From 4ad31f9f2ff5d600b5b7ad895356a20a2ef7c954 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 13 Oct 2023 13:41:18 +0000 Subject: [PATCH] Release preparation for version 2.15.0 --- cpp/ql/lib/CHANGELOG.md | 7 ++++ .../0.10.1.md} | 7 ++-- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++ cpp/ql/src/change-notes/released/0.8.1.md | 3 ++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++ .../lib/change-notes/released/1.7.1.md | 3 ++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++ .../src/change-notes/released/1.7.1.md | 3 ++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 6 +++ .../0.8.1.md} | 7 ++-- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++ csharp/ql/src/change-notes/released/0.8.1.md | 3 ++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 7 ++++ .../2023-10-09-outdated-deprecations.md | 4 -- .../0.7.1.md} | 10 +++-- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 6 +++ .../0.7.1.md} | 7 ++-- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++ .../src/change-notes/released/0.0.6.md | 3 ++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 37 +++++++++++++++++++ ...023-10-07-MemberRefExpr-getReceiverExpr.md | 4 -- .../2023-10-09-outdated-deprecations.md | 12 ------ .../0.8.1.md} | 20 ++++++++-- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 6 +++ .../0.8.1.md} | 9 +++-- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 13 +++++++ .../2023-10-07-tagged-template-litterals.md | 5 --- .../0.8.1.md} | 9 +++-- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 +++ .../0.8.1.md} | 7 ++-- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++ .../change-notes/released/0.7.1.md | 3 ++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 13 +++++++ ...-07-20-add-unsafe-deserialization-sinks.md | 4 -- .../2023-10-10-api-graphs-import-star.md | 4 -- .../0.11.1.md} | 9 +++-- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++ python/ql/src/change-notes/released/0.9.1.md | 3 ++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 11 ++++++ .../2023-09-18-graphql-sources.md | 4 -- .../0.8.1.md} | 8 ++-- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++ ruby/ql/src/change-notes/released/0.8.1.md | 3 ++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++ .../change-notes/released/0.1.1.md | 3 ++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++ .../dataflow/change-notes/released/0.1.1.md | 3 ++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++ shared/mad/change-notes/released/0.2.1.md | 3 ++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++ shared/regex/change-notes/released/0.2.1.md | 3 ++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++ shared/ssa/change-notes/released/0.2.1.md | 3 ++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++ .../tutorial/change-notes/released/0.2.1.md | 3 ++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++ .../change-notes/released/0.2.1.md | 3 ++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++ shared/typos/change-notes/released/0.2.1.md | 3 ++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++ shared/util/change-notes/released/0.2.1.md | 3 ++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++ shared/yaml/change-notes/released/0.2.1.md | 3 ++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 9 +++++ .../2023-09-14-for-in-data-flow.md | 6 --- .../change-notes/2023-09-15-nil-coalescing.md | 5 --- .../change-notes/2023-09-29-numeric-models.md | 5 --- swift/ql/lib/change-notes/released/0.3.1.md | 8 ++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 7 ++++ ...-09-22-cleartext-storage-database-sinks.md | 4 -- .../2023-10-06-const-key-sinks.md | 4 -- swift/ql/src/change-notes/released/0.3.1.md | 6 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 132 files changed, 389 insertions(+), 153 deletions(-) rename cpp/ql/lib/change-notes/{2023-10-09-outdated-deprecations.md => released/0.10.1.md} (84%) create mode 100644 cpp/ql/src/change-notes/released/0.8.1.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md rename csharp/ql/lib/change-notes/{2023-10-09-outdated-deprecations.md => released/0.8.1.md} (77%) create mode 100644 csharp/ql/src/change-notes/released/0.8.1.md delete mode 100644 go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename go/ql/lib/change-notes/{2023-09-25-add-new-file-system-access-sinks.md => released/0.7.1.md} (64%) rename go/ql/src/change-notes/{2023-10-03-incorrect-integer-conversion-improved.md => released/0.7.1.md} (90%) create mode 100644 java/ql/automodel/src/change-notes/released/0.0.6.md delete mode 100644 java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md delete mode 100644 java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename java/ql/lib/change-notes/{2023-10-05-moved-localuserinput-to-mad.md => released/0.8.1.md} (51%) rename java/ql/src/change-notes/{2023-10-06-threat-models.md => released/0.8.1.md} (77%) delete mode 100644 javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md rename javascript/ql/lib/change-notes/{2023-10-09-outdated-deprecations.md => released/0.8.1.md} (69%) rename javascript/ql/src/change-notes/{2023-10-05-amd-range.md => released/0.8.1.md} (74%) create mode 100644 misc/suite-helpers/change-notes/released/0.7.1.md delete mode 100644 python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md delete mode 100644 python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md rename python/ql/lib/change-notes/{2023-10-09-outdated-deprecations.md => released/0.11.1.md} (55%) create mode 100644 python/ql/src/change-notes/released/0.9.1.md delete mode 100644 ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md rename ruby/ql/lib/change-notes/{2023-10-09-outdated-deprecations.md => released/0.8.1.md} (83%) create mode 100644 ruby/ql/src/change-notes/released/0.8.1.md create mode 100644 shared/controlflow/change-notes/released/0.1.1.md create mode 100644 shared/dataflow/change-notes/released/0.1.1.md create mode 100644 shared/mad/change-notes/released/0.2.1.md create mode 100644 shared/regex/change-notes/released/0.2.1.md create mode 100644 shared/ssa/change-notes/released/0.2.1.md create mode 100644 shared/tutorial/change-notes/released/0.2.1.md create mode 100644 shared/typetracking/change-notes/released/0.2.1.md create mode 100644 shared/typos/change-notes/released/0.2.1.md create mode 100644 shared/util/change-notes/released/0.2.1.md create mode 100644 shared/yaml/change-notes/released/0.2.1.md delete mode 100644 swift/ql/lib/change-notes/2023-09-14-for-in-data-flow.md delete mode 100644 swift/ql/lib/change-notes/2023-09-15-nil-coalescing.md delete mode 100644 swift/ql/lib/change-notes/2023-09-29-numeric-models.md create mode 100644 swift/ql/lib/change-notes/released/0.3.1.md delete mode 100644 swift/ql/src/change-notes/2023-09-22-cleartext-storage-database-sinks.md delete mode 100644 swift/ql/src/change-notes/2023-10-06-const-key-sinks.md create mode 100644 swift/ql/src/change-notes/released/0.3.1.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 827d7ded490..5dec13e72b5 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.10.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. + ## 0.10.0 ### Minor Analysis Improvements diff --git a/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/cpp/ql/lib/change-notes/released/0.10.1.md similarity index 84% rename from cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename to cpp/ql/lib/change-notes/released/0.10.1.md index 7de425ff9f4..05d13789228 100644 --- a/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ b/cpp/ql/lib/change-notes/released/0.10.1.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.10.1 + +### Minor Analysis Improvements + * Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`. * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index b21db623245..af7510b3cd6 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.0 +lastReleaseVersion: 0.10.1 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 6cd876f9267..bee00a069ed 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.10.1-dev +version: 0.10.1 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index cf5256e244d..1bbd04e8851 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.1 + +No user-facing changes. + ## 0.8.0 ### Query Metadata Changes diff --git a/cpp/ql/src/change-notes/released/0.8.1.md b/cpp/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..7abde0cb2bf --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,3 @@ +## 0.8.1 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 2c693b7de4d..20e9f7450ff 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.1-dev +version: 0.8.1 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 61606368e4c..6d013d8ce69 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.1 + +No user-facing changes. + ## 1.7.0 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md new file mode 100644 index 00000000000..5c9570fd0c3 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md @@ -0,0 +1,3 @@ +## 1.7.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index d1184cc6750..7bdec0d85c7 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.0 +lastReleaseVersion: 1.7.1 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f4dd73b013e..85e7c923a5f 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.1-dev +version: 1.7.1 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 61606368e4c..6d013d8ce69 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.1 + +No user-facing changes. + ## 1.7.0 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md new file mode 100644 index 00000000000..5c9570fd0c3 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md @@ -0,0 +1,3 @@ +## 1.7.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index d1184cc6750..7bdec0d85c7 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.0 +lastReleaseVersion: 1.7.1 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index c6a5d903839..45156516ef2 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.1-dev +version: 1.7.1 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index de8d30425f7..8c7b2cd062c 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. + ## 0.8.0 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/csharp/ql/lib/change-notes/released/0.8.1.md similarity index 77% rename from csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename to csharp/ql/lib/change-notes/released/0.8.1.md index 68748fbc4b8..272351f6e76 100644 --- a/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ b/csharp/ql/lib/change-notes/released/0.8.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.1 + +### Minor Analysis Improvements + * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 16908da66d0..1d7e566d0b4 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.1-dev +version: 0.8.1 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 4b03f57bd9e..385755b720c 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.1 + +No user-facing changes. + ## 0.8.0 ### New Queries diff --git a/csharp/ql/src/change-notes/released/0.8.1.md b/csharp/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..7abde0cb2bf --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,3 @@ +## 0.8.1 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index ab9f80b9de5..f8363dcf421 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.1-dev +version: 0.8.1 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 5b4530cd2a9..e8a5288cb3d 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris). + ## 0.7.0 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md deleted file mode 100644 index 68748fbc4b8..00000000000 --- a/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md b/go/ql/lib/change-notes/released/0.7.1.md similarity index 64% rename from go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md rename to go/ql/lib/change-notes/released/0.7.1.md index 4c7a89495a2..d78161d9c99 100644 --- a/go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md +++ b/go/ql/lib/change-notes/released/0.7.1.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- -* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris). \ No newline at end of file +## 0.7.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris). diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index c761f3e7ab4..e007a9aec3e 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.0 +lastReleaseVersion: 0.7.1 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index fb6cd563873..e1d937b12b8 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.1-dev +version: 0.7.1 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 0e1e2c03097..7ceadcda745 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results. + ## 0.7.0 No user-facing changes. diff --git a/go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md b/go/ql/src/change-notes/released/0.7.1.md similarity index 90% rename from go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md rename to go/ql/src/change-notes/released/0.7.1.md index 1f0bc0cffe6..d88d1ee5510 100644 --- a/go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md +++ b/go/ql/src/change-notes/released/0.7.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.7.1 + +### Minor Analysis Improvements + * The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index c761f3e7ab4..e007a9aec3e 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.0 +lastReleaseVersion: 0.7.1 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 9916dec16af..1bb0feb1fbf 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.1-dev +version: 0.7.1 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index ee2610f9bd6..89d062a2a24 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.6.md b/java/ql/automodel/src/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..ccbce856079 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index d5cf1638015..8a941153cab 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.6-dev +version: 0.0.6 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 34b1f5487a9..4dd05ecf7ab 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,40 @@ +## 0.8.1 + +### New Features + +* Added predicate `MemberRefExpr::getReceiverExpr` + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAValue` predicate from the `Annotation` class. +* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. +* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. +* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. +* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. +* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. +* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. +* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. +* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes. + There are no changes to results unless you add source models using the `environment` or `file` source kinds. +* Added `environment` source models for the following methods: + * `java.lang.System#getenv` + * `java.lang.System#getProperties` + * `java.lang.System#getProperty` + * `java.util.Properties#get` + * `java.util.Properties#getProperty` +* Added `file` source models for the following methods: + * the `java.io.FileInputStream` constructor + * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded` + * `hudson.FilePath#openInputStream` + * `hudson.FilePath#read` + * `hudson.FilePath#readFromOffset` + * `hudson.FilePath#readToString` +* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes. + There are no changes to results unless you add source models using the `database` source kind. +* Added `database` source models for the following method: + * `java.sql.ResultSet#getString` + ## 0.8.0 ### New Features diff --git a/java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md b/java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md deleted file mode 100644 index 150a1615df2..00000000000 --- a/java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added predicate `MemberRefExpr::getReceiverExpr` diff --git a/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md deleted file mode 100644 index e5701bd768d..00000000000 --- a/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. -* Deleted the deprecated `getAValue` predicate from the `Annotation` class. -* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. -* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. -* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. -* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. -* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. -* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. -* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. diff --git a/java/ql/lib/change-notes/2023-10-05-moved-localuserinput-to-mad.md b/java/ql/lib/change-notes/released/0.8.1.md similarity index 51% rename from java/ql/lib/change-notes/2023-10-05-moved-localuserinput-to-mad.md rename to java/ql/lib/change-notes/released/0.8.1.md index 7d977eb472b..535138b0b2e 100644 --- a/java/ql/lib/change-notes/2023-10-05-moved-localuserinput-to-mad.md +++ b/java/ql/lib/change-notes/released/0.8.1.md @@ -1,6 +1,20 @@ ---- -category: minorAnalysis ---- +## 0.8.1 + +### New Features + +* Added predicate `MemberRefExpr::getReceiverExpr` + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAValue` predicate from the `Annotation` class. +* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. +* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. +* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. +* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. +* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. +* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. +* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. * Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes. There are no changes to results unless you add source models using the `environment` or `file` source kinds. * Added `environment` source models for the following methods: diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index eef8bc66fe1..92d5e5316d3 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.1-dev +version: 0.8.1 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index ea706bfd055..c0a6261d914 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. + ## 0.8.0 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-10-06-threat-models.md b/java/ql/src/change-notes/released/0.8.1.md similarity index 77% rename from java/ql/src/change-notes/2023-10-06-threat-models.md rename to java/ql/src/change-notes/released/0.8.1.md index 4fc9dda7fab..0b1620f54c2 100644 --- a/java/ql/src/change-notes/2023-10-06-threat-models.md +++ b/java/ql/src/change-notes/released/0.8.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. \ No newline at end of file +## 0.8.1 + +### Minor Analysis Improvements + +* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index bced8cc4b86..4dfb807356d 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.1-dev +version: 0.8.1 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index f1aac73b577..3af088ceccf 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. +* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`. +* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`. +* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead. +* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead. +* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead. +* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, + and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`. + ## 0.8.0 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md b/javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md deleted file mode 100644 index 50d8cae7787..00000000000 --- a/javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, - and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/javascript/ql/lib/change-notes/released/0.8.1.md similarity index 69% rename from javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename to javascript/ql/lib/change-notes/released/0.8.1.md index 0b36012f85f..ea2bdf280e1 100644 --- a/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ b/javascript/ql/lib/change-notes/released/0.8.1.md @@ -1,9 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.8.1 + +### Minor Analysis Improvements + * Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. * Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`. * Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`. * Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead. * Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead. * Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead. +* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, + and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 3f14c99a88b..03cfc07b739 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.1-dev +version: 0.8.1 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 8c0e3b427e9..1effcdfa16d 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Added the `AmdModuleDefinition::Range` class, making it possible to define custom aliases for the AMD `define` function. + ## 0.8.0 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-10-05-amd-range.md b/javascript/ql/src/change-notes/released/0.8.1.md similarity index 74% rename from javascript/ql/src/change-notes/2023-10-05-amd-range.md rename to javascript/ql/src/change-notes/released/0.8.1.md index fd6af55999c..bb0b3c84137 100644 --- a/javascript/ql/src/change-notes/2023-10-05-amd-range.md +++ b/javascript/ql/src/change-notes/released/0.8.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.1 + +### Minor Analysis Improvements + * Added the `AmdModuleDefinition::Range` class, making it possible to define custom aliases for the AMD `define` function. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 95c39434842..99853b45bca 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.1-dev +version: 0.8.1 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 7467add73ba..a3fe08e3d49 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.1 + +No user-facing changes. + ## 0.7.0 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.1.md b/misc/suite-helpers/change-notes/released/0.7.1.md new file mode 100644 index 00000000000..86973d36042 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.1.md @@ -0,0 +1,3 @@ +## 0.7.1 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index c761f3e7ab4..e007a9aec3e 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.0 +lastReleaseVersion: 0.7.1 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 0d1250e8707..01746403335 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.1-dev +version: 0.7.1 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 63030992999..e3d2d5574a0 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.11.1 + +### Minor Analysis Improvements + +* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()` +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAUse`, `getAnImmediateUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. +* Deleted the deprecated `fullyQualifiedToAPIGraphPath` class from `SubclassFinder.qll`, use `fullyQualifiedToApiGraphPath` instead. +* Deleted the deprecated `Paths.qll` file. +* Deleted the deprecated `semmle.python.security.performance` folder, use `semmle.python.security.regexp` instead. +* Deleted the deprecated `semmle.python.security.strings` and `semmle.python.web` folders. +* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`. + ## 0.11.0 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md b/python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md deleted file mode 100644 index 65077d5e346..00000000000 --- a/python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md b/python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md deleted file mode 100644 index 814a9567c56..00000000000 --- a/python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()` diff --git a/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/python/ql/lib/change-notes/released/0.11.1.md similarity index 55% rename from python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename to python/ql/lib/change-notes/released/0.11.1.md index 25f617c606a..d6fc91fe029 100644 --- a/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ b/python/ql/lib/change-notes/released/0.11.1.md @@ -1,9 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.11.1 + +### Minor Analysis Improvements + +* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()` * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. * Deleted the deprecated `getAUse`, `getAnImmediateUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. * Deleted the deprecated `fullyQualifiedToAPIGraphPath` class from `SubclassFinder.qll`, use `fullyQualifiedToApiGraphPath` instead. * Deleted the deprecated `Paths.qll` file. * Deleted the deprecated `semmle.python.security.performance` folder, use `semmle.python.security.regexp` instead. * Deleted the deprecated `semmle.python.security.strings` and `semmle.python.web` folders. +* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index fce68697d68..924f56c785a 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.0 +lastReleaseVersion: 0.11.1 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 070d058b79c..82f55781033 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.1-dev +version: 0.11.1 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 230f54ce645..2d64d52f78b 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.1 + +No user-facing changes. + ## 0.9.0 ### New Queries diff --git a/python/ql/src/change-notes/released/0.9.1.md b/python/ql/src/change-notes/released/0.9.1.md new file mode 100644 index 00000000000..5ab7a1ee037 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.1.md @@ -0,0 +1,3 @@ +## 0.9.1 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 8b9fc185202..6789dcd18b7 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.0 +lastReleaseVersion: 0.9.1 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index dd2d91e0d88..bf7793fd0fb 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.1-dev +version: 0.9.1 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index f44809f63d2..b531f75ca94 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `isWeak` predicate from the `CryptographicOperation` class. +* Deleted the deprecated `getStringOrSymbol` and `isStringOrSymbol` predicates from the `ConstantValue` class. +* Deleted the deprecated `getAPI` from the `IOOrFileMethodCall` class. +* Deleted the deprecated `codeql.ruby.security.performance` folder, use `codeql.ruby.security.regexp` instead. +* GraphQL enums are no longer considered remote flow sources. + ## 0.8.0 ### Major Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md b/ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md deleted file mode 100644 index 70f065cee12..00000000000 --- a/ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* GraphQL enums are no longer considered remote flow sources. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/ruby/ql/lib/change-notes/released/0.8.1.md similarity index 83% rename from ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md rename to ruby/ql/lib/change-notes/released/0.8.1.md index d7dd2607a01..9a8a36d1459 100644 --- a/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md +++ b/ruby/ql/lib/change-notes/released/0.8.1.md @@ -1,8 +1,10 @@ ---- -category: minorAnalysis ---- +## 0.8.1 + +### Minor Analysis Improvements + * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. * Deleted the deprecated `isWeak` predicate from the `CryptographicOperation` class. * Deleted the deprecated `getStringOrSymbol` and `isStringOrSymbol` predicates from the `ConstantValue` class. * Deleted the deprecated `getAPI` from the `IOOrFileMethodCall` class. * Deleted the deprecated `codeql.ruby.security.performance` folder, use `codeql.ruby.security.regexp` instead. +* GraphQL enums are no longer considered remote flow sources. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 9cadc1e426b..afc74c88081 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.1-dev +version: 0.8.1 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 6694814c95f..cb25fb1e05c 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.1 + +No user-facing changes. + ## 0.8.0 ### Minor Analysis Improvements diff --git a/ruby/ql/src/change-notes/released/0.8.1.md b/ruby/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..7abde0cb2bf --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,3 @@ +## 0.8.1 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 37eab3197dc..2f693f95ba6 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.0 +lastReleaseVersion: 0.8.1 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3736cf58d5e..11570113df3 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.1-dev +version: 0.8.1 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 1a5a17a4456..ea568563760 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.1 + +No user-facing changes. + ## 0.1.0 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.1.md b/shared/controlflow/change-notes/released/0.1.1.md new file mode 100644 index 00000000000..481c4392f3d --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.1.md @@ -0,0 +1,3 @@ +## 0.1.1 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 2e08f40f6aa..92d1505475f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.0 +lastReleaseVersion: 0.1.1 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index dbe30353faa..d2c69dfebaf 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.1-dev +version: 0.1.1 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index e72f0484bcb..0a46c80290f 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.1 + +No user-facing changes. + ## 0.1.0 ### Major Analysis Improvements diff --git a/shared/dataflow/change-notes/released/0.1.1.md b/shared/dataflow/change-notes/released/0.1.1.md new file mode 100644 index 00000000000..481c4392f3d --- /dev/null +++ b/shared/dataflow/change-notes/released/0.1.1.md @@ -0,0 +1,3 @@ +## 0.1.1 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 2e08f40f6aa..92d1505475f 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.0 +lastReleaseVersion: 0.1.1 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index ec5545512d3..ce0e21746ba 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.1-dev +version: 0.1.1 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 0df0d4f14e3..8b83d14599d 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.1.md b/shared/mad/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 65c2427b51f..9c74a93ceba 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true dependencies: null diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 9dc3e22056f..e9e382e822f 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.1.md b/shared/regex/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index dff299a45fe..8c754d14ffe 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 19312140989..14f5315d943 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.1.md b/shared/ssa/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index adc544b4903..dbafe8fc379 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index e1eddb1ead0..00fd8e38eb7 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.1.md b/shared/tutorial/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 8077e73830e..9dea5769e77 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 37615bfd8d4..d38fa8cd134 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.1.md b/shared/typetracking/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index f320129ff12..853735aa3df 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index d77fa94eb25..86271e826fc 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.1.md b/shared/typos/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a200e7d01b2..2d2ef8add55 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 02134dcfd4f..389870529d1 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.1.md b/shared/util/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/util/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index fd764901fb4..d24a3d7d796 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 4e844168d15..f7309a0c5e8 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.1 + +No user-facing changes. + ## 0.2.0 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.1.md b/shared/yaml/change-notes/released/0.2.1.md new file mode 100644 index 00000000000..3dbfc85fe11 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.1.md @@ -0,0 +1,3 @@ +## 0.2.1 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 5274e27ed52..df29a726bcc 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.0 +lastReleaseVersion: 0.2.1 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 88f0cb28924..65d07c09664 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.1-dev +version: 0.2.1 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 6011d2aa60d..c6e233b82b6 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,12 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Improved taint models for `Numeric` types and `RangeReplaceableCollection`s. +* The nil-coalescing operator `??` is now supported by the CFG construction and dataflow libraries. +* The data flow library now supports flow to the loop variable of for-in loops. +* The methods `getIteratorVar` and `getNextCall` have been added to the `ForEachStmt` class. + ## 0.3.0 ### Deprecated APIs diff --git a/swift/ql/lib/change-notes/2023-09-14-for-in-data-flow.md b/swift/ql/lib/change-notes/2023-09-14-for-in-data-flow.md deleted file mode 100644 index 4cf228a13fe..00000000000 --- a/swift/ql/lib/change-notes/2023-09-14-for-in-data-flow.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- - -* The data flow library now supports flow to the loop variable of for-in loops. -* The methods `getIteratorVar` and `getNextCall` have been added to the `ForEachStmt` class. diff --git a/swift/ql/lib/change-notes/2023-09-15-nil-coalescing.md b/swift/ql/lib/change-notes/2023-09-15-nil-coalescing.md deleted file mode 100644 index 96f315c3a46..00000000000 --- a/swift/ql/lib/change-notes/2023-09-15-nil-coalescing.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* The nil-coalescing operator `??` is now supported by the CFG construction and dataflow libraries. diff --git a/swift/ql/lib/change-notes/2023-09-29-numeric-models.md b/swift/ql/lib/change-notes/2023-09-29-numeric-models.md deleted file mode 100644 index cc127461fc9..00000000000 --- a/swift/ql/lib/change-notes/2023-09-29-numeric-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Improved taint models for `Numeric` types and `RangeReplaceableCollection`s. diff --git a/swift/ql/lib/change-notes/released/0.3.1.md b/swift/ql/lib/change-notes/released/0.3.1.md new file mode 100644 index 00000000000..7e23e5a7b97 --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.1.md @@ -0,0 +1,8 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Improved taint models for `Numeric` types and `RangeReplaceableCollection`s. +* The nil-coalescing operator `??` is now supported by the CFG construction and dataflow libraries. +* The data flow library now supports flow to the loop variable of for-in loops. +* The methods `getIteratorVar` and `getNextCall` have been added to the `ForEachStmt` class. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 95f6e3a0ba6..bb106b1cb63 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.3.1 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index fbe598dbda0..c9b1caee870 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.1-dev +version: 0.3.1 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 492dfbf8bb9..24bffa7a789 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Added sinks for the GRDB database library to the `swift/hardcoded-key` query. +* Added sqlite3 and SQLite.swift sinks and flow summaries for the `swift/cleartext-storage-database` query. + ## 0.3.0 ### Minor Analysis Improvements diff --git a/swift/ql/src/change-notes/2023-09-22-cleartext-storage-database-sinks.md b/swift/ql/src/change-notes/2023-09-22-cleartext-storage-database-sinks.md deleted file mode 100644 index b1f7015c360..00000000000 --- a/swift/ql/src/change-notes/2023-09-22-cleartext-storage-database-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sqlite3 and SQLite.swift sinks and flow summaries for the `swift/cleartext-storage-database` query. diff --git a/swift/ql/src/change-notes/2023-10-06-const-key-sinks.md b/swift/ql/src/change-notes/2023-10-06-const-key-sinks.md deleted file mode 100644 index e3a5f4d6260..00000000000 --- a/swift/ql/src/change-notes/2023-10-06-const-key-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sinks for the GRDB database library to the `swift/hardcoded-key` query. \ No newline at end of file diff --git a/swift/ql/src/change-notes/released/0.3.1.md b/swift/ql/src/change-notes/released/0.3.1.md new file mode 100644 index 00000000000..e8f81c4ebe1 --- /dev/null +++ b/swift/ql/src/change-notes/released/0.3.1.md @@ -0,0 +1,6 @@ +## 0.3.1 + +### Minor Analysis Improvements + +* Added sinks for the GRDB database library to the `swift/hardcoded-key` query. +* Added sqlite3 and SQLite.swift sinks and flow summaries for the `swift/cleartext-storage-database` query. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 95f6e3a0ba6..bb106b1cb63 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.3.1 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index b691018ae75..d2198bdd87a 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.1-dev +version: 0.3.1 groups: - swift - queries