Release preparation for version 2.24.0

2026-02-12 05:01:06 +01:00 · 2026-01-19 14:49:14 +00:00
parent bedb80346a
commit 4142b9c4ce
218 changed files with 587 additions and 316 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 2.6.20
+
+### Minor Analysis Improvements
+
+- Support `use cache` directives for Next.js 16.
+* Added `PreCallGraphStep` flow model for React's `useRef` hook.
+* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
+
 ## 2.6.19

 No user-facing changes.
--- a/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md
+++ b/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added `PreCallGraphStep` flow model for React's `useRef` hook.
-* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
--- a/javascript/ql/lib/change-notes/2025-11-30-use-cache-directives.md
+++ b/javascript/ql/lib/change-notes/2025-11-30-use-cache-directives.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-
- Support `use cache` directives for Next.js 16.
--- a/javascript/ql/lib/change-notes/released/2.6.20.md
+++ b/javascript/ql/lib/change-notes/released/2.6.20.md
@@ -0,0 +1,7 @@
+## 2.6.20
+
+### Minor Analysis Improvements
+
+- Support `use cache` directives for Next.js 16.
+* Added `PreCallGraphStep` flow model for React's `useRef` hook.
+* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.19
+lastReleaseVersion: 2.6.20
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.20-dev
+version: 2.6.20
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 2.3.0
+
+### Major Analysis Improvements
+
+* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
+  For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
+  `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
+
+### Minor Analysis Improvements
+
+* The model of `vue-router` now properly detects taint sources in cases where
+  the `props` property is a callback.
+* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
+  named `route` or `page` appearing outside `api` and `pages` folders.
+* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
+  is set, since the content type defaults to `text/plain`.
+
 ## 2.2.4

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2025-11-26-nextjs-page-route-files.md
+++ b/javascript/ql/src/change-notes/2025-11-26-nextjs-page-route-files.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
-  named `route` or `page` appearing outside `api` and `pages` folders.
--- a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
+++ b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
-  is set, since the content type defaults to `text/plain`.
--- a/javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
+++ b/javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
@@ -1,6 +0,0 @@
---
-category: majorAnalysis
---
-* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
-  For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
-  `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
--- a/javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md
+++ b/javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The model of `vue-router` now properly detects taint sources in cases where
-  the `props` property is a callback.
--- a/javascript/ql/src/change-notes/released/2.3.0.md
+++ b/javascript/ql/src/change-notes/released/2.3.0.md
@@ -0,0 +1,16 @@
+## 2.3.0
+
+### Major Analysis Improvements
+
+* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
+  For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
+  `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
+
+### Minor Analysis Improvements
+
+* The model of `vue-router` now properly detects taint sources in cases where
+  the `props` property is a callback.
+* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
+  named `route` or `page` appearing outside `api` and `pages` folders.
+* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
+  is set, since the content type defaults to `text/plain`.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.2.4
+lastReleaseVersion: 2.3.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.2.5-dev
+version: 2.3.0
 groups:
  - javascript
  - queries