Merge branch 'main' into kaeluka/publish-automodel-querypack-007

2025-12-24 04:36:35 +01:00 · 2023-10-31 11:48:22 +01:00
parent 9087259b1b 5b17066e6c
commit 5385cc3aaa
177 changed files with 863 additions and 449 deletions
--- a/java/ql/automodel/src/change-notes/released/0.0.7.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.7.md
@@ -1,3 +1,3 @@
 ## 0.0.7

-Support for extracting source candidates.
+Support for extracting source candidates.
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 0.8.2
+
+### Minor Analysis Improvements
+
+* Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced.
+* New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference.
+* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`.
+* Added models for the following packages:
+
+  * com.alibaba.fastjson2
+  * javax.management
+  * org.apache.http.client.utils
+
 ## 0.8.1

 ### New Features
--- a/java/ql/lib/change-notes/2023-10-17-new-models.md
+++ b/java/ql/lib/change-notes/2023-10-17-new-models.md
@@ -1,8 +0,0 @@
---
-category: minorAnalysis
---
-* Added models for the following packages:
-
-  * com.alibaba.fastjson2
-  * javax.management
-  * org.apache.http.client.utils
--- a/java/ql/lib/change-notes/2023-10-23-spring-6-models.md
+++ b/java/ql/lib/change-notes/2023-10-23-spring-6-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`.
--- a/java/ql/lib/change-notes/2023-10-24-java-renames.md
+++ b/java/ql/lib/change-notes/2023-10-24-java-renames.md
@@ -1,5 +1,12 @@
---
-category: minorAnalysis
---
+## 0.8.2
+
+### Minor Analysis Improvements
+
 * Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced.
 * New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference.
+* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`.
+* Added models for the following packages:
+
+  * com.alibaba.fastjson2
+  * javax.management
+  * org.apache.http.client.utils
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.8.2
+
+### Minor Analysis Improvements
+
+* java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts.
+* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.
+
 ## 0.8.1

 ### Minor Analysis Improvements
--- a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md
+++ b/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.
--- a/java/ql/src/change-notes/2023-10-20-lines-of-code.md
+++ b/java/ql/src/change-notes/2023-10-20-lines-of-code.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.8.2
+
+### Minor Analysis Improvements
+
 * java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts.
+* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups:
  - java
  - queries