aba --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.4.9.md @@ -0,0 +1,9 @@ +## 5.4.9 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. +* Added reverse taint flow from implicit conversion operator calls to their arguments. +* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. +* C# 14: Added support for partial constructors. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 35346716101..b33412cd939 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.4.8 +lastReleaseVersion: 5.4.9 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2393305504e..3c914c68019 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.9-dev +version: 5.4.9 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 91479d78ffe..35b5ab1e24e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.6.4.md b/csharp/ql/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 6290164f0bb..314f157005e 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.6.4-dev +version: 1.6.4 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 5940973b8ca..83afe3edcec 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.44.md b/go/ql/consistency-queries/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index d0473dca567..abdc2742c45 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.44-dev +version: 1.0.44 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 3e1f0ee4aa3..1093bb81803 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.0.2 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 7.0.1 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/go/ql/lib/change-notes/released/7.0.2.md similarity index 81% rename from csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to go/ql/lib/change-notes/released/7.0.2.md index 23fdce9b615..88cadec6237 100644 --- a/csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/go/ql/lib/change-notes/released/7.0.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 7.0.2 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index a18747dd3a7..1f4c0c554e9 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.1 +lastReleaseVersion: 7.0.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index dc03fcbe4f2..2e3c31c5973 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.0.2-dev +version: 7.0.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 289e4b4281b..83e764ea9d3 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.8 + +No user-facing changes. + ## 1.5.7 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.5.8.md b/go/ql/src/change-notes/released/1.5.8.md new file mode 100644 index 00000000000..ec8f84e657f --- /dev/null +++ b/go/ql/src/change-notes/released/1.5.8.md @@ -0,0 +1,3 @@ +## 1.5.8 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 227ac5febef..d26e0a52764 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.7 +lastReleaseVersion: 1.5.8 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index bc7a0adc3d2..2d0bef9e155 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.8-dev +version: 1.5.8 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 644a5328933..24757112923 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,26 @@ +## 9.0.0 + +### Breaking Changes + +* The Java control flow graph (CFG) implementation has been completely + rewritten. The CFG now includes additional nodes to more accurately represent + certain constructs. This also means that any existing code that implicitly + relies on very specific details about the CFG may need to be updated. + The CFG now only includes the nodes that are reachable from the entry point. + Additionally, the following breaking changes have been made: + - `ControlFlowNode.asCall` has been removed - use `Call.getControlFlowNode` instead. + - `ControlFlowNode.getEnclosingStmt` has been removed. + - `ControlFlow::ExprNode` has been removed. + - `ControlFlow::StmtNode` has been removed. + - `ControlFlow::Node` has been removed - this was merely an alias of + `ControlFlowNode`, which is still available. + - Previously deprecated predicates on `BasicBlock` have been removed. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. + ## 8.1.1 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2026-03-04-binary-assignment.md b/java/ql/lib/change-notes/2026-03-04-binary-assignment.md deleted file mode 100644 index e94a7f6722b..00000000000 --- a/java/ql/lib/change-notes/2026-03-04-binary-assignment.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. diff --git a/java/ql/lib/change-notes/2026-02-18-cfg.md b/java/ql/lib/change-notes/released/9.0.0.md similarity index 70% rename from java/ql/lib/change-notes/2026-02-18-cfg.md rename to java/ql/lib/change-notes/released/9.0.0.md index 27bd381ec0d..e0b4d7f10ab 100644 --- a/java/ql/lib/change-notes/2026-02-18-cfg.md +++ b/java/ql/lib/change-notes/released/9.0.0.md @@ -1,6 +1,7 @@ ---- -category: breaking ---- +## 9.0.0 + +### Breaking Changes + * The Java control flow graph (CFG) implementation has been completely rewritten. The CFG now includes additional nodes to more accurately represent certain constructs. This also means that any existing code that implicitly @@ -14,3 +15,8 @@ category: breaking - `ControlFlow::Node` has been removed - this was merely an alias of `ControlFlowNode`, which is still available. - Previously deprecated predicates on `BasicBlock` have been removed. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 7d4e7133afe..fd5f4a48b3c 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.1.1 +lastReleaseVersion: 9.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 243a7ddd9a6..e45e13037e7 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 8.1.2-dev +version: 9.0.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 85bbb64158a..ae0e77925bd 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.10.9 + +No user-facing changes. + ## 1.10.8 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/released/1.10.9.md b/java/ql/src/change-notes/released/1.10.9.md new file mode 100644 index 00000000000..0babf4b0286 --- /dev/null +++ b/java/ql/src/change-notes/released/1.10.9.md @@ -0,0 +1,3 @@ +## 1.10.9 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 148ec989f9c..947b9a72073 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.10.8 +lastReleaseVersion: 1.10.9 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index ea148f21e79..6d1aa235ed6 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.9-dev +version: 1.10.9 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 07069cd41b1..01ac46e87c5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 2.6.24 + +### Minor Analysis Improvements + +* Added support for browser-specific source kinds (`browser`, `browser-url-query`, `browser-url-fragment`, `browser-url-path`, `browser-url`, `browser-window-name`, `browser-message-event`) that can be used in data extensions to model sources in browser environments. +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 2.6.23 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md b/javascript/ql/lib/change-notes/released/2.6.24.md similarity index 53% rename from javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md rename to javascript/ql/lib/change-notes/released/2.6.24.md index 71d06f3d1b6..9d16a33f1a8 100644 --- a/javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md +++ b/javascript/ql/lib/change-notes/released/2.6.24.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 2.6.24 + +### Minor Analysis Improvements + * Added support for browser-specific source kinds (`browser`, `browser-url-query`, `browser-url-fragment`, `browser-url-path`, `browser-url`, `browser-window-name`, `browser-message-event`) that can be used in data extensions to model sources in browser environments. +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 50942a620ed..ce80dc3be1c 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.23 +lastReleaseVersion: 2.6.24 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d3ae02b327c..70d0ad7df76 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.24-dev +version: 2.6.24 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 39bd03fdef8..872cd055c51 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.3.4 + +No user-facing changes. + ## 2.3.3 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.3.4.md b/javascript/ql/src/change-notes/released/2.3.4.md new file mode 100644 index 00000000000..c7dcb90e95a --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.4.md @@ -0,0 +1,3 @@ +## 2.3.4 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 417ee8d65a1..1d7561c966c 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.3.3 +lastReleaseVersion: 2.3.4 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 345b9f5e9b9..d9fc2fd16d5 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.4-dev +version: 2.3.4 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index d44ddfc29ab..8b32c3a6018 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.44.md b/misc/suite-helpers/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 99171f3f221..dea7170bc37 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.44-dev +version: 1.0.44 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 757949e1a57..4db07a9c83e 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 7.0.1 + +### Minor Analysis Improvements + +- The call graph resolution no longer considers methods marked using [`@typing.overload`](https://typing.python.org/en/latest/spec/overload.html#overloads) as valid targets. This ensures that only the method that contains the actual implementation gets resolved as a target. +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 7.0.0 ### Breaking Changes diff --git a/python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md b/python/ql/lib/change-notes/released/7.0.1.md similarity index 54% rename from python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md rename to python/ql/lib/change-notes/released/7.0.1.md index 001b46a0adb..97224884c93 100644 --- a/python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md +++ b/python/ql/lib/change-notes/released/7.0.1.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 7.0.1 + +### Minor Analysis Improvements - The call graph resolution no longer considers methods marked using [`@typing.overload`](https://typing.python.org/en/latest/spec/overload.html#overloads) as valid targets. This ensures that only the method that contains the actual implementation gets resolved as a target. +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index e0db21c7869..a18747dd3a7 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.0 +lastReleaseVersion: 7.0.1 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 1e5bd87c850..2400efca5a7 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.0.1-dev +version: 7.0.1 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 76ac40e7767..46e1c23df07 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.9 + +No user-facing changes. + ## 1.7.8 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.7.9.md b/python/ql/src/change-notes/released/1.7.9.md new file mode 100644 index 00000000000..84107525ff7 --- /dev/null +++ b/python/ql/src/change-notes/released/1.7.9.md @@ -0,0 +1,3 @@ +## 1.7.9 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index e003efd5127..678da6bc37e 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.8 +lastReleaseVersion: 1.7.9 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 1ce2f7a64a0..7c1c1610d14 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.9-dev +version: 1.7.9 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index af8da8d490f..8014d434977 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 5.1.12 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 5.1.11 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 9b32429325e..00000000000 --- a/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/ruby/ql/lib/change-notes/released/5.1.12.md similarity index 81% rename from python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to ruby/ql/lib/change-notes/released/5.1.12.md index 9b32429325e..8112f58ab86 100644 --- a/python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/ruby/ql/lib/change-notes/released/5.1.12.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 5.1.12 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 4f89df382ec..537ae582d46 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.11 +lastReleaseVersion: 5.1.12 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 082848d5e62..9a0242be164 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.12-dev +version: 5.1.12 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 9414b1dab9d..ddefff5e95b 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.9 + +No user-facing changes. + ## 1.5.8 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.5.9.md b/ruby/ql/src/change-notes/released/1.5.9.md new file mode 100644 index 00000000000..be9d418e598 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.5.9.md @@ -0,0 +1,3 @@ +## 1.5.9 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index d26e0a52764..5ac7d08bfbf 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.8 +lastReleaseVersion: 1.5.9 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ad4284d6c12..3ba280ea378 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.9-dev +version: 1.5.9 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 34301d08146..6f7d27e23b4 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.2.8 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. + ## 0.2.7 ### Minor Analysis Improvements diff --git a/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md b/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md deleted file mode 100644 index 99c313c2ca2..00000000000 --- a/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. diff --git a/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/rust/ql/lib/change-notes/released/0.2.8.md similarity index 52% rename from java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to rust/ql/lib/change-notes/released/0.2.8.md index 23fdce9b615..a892527ffef 100644 --- a/java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/rust/ql/lib/change-notes/released/0.2.8.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.2.8 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 6d3c0021858..66ad7f587f8 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.7 +lastReleaseVersion: 0.2.8 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index c260a6a9aaf..bce0d1b8fa5 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.8-dev +version: 0.2.8 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index d5f4e6540a7..a3b3c7b516e 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.29 + +No user-facing changes. + ## 0.1.28 ### Minor Analysis Improvements diff --git a/rust/ql/src/change-notes/released/0.1.29.md b/rust/ql/src/change-notes/released/0.1.29.md new file mode 100644 index 00000000000..040d04d51d3 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.29.md @@ -0,0 +1,3 @@ +## 0.1.29 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index edc267eb31d..7517c5cff32 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.28 +lastReleaseVersion: 0.1.29 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 3e0968929b4..e3cb21b0a45 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.29-dev +version: 0.1.29 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index d5febfff59e..61720754dff 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.18 + +No user-facing changes. + ## 0.0.17 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.18.md b/shared/concepts/change-notes/released/0.0.18.md new file mode 100644 index 00000000000..86c60b8abe7 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.18.md @@ -0,0 +1,3 @@ +## 0.0.18 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index cbc3d3cd493..a0d2bc59d97 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.17 +lastReleaseVersion: 0.0.18 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 0eb08ff7ef2..fc4c0b767d5 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.18-dev +version: 0.0.18 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index ba7a6e9710b..cd52e9f754d 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.28 + +No user-facing changes. + ## 2.0.27 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.28.md b/shared/controlflow/change-notes/released/2.0.28.md new file mode 100644 index 00000000000..3f9412b6e63 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.28.md @@ -0,0 +1,3 @@ +## 2.0.28 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index a047558f018..ec5bd6ba369 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.0.28 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 23365f4b00e..1376dbfe3cc 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.28-dev +version: 2.0.28 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 21334d74df3..d669cdf14da 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 2.1.0 + +### New Features + +* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. + ## 2.0.27 No user-facing changes. diff --git a/shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md b/shared/dataflow/change-notes/released/2.1.0.md similarity index 89% rename from shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md rename to shared/dataflow/change-notes/released/2.1.0.md index b7b61b75411..3190a39d325 100644 --- a/shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md +++ b/shared/dataflow/change-notes/released/2.1.0.md @@ -1,4 +1,5 @@ ---- -category: feature ---- -* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. \ No newline at end of file +## 2.1.0 + +### New Features + +* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index a047558f018..487a1a58b2b 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.1.0 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 148f7c22aea..09f2320911d 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.28-dev +version: 2.1.0 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 04d6328e1ad..ac2f534d1f0 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.44.md b/shared/mad/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 6d52d027c3c..370dcab571e 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 2daa850c9cd..356c331b5df 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.22 + +No user-facing changes. + ## 0.0.21 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.22.md b/shared/quantum/change-notes/released/0.0.22.md new file mode 100644 index 00000000000..00226747438 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.22.md @@ -0,0 +1,3 @@ +## 0.0.22 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index 0c15c351db4..11aaa2243f5 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.21 +lastReleaseVersion: 0.0.22 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 62eff53a70f..066a920be90 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.22-dev +version: 0.0.22 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 322f3e63d2a..7fe3864e2a9 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.44.md b/shared/rangeanalysis/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 52088206123..e3d15e3fb29 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 91f48e63783..76740aca838 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.44.md b/shared/regex/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index de27548887a..0595120a7a8 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 3be528de762..8e2eb4bd049 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.20 + +No user-facing changes. + ## 2.0.19 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.20.md b/shared/ssa/change-notes/released/2.0.20.md new file mode 100644 index 00000000000..6756bd5f6c1 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.20.md @@ -0,0 +1,3 @@ +## 2.0.20 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 4aecf1e1f86..cde101f3516 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.19 +lastReleaseVersion: 2.0.20 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 26a6653166e..0e191175233 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.20-dev +version: 2.0.20 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 5940973b8ca..83afe3edcec 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.44.md b/shared/threat-models/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index a7be7fa7472..34df8789554 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.44-dev +version: 1.0.44 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1f381c3bc3e..403c4b8589a 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.44.md b/shared/tutorial/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 55533a9215d..913f73c24fe 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 2750202de65..b57a022aa47 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.44.md b/shared/typeflow/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index d1f7f3a6ee5..bba635a4797 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 20ebb6b42c0..8d524a11a09 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.25 + +No user-facing changes. + ## 0.0.24 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.25.md b/shared/typeinference/change-notes/released/0.0.25.md new file mode 100644 index 00000000000..e41a9acfa06 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.25.md @@ -0,0 +1,3 @@ +## 0.0.25 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index b956773a07f..6d0e80a50c3 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.24 +lastReleaseVersion: 0.0.25 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 3083c027155..278398e2487 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.25-dev +version: 0.0.25 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index edd15f80a3f..553f1b75bfd 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.28 + +No user-facing changes. + ## 2.0.27 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.28.md b/shared/typetracking/change-notes/released/2.0.28.md new file mode 100644 index 00000000000..3f9412b6e63 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.28.md @@ -0,0 +1,3 @@ +## 2.0.28 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index a047558f018..ec5bd6ba369 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.0.28 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 7b154125281..3c3316da7fc 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.28-dev +version: 2.0.28 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 50d7c3b9dab..277af7bfafe 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.44.md b/shared/typos/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a01e2c21ac3..56557152de7 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 550586e22aa..4f086cb994a 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.31 + +No user-facing changes. + ## 2.0.30 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.31.md b/shared/util/change-notes/released/2.0.31.md new file mode 100644 index 00000000000..b3cd05e3de4 --- /dev/null +++ b/shared/util/change-notes/released/2.0.31.md @@ -0,0 +1,3 @@ +## 2.0.31 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 19c80429585..783d47207cd 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.30 +lastReleaseVersion: 2.0.31 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 43291623fec..b7e3b89b39e 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.31-dev +version: 2.0.31 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 988f07dd919..ecdc24c85be 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.44.md b/shared/xml/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index c86bb266ce5..33bf92658f8 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 323fcc5e351..62c04d103a4 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.44.md b/shared/yaml/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index c374e16c9cd..ac65e0bcb80 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.44-dev +version: 1.0.44 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 793cfd9cc20..f105831909f 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.3.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.4. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 6.2.3 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md b/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md deleted file mode 100644 index f507df1c2df..00000000000 --- a/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Upgraded to allow analysis of Swift 6.2.4. diff --git a/go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/swift/ql/lib/change-notes/released/6.3.0.md similarity index 61% rename from go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to swift/ql/lib/change-notes/released/6.3.0.md index 23fdce9b615..5d010b9d110 100644 --- a/go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/swift/ql/lib/change-notes/released/6.3.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 6.3.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.4. + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index e3651327c5b..ae5210e925a 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.2.3 +lastReleaseVersion: 6.3.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 6689881badc..d2983f8bd94 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.2.4-dev +version: 6.3.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 2b609c7f270..40371bcbb8d 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.18 + +No user-facing changes. + ## 1.2.17 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.18.md b/swift/ql/src/change-notes/released/1.2.18.md new file mode 100644 index 00000000000..e7b808777a2 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.18.md @@ -0,0 +1,3 @@ +## 1.2.18 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index e8e4a1b8f7d..e414238818d 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.17 +lastReleaseVersion: 1.2.18 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 866219f0753..39171058590 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.18-dev +version: 1.2.18 groups: - swift - queries From e3dbf5b022455c1c9832dc4eb153aabda071d245 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 16 Mar 2026 16:03:22 +0000 Subject: [PATCH 02/13] Post-release preparation for codeql-cli-2.25.0 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 41 files changed, 41 insertions(+), 41 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 9a23a378da6..a6806dc906f 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.30 +version: 0.4.31-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 823050fa00b..0c097847479 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.22 +version: 0.6.23-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 286288140c4..beb1e9234e8 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 8.0.1 +version: 8.0.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 5fb03d53434..1b32be0402f 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.13 +version: 1.5.14-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index e2e83cd47e7..90919d238b8 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.61 +version: 1.7.62-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index ebbb19fa683..ee4e92178bf 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.61 +version: 1.7.62-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 3c914c68019..0153dbbfb30 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.9 +version: 5.4.10-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 314f157005e..807071e116b 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.6.4 +version: 1.6.5-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index abdc2742c45..dfa143a5866 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.44 +version: 1.0.45-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 2e3c31c5973..2bcd5042425 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.0.2 +version: 7.0.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 2d0bef9e155..a32eb17ebf7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.8 +version: 1.5.9-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e45e13037e7..b9f061bcc3e 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 9.0.0 +version: 9.0.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 6d1aa235ed6..13700fa7199 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.9 +version: 1.10.10-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 70d0ad7df76..c753467a0b8 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.24 +version: 2.6.25-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index d9fc2fd16d5..5d4952bd6a5 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.4 +version: 2.3.5-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index dea7170bc37..5d2436f3e04 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.44 +version: 1.0.45-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 2400efca5a7..8d8597ea915 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.0.1 +version: 7.0.2-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 7c1c1610d14..389b1dfb493 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.9 +version: 1.7.10-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 9a0242be164..c642ddab974 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.12 +version: 5.1.13-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3ba280ea378..6978ce40015 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.9 +version: 1.5.10-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index bce0d1b8fa5..b7d2e253cfb 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.8 +version: 0.2.9-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index e3cb21b0a45..c36bcc3f951 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.29 +version: 0.1.30-dev groups: - rust - queries diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index fc4c0b767d5..c23e61f19fb 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.18 +version: 0.0.19-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 1376dbfe3cc..35b09b7dc63 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.28 +version: 2.0.29-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 09f2320911d..2dd531eda0a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.1.0 +version: 2.1.1-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 370dcab571e..cade13e956c 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 066a920be90..4e7f48d621d 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.22 +version: 0.0.23-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index e3d15e3fb29..5c2fc87098b 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 0595120a7a8..26f585673ec 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0e191175233..4cfd1100a80 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.20 +version: 2.0.21-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 34df8789554..9e47885b303 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.44 +version: 1.0.45-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 913f73c24fe..2313b64956a 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index bba635a4797..1cd9c4b5f7b 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 278398e2487..533847824b1 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.25 +version: 0.0.26-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 3c3316da7fc..41a197cff1d 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.28 +version: 2.0.29-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 56557152de7..547c266fb94 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index b7e3b89b39e..1b3f89c4ef7 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.31 +version: 2.0.32-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 33bf92658f8..392bdb18282 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index ac65e0bcb80..b951c408c85 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.44 +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index d2983f8bd94..3343e056833 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.3.0 +version: 6.3.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 39171058590..80a16a8099d 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.18 +version: 1.2.19-dev groups: - swift - queries From ff48ac5434e334cb724295e626d4c998c4043fc1 Mon Sep 17 00:00:00 2001 From: MarkLee131 Date: Tue, 17 Mar 2026 22:45:38 +0800 Subject: [PATCH 03/13] C++: exclude printf implementation internals from format string sinks --- .../CWE/CWE-134/UncontrolledFormatString.ql | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index 37e3fa0c49f..4c0271ef96e 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -23,13 +23,32 @@ import Flow::PathGraph predicate isSource(FlowSource source, string sourceType) { sourceType = source.getSourceType() } +/** + * Holds if `f` is a printf-like function or a (possibly nested) wrapper + * that forwards a format-string parameter to one. + * + * Functions that *implement* printf-like behaviour (e.g. a custom + * `vsnprintf` variant) internally parse the caller-supplied format string + * and build small, bounded, local format strings such as `"%d"` or `"%ld"` + * for inner `sprintf` calls. Taint that reaches those inner calls via the + * parsed format specifier is not exploitable, so sinks inside such + * functions should be excluded. + */ +private predicate isPrintfImplementation(Function f) { + f instanceof PrintfLikeFunction + or + exists(PrintfLikeFunction printf | printf.wrapperFunction(f, _, _)) +} + module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { isSource(node, _) } predicate isSink(DataFlow::Node node) { exists(PrintfLikeFunction printf | printf.outermostWrapperFunctionCall([node.asExpr(), node.asIndirectExpr()], _) - ) + ) and + not isPrintfImplementation(node.asExpr().getEnclosingFunction()) and + not isPrintfImplementation(node.asIndirectExpr().getEnclosingFunction()) } private predicate isArithmeticNonCharType(ArithmeticType type) { From 2c76e6e63740dd4cd1307141819fb25efd8c31c9 Mon Sep 17 00:00:00 2001 From: Kaixuan Li Date: Thu, 19 Mar 2026 14:35:45 +0800 Subject: [PATCH 04/13] use American spellings in documentation Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index 4c0271ef96e..c3e94c989bd 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -27,7 +27,7 @@ predicate isSource(FlowSource source, string sourceType) { sourceType = source.g * Holds if `f` is a printf-like function or a (possibly nested) wrapper * that forwards a format-string parameter to one. * - * Functions that *implement* printf-like behaviour (e.g. a custom + * Functions that *implement* printf-like behavior (e.g. a custom * `vsnprintf` variant) internally parse the caller-supplied format string * and build small, bounded, local format strings such as `"%d"` or `"%ld"` * for inner `sprintf` calls. Taint that reaches those inner calls via the From c155394f25b11de265224cbc462cbf518739c383 Mon Sep 17 00:00:00 2001 From: Kaixuan Li Date: Thu, 19 Mar 2026 14:36:28 +0800 Subject: [PATCH 05/13] the [] syntax directly Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index c3e94c989bd..bf6f014672f 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -47,8 +47,7 @@ module Config implements DataFlow::ConfigSig { exists(PrintfLikeFunction printf | printf.outermostWrapperFunctionCall([node.asExpr(), node.asIndirectExpr()], _) ) and - not isPrintfImplementation(node.asExpr().getEnclosingFunction()) and - not isPrintfImplementation(node.asIndirectExpr().getEnclosingFunction()) + not isPrintfImplementation([node.asExpr(), node.asIndirectExpr()].getEnclosingFunction()) } private predicate isArithmeticNonCharType(ArithmeticType type) { From 8d6aceb00899c229c715659a5faafc057b3c1b85 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 19 Mar 2026 10:10:24 +0100 Subject: [PATCH 06/13] CI: Remove `compile-queries.yml` Has been superseded by an internal check. --- .github/workflows/compile-queries.yml | 78 --------------------------- 1 file changed, 78 deletions(-) delete mode 100644 .github/workflows/compile-queries.yml diff --git a/.github/workflows/compile-queries.yml b/.github/workflows/compile-queries.yml deleted file mode 100644 index c8f6301bb53..00000000000 --- a/.github/workflows/compile-queries.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: "Compile all queries using the latest stable CodeQL CLI" - -on: - push: - branches: # makes sure the cache gets populated - running on the branches people tend to merge into. - - main - - "rc/*" - - "codeql-cli-*" - pull_request: - paths: - - '**.ql' - - '**.qll' - - '**/qlpack.yml' - - '**.dbscheme' - -permissions: - contents: read - -jobs: - detect-changes: - if: github.repository_owner == 'github' - runs-on: ubuntu-latest - outputs: - languages: ${{ steps.detect.outputs.languages }} - steps: - - uses: actions/checkout@v5 - - name: Detect changed languages - id: detect - run: | - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - # For PRs, detect which languages have changes - changed_files=$(gh pr view ${{ github.event.pull_request.number }} --json files --jq '.files.[].path') - languages=() - for lang in actions cpp csharp go java javascript python ql ruby rust swift; do - if echo "$changed_files" | grep -qE "^($lang/|shared/)" ; then - languages+=("$lang") - fi - done - echo "languages=$(jq -c -n '$ARGS.positional' --args "${languages[@]}")" >> $GITHUB_OUTPUT - else - # For pushes to main/rc branches, run all languages - echo 'languages=["actions","cpp","csharp","go","java","javascript","python","ql","ruby","rust","swift"]' >> $GITHUB_OUTPUT - fi - env: - GH_TOKEN: ${{ github.token }} - - compile-queries: - needs: detect-changes - if: github.repository_owner == 'github' && needs.detect-changes.outputs.languages != '[]' - runs-on: ubuntu-latest-xl - strategy: - fail-fast: false - matrix: - language: ${{ fromJson(needs.detect-changes.outputs.languages) }} - - steps: - - uses: actions/checkout@v5 - - name: Setup CodeQL - uses: ./.github/actions/fetch-codeql - with: - channel: 'release' - - name: Cache compilation cache - id: query-cache - uses: ./.github/actions/cache-query-compilation - with: - key: ${{ matrix.language }}-queries - - name: check formatting - run: find shared ${{ matrix.language }}/ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only - - name: compile queries - check-only - # run with --check-only if running in a PR (github.sha != main) - if : ${{ github.event_name == 'pull_request' }} - shell: bash - run: codeql query compile -q -j0 ${{ matrix.language }}/ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000 - - name: compile queries - full - # do full compile if running on main - this populates the cache - if : ${{ github.event_name != 'pull_request' }} - shell: bash - run: codeql query compile -q -j0 ${{ matrix.language }}/ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000 From 2e987f8d785f8169fd36defa8e0ae4186522d658 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 18 Mar 2026 14:15:05 +0000 Subject: [PATCH 07/13] C++: Add test cases emulating cpp/suspicious-add-sizeof in buildless mode. --- .../SuspiciousAddWithSizeof.expected | 5 +++++ .../semmle/SuspiciousAddWithSizeof/buildless.cpp | 10 ++++++++++ .../CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp | 6 ++++++ 3 files changed, 21 insertions(+) create mode 100644 cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected index 8b67b3f8bc9..c1a192afc3a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected @@ -1,3 +1,8 @@ +| buildless.cpp:5:15:5:25 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const short * | const short * | +| buildless.cpp:6:13:6:23 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const int * | const int * | +| buildless.cpp:7:11:7:21 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | +| buildless.cpp:8:12:8:22 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | +| buildless.cpp:9:12:9:22 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | | test.cpp:6:30:6:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:14:30:14:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:22:25:22:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp new file mode 100644 index 00000000000..cc93ef719b5 --- /dev/null +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp @@ -0,0 +1,10 @@ +// semmle-extractor-options: --expect_errors + +void test_buildless(const char *p_c, const short *p_short, const int *p_int, const uint8_t *p_8, const uint16_t *p_16, const uint32_t *p_32) { + *(p_c + sizeof(int)); // GOOD (`sizeof(char)` is 1) + *(p_short + sizeof(int)); // BAD + *(p_int + sizeof(int)); // BAD + *(p_8 + sizeof(int)); // GOOD (`sizeof(p_8)` is 1) [FALSE POSITIVE] + *(p_16 + sizeof(int)); // BAD + *(p_32 + sizeof(int)); // BAD +} diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp index f2ad227417e..fa2bd934cca 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp @@ -93,3 +93,9 @@ private: myChar * const myCharsPointer; myInt * const myIntsPointer; }; + +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; + +void test_buildless(const char *p_c, const short *p_short, const int *p_int, const uint8_t *p_8, const uint16_t *p_16, const uint32_t *p_32); From 0f794b57ed742e7551c50a40a56e2fb09240eb61 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 19 Mar 2026 13:16:16 +0000 Subject: [PATCH 08/13] C++: Fix the issue. --- cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | 3 ++- .../SuspiciousAddWithSizeof.expected | 3 --- .../CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp | 6 +++--- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql index d9c9df4fd91..343e96a00d3 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql @@ -18,7 +18,8 @@ import IncorrectPointerScalingCommon private predicate isCharSzPtrExpr(Expr e) { exists(PointerType pt | pt = e.getFullyConverted().getUnspecifiedType() | pt.getBaseType() instanceof CharType or - pt.getBaseType() instanceof VoidType + pt.getBaseType() instanceof VoidType or + pt.getBaseType() instanceof ErroneousType // this could be char / void type in a successful compilation ) } diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected index c1a192afc3a..dbff4230f25 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected @@ -1,8 +1,5 @@ | buildless.cpp:5:15:5:25 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const short * | const short * | | buildless.cpp:6:13:6:23 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const int * | const int * | -| buildless.cpp:7:11:7:21 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | -| buildless.cpp:8:12:8:22 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | -| buildless.cpp:9:12:9:22 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const * | const * | | test.cpp:6:30:6:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:14:30:14:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:22:25:22:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp index cc93ef719b5..bfe4f546803 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp @@ -4,7 +4,7 @@ void test_buildless(const char *p_c, const short *p_short, const int *p_int, con *(p_c + sizeof(int)); // GOOD (`sizeof(char)` is 1) *(p_short + sizeof(int)); // BAD *(p_int + sizeof(int)); // BAD - *(p_8 + sizeof(int)); // GOOD (`sizeof(p_8)` is 1) [FALSE POSITIVE] - *(p_16 + sizeof(int)); // BAD - *(p_32 + sizeof(int)); // BAD + *(p_8 + sizeof(int)); // GOOD (`sizeof(p_8)` is 1, but there's an error in the type) + *(p_16 + sizeof(int)); // BAD [NOT DETECTED] + *(p_32 + sizeof(int)); // BAD [NOT DETECTED] } From 21cb11ea5d1b343a68e7be818c41a9984c85ad69 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 19 Mar 2026 13:29:41 +0000 Subject: [PATCH 09/13] C++: Change note. --- cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md diff --git a/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md new file mode 100644 index 00000000000..387e2d44b46 --- /dev/null +++ b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases. From 92c9a8e1460d711c3ea87ab01725baa273905dce Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 19 Mar 2026 13:51:03 +0000 Subject: [PATCH 10/13] Update cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp --- .../CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp index bfe4f546803..b0b590fba69 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp @@ -4,7 +4,7 @@ void test_buildless(const char *p_c, const short *p_short, const int *p_int, con *(p_c + sizeof(int)); // GOOD (`sizeof(char)` is 1) *(p_short + sizeof(int)); // BAD *(p_int + sizeof(int)); // BAD - *(p_8 + sizeof(int)); // GOOD (`sizeof(p_8)` is 1, but there's an error in the type) + *(p_8 + sizeof(int)); // GOOD (`sizeof(uint8_t)` is 1, but there's an error in the type) *(p_16 + sizeof(int)); // BAD [NOT DETECTED] *(p_32 + sizeof(int)); // BAD [NOT DETECTED] } From b9592fef2dadd41de06be7d0b5e5912046b52576 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 15:48:11 +0000 Subject: [PATCH 11/13] Bump bazel_skylib from 1.8.1 to 1.9.0 Bumps [bazel_skylib](https://github.com/bazelbuild/bazel-skylib) from 1.8.1 to 1.9.0. - [Release notes](https://github.com/bazelbuild/bazel-skylib/releases) - [Changelog](https://github.com/bazelbuild/bazel-skylib/blob/main/CHANGELOG.md) - [Commits](https://github.com/bazelbuild/bazel-skylib/compare/1.8.1...1.9.0) --- updated-dependencies: - dependency-name: bazel_skylib dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- MODULE.bazel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MODULE.bazel b/MODULE.bazel index 4f0f31fb2d3..5b4795feb31 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -22,7 +22,7 @@ bazel_dep(name = "rules_pkg", version = "1.2.0") bazel_dep(name = "rules_nodejs", version = "6.7.3") bazel_dep(name = "rules_python", version = "1.9.0") bazel_dep(name = "rules_shell", version = "0.6.1") -bazel_dep(name = "bazel_skylib", version = "1.8.1") +bazel_dep(name = "bazel_skylib", version = "1.9.0") bazel_dep(name = "abseil-cpp", version = "20260107.1", repo_name = "absl") bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json") bazel_dep(name = "fmt", version = "12.1.0-codeql.1") From fef758998cfcba5aef75839a646e61a3cf0a6d84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 15:48:18 +0000 Subject: [PATCH 12/13] Bump rules_java from 9.0.3 to 9.6.1 Bumps [rules_java](https://github.com/bazelbuild/rules_java) from 9.0.3 to 9.6.1. - [Release notes](https://github.com/bazelbuild/rules_java/releases) - [Commits](https://github.com/bazelbuild/rules_java/compare/9.0.3...9.6.1) --- updated-dependencies: - dependency-name: rules_java dependency-version: 9.6.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- MODULE.bazel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MODULE.bazel b/MODULE.bazel index 4f0f31fb2d3..46e526770ae 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -17,7 +17,7 @@ local_path_override( bazel_dep(name = "platforms", version = "1.0.0") bazel_dep(name = "rules_cc", version = "0.2.17") bazel_dep(name = "rules_go", version = "0.60.0") -bazel_dep(name = "rules_java", version = "9.0.3") +bazel_dep(name = "rules_java", version = "9.6.1") bazel_dep(name = "rules_pkg", version = "1.2.0") bazel_dep(name = "rules_nodejs", version = "6.7.3") bazel_dep(name = "rules_python", version = "1.9.0") From 9c6276ef48ecef9d01fcc6b9038e5c3330ec0a7f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 19 Mar 2026 16:17:04 +0000 Subject: [PATCH 13/13] C++: Change note. --- cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md diff --git a/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md b/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md new file mode 100644 index 00000000000..6a1133917bf --- /dev/null +++ b/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations.