hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19488 from github/release-prep/2.21.3

Browse Source 
Release preparation for version 2.21.3
This commit is contained in:
Chris Smowton
2025-05-13 22:22:20 +01:00
committed by GitHub
parent c6cc4c0e13 2de4a01c86
commit 4bb829ebec
168 changed files with 450 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.9
No user-facing changes.
## 0.4.8
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.9.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.9
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.8
lastReleaseVersion: 0.4.9

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.9-dev
version: 0.4.9
library: true
warnOnImplicitThis: true
dependencies:

4
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.6.1
No user-facing changes.
## 0.6.0
### Breaking Changes

3
actions/ql/src/change-notes/released/0.6.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.1
No user-facing changes.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.0
lastReleaseVersion: 0.6.1

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.1-dev
version: 0.6.1
library: false
warnOnImplicitThis: true
groups: [actions, queries]

6
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 4.3.1
### Bug Fixes
* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
## 4.3.0
### New Features

9
cpp/ql/lib/change-notes/2025-05-13-range-analysis-infinite-loop.md → cpp/ql/lib/change-notes/released/4.3.1.md
View File

@@ -1,4 +1,5 @@
---
category: fix
---
* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
## 4.3.1
### Bug Fixes
* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.3.0
lastReleaseVersion: 4.3.1

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 4.3.1-dev
version: 4.3.1
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

11
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 1.4.0
### Query Metadata Changes
* The tag `external/cwe/cwe-14` has been removed from `cpp/memset-may-be-deleted` and the tag `external/cwe/cwe-014` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api-ir` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api-ir` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/late-check-of-function-argument` and the tag `external/cwe/cwe-020` has been added.
## 1.3.9
No user-facing changes.

7
cpp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → cpp/ql/src/change-notes/released/1.4.0.md
View File

@@ -1,6 +1,7 @@
---
category: queryMetadata
---
## 1.4.0
### Query Metadata Changes
* The tag `external/cwe/cwe-14` has been removed from `cpp/memset-may-be-deleted` and the tag `external/cwe/cwe-014` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api-ir` and the tag `external/cwe/cwe-020` has been added.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.9
lastReleaseVersion: 1.4.0

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.3.10-dev
version: 1.4.0
groups:
- cpp
- queries

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.40
No user-facing changes.
## 1.7.39
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.40.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.40
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.39
lastReleaseVersion: 1.7.40

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.40-dev
version: 1.7.40
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.40
No user-facing changes.
## 1.7.39
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.40.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.40
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.39
lastReleaseVersion: 1.7.40

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.40-dev
version: 1.7.40
groups:
- csharp
- solorigate

4
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.1.6
No user-facing changes.
## 5.1.5
### Minor Analysis Improvements

3
csharp/ql/lib/change-notes/released/5.1.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.1.6
No user-facing changes.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.1.5
lastReleaseVersion: 5.1.6

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.1.6-dev
version: 5.1.6
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

17
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,20 @@
## 1.2.0
### Query Metadata Changes
* The tag `external/cwe/cwe-13` has been removed from `cs/password-in-configuration` and the tag `external/cwe/cwe-013` has been added.
* The tag `external/cwe/cwe-11` has been removed from `cs/web/debug-binary` and the tag `external/cwe/cwe-011` has been added.
* The tag `external/cwe/cwe-16` has been removed from `cs/web/large-max-request-length` and the tag `external/cwe/cwe-016` has been added.
* The tag `external/cwe/cwe-16` has been removed from `cs/web/request-validation-disabled` and the tag `external/cwe/cwe-016` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cs/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cs/serialization-check-bypass` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cs/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-12` has been removed from `cs/web/missing-global-error-handler` and the tag `external/cwe/cwe-012` has been added.
### Minor Analysis Improvements
* Changed the precision of the `cs/equality-on-floats` query from medium to high.
## 1.1.2
### Minor Analysis Improvements

4
csharp/ql/src/change-notes/2025-04-28-equality-on-floats-precision.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Changed the precision of the `cs/equality-on-floats` query from medium to high.

10
csharp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → csharp/ql/src/change-notes/released/1.2.0.md
View File

@@ -1,6 +1,6 @@
---
category: queryMetadata
---
## 1.2.0
### Query Metadata Changes
* The tag `external/cwe/cwe-13` has been removed from `cs/password-in-configuration` and the tag `external/cwe/cwe-013` has been added.
* The tag `external/cwe/cwe-11` has been removed from `cs/web/debug-binary` and the tag `external/cwe/cwe-011` has been added.
@@ -10,3 +10,7 @@ category: queryMetadata
* The tag `external/cwe/cwe-20` has been removed from `cs/serialization-check-bypass` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `cs/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-12` has been removed from `cs/web/missing-global-error-handler` and the tag `external/cwe/cwe-012` has been added.
### Minor Analysis Improvements
* Changed the precision of the `cs/equality-on-floats` query from medium to high.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.2
lastReleaseVersion: 1.2.0

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.1.3-dev
version: 1.2.0
groups:
- csharp
- queries

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.23
No user-facing changes.
## 1.0.22
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.23.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.23
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.22
lastReleaseVersion: 1.0.23

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.23-dev
version: 1.0.23
groups:
- go
- queries

4
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 4.2.5
No user-facing changes.
## 4.2.4
No user-facing changes.

3
go/ql/lib/change-notes/released/4.2.5.md Normal file
View File

@@ -0,0 +1,3 @@
## 4.2.5
No user-facing changes.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.2.4
lastReleaseVersion: 4.2.5

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 4.2.5-dev
version: 4.2.5
groups: go
dbscheme: go.dbscheme
extractor: go

15
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 1.2.0
### Query Metadata Changes
* The tag `external/cwe/cwe-20` has been removed from `go/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/incomplete-hostname-regexp` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/regex/missing-regexp-anchor` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/suspicious-character-in-regex` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-unknown-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-90` has been removed from `go/ldap-injection` and the tag `external/cwe/cwe-090` has been added.
* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection` and the tag `external/cwe/cwe-074` has been added.
* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection-local` and the tag `external/cwe/cwe-074` has been added.
* The tag `external/cwe/cwe-79` has been removed from `go/html-template-escaping-passthrough` and the tag `external/cwe/cwe-079` has been added.
## 1.1.13
No user-facing changes.

6
go/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → go/ql/src/change-notes/released/1.2.0.md
View File

@@ -1,6 +1,6 @@
---
category: queryMetadata
---
## 1.2.0
### Query Metadata Changes
* The tag `external/cwe/cwe-20` has been removed from `go/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `go/incomplete-hostname-regexp` and the tag `external/cwe/cwe-020` has been added.

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.13
lastReleaseVersion: 1.2.0

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.1.14-dev
version: 1.2.0
groups:
- go
- queries

6
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 7.2.0
### New Features
* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
## 7.1.4
No user-facing changes.

7
java/ql/lib/change-notes/2025-04-28-kotlin-220.md → java/ql/lib/change-notes/released/7.2.0.md
View File

@@ -1,4 +1,5 @@
---
category: feature
---
## 7.2.0
### New Features
* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.1.4
lastReleaseVersion: 7.2.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 7.1.5-dev
version: 7.2.0
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

8
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 1.5.0
### Query Metadata Changes
* The tag `external/cwe/cwe-20` has been removed from `java/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `java/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-93` has been removed from `java/netty-http-request-or-response-splitting` and the tag `external/cwe/cwe-093` has been added.
## 1.4.2
### Minor Analysis Improvements

6
java/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → java/ql/src/change-notes/released/1.5.0.md
View File

@@ -1,6 +1,6 @@
---
category: queryMetadata
---
## 1.5.0
### Query Metadata Changes
* The tag `external/cwe/cwe-20` has been removed from `java/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `java/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.2
lastReleaseVersion: 1.5.0

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.4.3-dev
version: 1.5.0
groups:
- java
- queries

8
javascript/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 2.6.3
### Minor Analysis Improvements
* Enhanced modeling of the [fastify](https://www.npmjs.com/package/fastify) framework to support the `all` route handler method.
* Improved modeling of the [`shelljs`](https://www.npmjs.com/package/shelljs) and [`async-shelljs`](https://www.npmjs.com/package/async-shelljs) libraries by adding support for the `which`, `cmd`, `asyncExec` and `env`.
* Added support for the `fastify` `addHook` method.
## 2.6.2
No user-facing changes.

4
javascript/ql/lib/change-notes/2025-04-14-fastify-addhook.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added support for the `fastify` `addHook` method.

4
javascript/ql/lib/change-notes/2025-04-30-fastify-all.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Enhanced modeling of the [fastify](https://www.npmjs.com/package/fastify) framework to support the `all` route handler method.

4
javascript/ql/lib/change-notes/2025-04-30-shelljs.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Improved modeling of the [`shelljs`](https://www.npmjs.com/package/shelljs) and [`async-shelljs`](https://www.npmjs.com/package/async-shelljs) libraries by adding support for the `which`, `cmd`, `asyncExec` and `env`.

7
javascript/ql/lib/change-notes/released/2.6.3.md Normal file
View File

@@ -0,0 +1,7 @@
## 2.6.3
### Minor Analysis Improvements
* Enhanced modeling of the [fastify](https://www.npmjs.com/package/fastify) framework to support the `all` route handler method.
* Improved modeling of the [`shelljs`](https://www.npmjs.com/package/shelljs) and [`async-shelljs`](https://www.npmjs.com/package/async-shelljs) libraries by adding support for the `which`, `cmd`, `asyncExec` and `env`.
* Added support for the `fastify` `addHook` method.

2
javascript/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.6.2
lastReleaseVersion: 2.6.3

2
javascript/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 2.6.3-dev
version: 2.6.3
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript

14
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,17 @@
## 1.6.0
### Query Metadata Changes
* The tag `external/cwe/cwe-79` has been removed from `js/disabling-electron-websecurity` and the tag `external/cwe/cwe-079` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api-more-sources` and the tag `external/cwe/cwe-020` has been added.
### Minor Analysis Improvements
* Type information is now propagated more precisely through `Promise.all()` calls,
leading to more resolved calls and more sources and sinks being detected.
## 1.5.4
No user-facing changes.

5
javascript/ql/src/change-notes/2025-04-30-promise-all.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Type information is now propagated more precisely through `Promise.all()` calls,
leading to more resolved calls and more sources and sinks being detected.

11
javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → javascript/ql/src/change-notes/released/1.6.0.md
View File

@@ -1,8 +1,13 @@
---
category: queryMetadata
---
## 1.6.0
### Query Metadata Changes
* The tag `external/cwe/cwe-79` has been removed from `js/disabling-electron-websecurity` and the tag `external/cwe/cwe-079` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api-more-sources` and the tag `external/cwe/cwe-020` has been added.
### Minor Analysis Improvements
* Type information is now propagated more precisely through `Promise.all()` calls,
leading to more resolved calls and more sources and sinks being detected.

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.4
lastReleaseVersion: 1.6.0

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 1.5.5-dev
version: 1.6.0
groups:
- javascript
- queries

4
misc/suite-helpers/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.23
No user-facing changes.
## 1.0.22
No user-facing changes.

3
misc/suite-helpers/change-notes/released/1.0.23.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.23
No user-facing changes.

2
misc/suite-helpers/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.22
lastReleaseVersion: 1.0.23

2
misc/suite-helpers/qlpack.yml
View File

@@ -1,4 +1,4 @@
name: codeql/suite-helpers
version: 1.0.23-dev
version: 1.0.23
groups: shared
warnOnImplicitThis: true

7
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 4.0.7
### Minor Analysis Improvements
* Added modeling for the `hdbcli` PyPI package as a database library implementing PEP 249.
* Added header write model for `send_header` in `http.server`.
## 4.0.6
No user-facing changes.

4
python/ql/lib/change-notes/2025-04-30-model-send-header.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added header write model for `send_header` in `http.server`.

4
python/ql/lib/change-notes/2025-05-01-hdbcli.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added modeling for the `hdbcli` PyPI package as a database library implementing PEP 249.

6
python/ql/lib/change-notes/released/4.0.7.md Normal file
View File

@@ -0,0 +1,6 @@
## 4.0.7
### Minor Analysis Improvements
* Added modeling for the `hdbcli` PyPI package as a database library implementing PEP 249.
* Added header write model for `send_header` in `http.server`.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.0.6
lastReleaseVersion: 4.0.7

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 4.0.7-dev
version: 4.0.7
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

11
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 1.5.0
### Query Metadata Changes
* The tags `security/cwe/cwe-94` and `security/cwe/cwe-95` have been removed from `py/use-of-input` and the tags `external/cwe/cwe-094` and `external/cwe/cwe-095` have been added.
* The tag `external/cwe/cwe-20` has been removed from `py/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `py/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `py/cookie-injection` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-20` has been removed from `py/incomplete-url-substring-sanitization` and the tag `external/cwe/cwe-020` has been added.
* The tag `external/cwe/cwe-94` has been removed from `py/js2py-rce` and the tag `external/cwe/cwe-094` has been added.
## 1.4.8
No user-facing changes.

6
python/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → python/ql/src/change-notes/released/1.5.0.md
View File

@@ -1,6 +1,6 @@
---
category: queryMetadata
---
## 1.5.0
### Query Metadata Changes
* The tags `security/cwe/cwe-94` and `security/cwe/cwe-95` have been removed from `py/use-of-input` and the tags `external/cwe/cwe-094` and `external/cwe/cwe-095` have been added.
* The tag `external/cwe/cwe-20` has been removed from `py/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.8
lastReleaseVersion: 1.5.0

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 1.4.9-dev
version: 1.5.0
groups:
- python
- queries

4
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 4.1.6
No user-facing changes.
## 4.1.5
No user-facing changes.

3
ruby/ql/lib/change-notes/released/4.1.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 4.1.6
No user-facing changes.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.1.5
lastReleaseVersion: 4.1.6

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 4.1.6-dev
version: 4.1.6
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

7
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.3.0
### Query Metadata Changes
* The precision of `rb/useless-assignment-to-local` has been adjusted from `medium` to `high`.
* The tag `external/cwe/cwe-94` has been removed from `rb/server-side-template-injection` and the tag `external/cwe/cwe-094` has been added.
## 1.2.1
No user-facing changes.

5
ruby/ql/src/change-notes/2025-05-12-rb-useless-assignment-to-local-precision-high.md
View File

@@ -1,5 +0,0 @@
---
category: queryMetadata
---
* The precision of `rb/useless-assignment-to-local` has been adjusted from `medium` to `high`.

7
ruby/ql/src/change-notes/2025-05-01-cwe-tag-changed.md → ruby/ql/src/change-notes/released/1.3.0.md
View File

@@ -1,5 +1,6 @@
---
category: queryMetadata
---
## 1.3.0
### Query Metadata Changes
* The precision of `rb/useless-assignment-to-local` has been adjusted from `medium` to `high`.
* The tag `external/cwe/cwe-94` has been removed from `rb/server-side-template-injection` and the tag `external/cwe/cwe-094` has been added.

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.2.1
lastReleaseVersion: 1.3.0

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 1.2.2-dev
version: 1.3.0
groups:
- ruby
- queries

4
rust/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.1.8
No user-facing changes.
## 0.1.7
No user-facing changes.

3
rust/ql/lib/change-notes/released/0.1.8.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.1.8
No user-facing changes.

2
rust/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.7
lastReleaseVersion: 0.1.8

2
rust/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/rust-all
version: 0.1.8-dev
version: 0.1.8
groups: rust
extractor: rust
dbscheme: rust.dbscheme

4
rust/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.1.8
No user-facing changes.
## 0.1.7
### Minor Analysis Improvements

3
rust/ql/src/change-notes/released/0.1.8.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.1.8
No user-facing changes.

2
rust/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.7
lastReleaseVersion: 0.1.8

2
rust/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/rust-queries
version: 0.1.8-dev
version: 0.1.8
groups:
- rust
- queries

4
shared/controlflow/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 2.0.7
No user-facing changes.
## 2.0.6
No user-facing changes.

3
shared/controlflow/change-notes/released/2.0.7.md Normal file
View File

@@ -0,0 +1,3 @@
## 2.0.7
No user-facing changes.

2
shared/controlflow/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.0.6
lastReleaseVersion: 2.0.7

2
shared/controlflow/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/controlflow
version: 2.0.7-dev
version: 2.0.7
groups: shared
library: true
dependencies:

Some files were not shown because too many files have changed in this diff Show More