Merge pull request #20946 from github/post-release-prep/codeql-cli-2.23.7

Post-release preparation for codeql-cli-2.23.7

actions/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.4.23
+
+No user-facing changes.
+
+## 0.4.22
+
+No user-facing changes.
+
 ## 0.4.21
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.22.md

@@ -0,0 +1,3 @@
+## 0.4.22
+
+No user-facing changes.

actions/ql/lib/change-notes/released/0.4.23.md

@@ -0,0 +1,3 @@
+## 0.4.23
+
+No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.21
+lastReleaseVersion: 0.4.23

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.22-dev
+version: 0.4.24-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.6.15
+
+No user-facing changes.
+
+## 0.6.14
+
+No user-facing changes.
+
 ## 0.6.13
 
 No user-facing changes.

actions/ql/src/change-notes/released/0.6.14.md

@@ -0,0 +1,3 @@
+## 0.6.14
+
+No user-facing changes.

actions/ql/src/change-notes/released/0.6.15.md

@@ -0,0 +1,3 @@
+## 0.6.15
+
+No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.13
+lastReleaseVersion: 0.6.15

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.14-dev
+version: 0.6.16-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 6.1.2
+
+No user-facing changes.
+
+## 6.1.1
+
+### Minor Analysis Improvements
+
+* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
+
 ## 6.1.0
 
 ### New Features

cpp/ql/lib/change-notes/released/6.1.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
+## 6.1.1
+
+### Minor Analysis Improvements
+
+* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.

cpp/ql/lib/change-notes/released/6.1.2.md

@@ -0,0 +1,3 @@
+## 6.1.2
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.0
+lastReleaseVersion: 6.1.2

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.1-dev
+version: 6.1.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.5.6
+
+No user-facing changes.
+
+## 1.5.5
+
+No user-facing changes.
+
 ## 1.5.4
 
 No user-facing changes.

cpp/ql/src/change-notes/released/1.5.5.md

@@ -0,0 +1,3 @@
+## 1.5.5
+
+No user-facing changes.

cpp/ql/src/change-notes/released/1.5.6.md

@@ -0,0 +1,3 @@
+## 1.5.6
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.4
+lastReleaseVersion: 1.5.6

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.5-dev
+version: 1.5.7-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.7.54
+
+No user-facing changes.
+
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.53.md

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.54.md

@@ -0,0 +1,3 @@
+## 1.7.54
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.54

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.53-dev
+version: 1.7.55-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.7.54
+
+No user-facing changes.
+
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.53.md

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.54.md

@@ -0,0 +1,3 @@
+## 1.7.54
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.54

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.53-dev
+version: 1.7.55-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 5.4.2
+
+No user-facing changes.
+
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.
+
 ## 5.4.0
 
 ### Deprecated APIs

csharp/ql/lib/change-notes/2025-11-17-compiler-error-debug.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Compilation errors are now included in the debug log when using build-mode none.

csharp/ql/lib/change-notes/2025-11-17-dependencies-directory.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.

csharp/ql/lib/change-notes/2025-11-19-autobuilder-stability.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.

csharp/ql/lib/change-notes/released/5.4.1.md

@@ -0,0 +1,7 @@
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.

csharp/ql/lib/change-notes/released/5.4.2.md

@@ -0,0 +1,3 @@
+## 5.4.2
+
+No user-facing changes.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.0
+lastReleaseVersion: 5.4.2

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.4.1-dev
+version: 5.4.3-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.5.2
+
+No user-facing changes.
+
+## 1.5.1
+
+No user-facing changes.
+
 ## 1.5.0
 
 ### New Queries
@@ -180,7 +188,7 @@ No user-facing changes.
 
 ### Minor Analysis Improvements
 
-* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. 
+* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query.
 
 ## 1.0.10
 

csharp/ql/src/change-notes/released/1.5.1.md

@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.

csharp/ql/src/change-notes/released/1.5.2.md

@@ -0,0 +1,3 @@
+## 1.5.2
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.0
+lastReleaseVersion: 1.5.2

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.5.1-dev
+version: 1.5.3-dev
 groups:
   - csharp
   - queries

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.6.rst

@@ -0,0 +1,144 @@
+.. _codeql-cli-2.23.6:
+
+==========================
+CodeQL 2.23.6 (2025-11-24)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.23.6 runs a total of 485 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 2 security queries have been added with this release.
+
+CodeQL CLI
+----------
+
+Breaking Changes
+~~~~~~~~~~~~~~~~
+
+*   The LGTM results format for uploading to LGTM has been removed.
+
+Query Packs
+-----------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   An improvement to the Guards library for recognizing disjunctions means improved precision for :code:`cs/constant-condition`, :code:`cs/inefficient-containskey`, and :code:`cs/dereferenced-value-may-be-null`. The two former can have additional findings, and the latter will have fewer false positives.
+
+Rust
+""""
+
+*   Taint flow barriers have been added to the :code:`rust/regex-injection`, :code:`rust/sql-injection` and :code:`rust/log-injection`, reducing the frequency of false positive results for these queries.
+
+New Queries
+~~~~~~~~~~~
+
+C#
+""
+
+*   The :code:`cs/web/cookie-secure-not-set` and :code:`cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack.
+
+Query Metadata Changes
+~~~~~~~~~~~~~~~~~~~~~~
+
+Java/Kotlin
+"""""""""""
+
+*   Reduced the :code:`security-severity` score of the :code:`java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+*   Reduced the :code:`security-severity` score of the :code:`java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   Increased the :code:`security-severity` score of the :code:`js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries.
+*   Reduced the :code:`security-severity` score of the :code:`js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+
+Python
+""""""
+
+*   Reduced the :code:`security-severity` score of the :code:`py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+
+Ruby
+""""
+
+*   Reduced the :code:`security-severity` score of the :code:`rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+
+Language Libraries
+------------------
+
+Bug Fixes
+~~~~~~~~~
+
+C/C++
+"""""
+
+*   Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.
+
+Golang
+""""""
+
+*   Some fixes relating to use of path transformers when extracting a database:
+
+    *   Fixed a problem where the path transformer would be ignored when extracting older codebases that predate the use of Go modules.
+    *   The environment variable :code:`CODEQL_PATH_TRANSFORMER` is now recognized, in addition to :code:`SEMMLE_PATH_TRANSFORMER`.
+    *   Fixed some cases where the extractor emitted paths without applying the path transformer.
+
+Breaking Changes
+~~~~~~~~~~~~~~~~
+
+Python
+""""""
+
+*   The classes :code:`ControlFlowNode`, :code:`Expr`, and :code:`Module` no longer expose predicates that invoke the points-to analysis. To access these predicates, import the module :code:`LegacyPointsTo` and follow the instructions given therein.
+
+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Swift
+"""""
+
+*   Upgraded to allow analysis of Swift 6.2.1.
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality.
+
+Rust
+""""
+
+*   Added models for cookie methods in the :code:`poem` crate.
+
+Deprecated APIs
+~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   :code:`ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library.
+
+New Features
+~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   New predicates :code:`getAnExpandedArgument` and :code:`getExpandedArgument` were added to the :code:`Compilation` class, yielding compilation arguments after expansion of response files.
+
+C#
+""
+
+*   Initial support for incremental C# databases via :code:`codeql database create --overlay-base`\ /\ :code:`--overlay-changes`.

docs/codeql/codeql-overview/codeql-changelog/index.rst

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
 .. toctree::
    :maxdepth: 1
 
+   codeql-cli-2.23.6
    codeql-cli-2.23.5
    codeql-cli-2.23.3
    codeql-cli-2.23.2

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.37
+
+No user-facing changes.
+
+## 1.0.36
+
+No user-facing changes.
+
 ## 1.0.35
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.36.md

@@ -0,0 +1,3 @@
+## 1.0.36
+
+No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.37.md

@@ -0,0 +1,3 @@
+## 1.0.37
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.35
+lastReleaseVersion: 1.0.37

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.36-dev
+version: 1.0.38-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 5.0.4
+
+No user-facing changes.
+
+## 5.0.3
+
+No user-facing changes.
+
 ## 5.0.2
 
 ### Bug Fixes

go/ql/lib/change-notes/released/5.0.3.md

@@ -0,0 +1,3 @@
+## 5.0.3
+
+No user-facing changes.

go/ql/lib/change-notes/released/5.0.4.md

@@ -0,0 +1,3 @@
+## 5.0.4
+
+No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.2
+lastReleaseVersion: 5.0.4

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 5.0.3-dev
+version: 5.0.5-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,16 @@
+## 1.5.1
+
+No user-facing changes.
+
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
+* Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
+* Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.
+
 ## 1.4.9
 
 No user-facing changes.

go/ql/src/change-notes/2025-11-10-insecure-cookie.md

@@ -1,5 +0,0 @@
----
-category: newQuery
----
-* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
-* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.

go/ql/src/change-notes/released/1.5.0.md

@@ -1,5 +1,8 @@
----
-category: newQuery
----
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
 * Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
 * Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.

go/ql/src/change-notes/released/1.5.1.md

@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.9
+lastReleaseVersion: 1.5.1

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.10-dev
+version: 1.5.2-dev
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 7.8.1
+
+No user-facing changes.
+
+## 7.8.0
+
+### Deprecated APIs
+
+* The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.
+
 ## 7.7.4
 
 No user-facing changes.

java/ql/lib/change-notes/released/7.8.0.md

@@ -1,4 +1,5 @@
----
-category: deprecated
----
+## 7.8.0
+
+### Deprecated APIs
+
 * The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.

java/ql/lib/change-notes/released/7.8.1.md

@@ -0,0 +1,3 @@
+## 7.8.1
+
+No user-facing changes.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.7.4
+lastReleaseVersion: 7.8.1

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.7.5-dev
+version: 7.8.2-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.10.2
+
+No user-facing changes.
+
+## 1.10.1
+
+### Minor Analysis Improvements
+
+* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
+
 ## 1.10.0
 
 ### Query Metadata Changes

java/ql/src/change-notes/released/1.10.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
+## 1.10.1
+
+### Minor Analysis Improvements
+
+* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  

java/ql/src/change-notes/released/1.10.2.md

@@ -0,0 +1,3 @@
+## 1.10.2
+
+No user-facing changes.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.0
+lastReleaseVersion: 1.10.2

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.1-dev
+version: 1.10.3-dev
 groups:
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.6.17
+
+No user-facing changes.
+
+## 2.6.16
+
+### Minor Analysis Improvements
+
+- JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.
+
 ## 2.6.15
 
 No user-facing changes.

javascript/ql/lib/change-notes/released/2.6.16.md

@@ -1,5 +1,5 @@
----
-category: minorAnalysis
----
+## 2.6.16
+
+### Minor Analysis Improvements
 
 - JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.

javascript/ql/lib/change-notes/released/2.6.17.md

@@ -0,0 +1,3 @@
+## 2.6.17
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.15
+lastReleaseVersion: 2.6.17

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.16-dev
+version: 2.6.18-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.2.2
+
+No user-facing changes.
+
+## 2.2.1
+
+### Minor Analysis Improvements
+
+* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in the `app/pages` folder.
+
 ## 2.2.0
 
 ### Query Metadata Changes

javascript/ql/src/change-notes/released/2.2.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 2.2.1
+
+### Minor Analysis Improvements
+
 * Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in the `app/pages` folder.

javascript/ql/src/change-notes/released/2.2.2.md

@@ -0,0 +1,3 @@
+## 2.2.2
+
+No user-facing changes.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.2.0
+lastReleaseVersion: 2.2.2

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.2.1-dev
+version: 2.2.3-dev
 groups:
   - javascript
   - queries

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.37
+
+No user-facing changes.
+
+## 1.0.36
+
+No user-facing changes.
+
 ## 1.0.35
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/1.0.36.md

@@ -0,0 +1,3 @@
+## 1.0.36
+
+No user-facing changes.

misc/suite-helpers/change-notes/released/1.0.37.md

@@ -0,0 +1,3 @@
+## 1.0.37
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.35
+lastReleaseVersion: 1.0.37

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.36-dev
+version: 1.0.38-dev
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 5.0.2
+
+No user-facing changes.
+
+## 5.0.1
+
+### Bug Fixes
+
+- Fixed a bug in the Python extractor's import handling where failing to find an import in `find_module` would cause a `KeyError` to be raised. (Contributed by @akoeplinger.)
+
 ## 5.0.0
 
 ### Breaking Changes

python/ql/lib/change-notes/released/5.0.1.md

@@ -1,5 +1,5 @@
----
-category: fix
----
+## 5.0.1
+
+### Bug Fixes
 
 - Fixed a bug in the Python extractor's import handling where failing to find an import in `find_module` would cause a `KeyError` to be raised. (Contributed by @akoeplinger.)

python/ql/lib/change-notes/released/5.0.2.md

@@ -0,0 +1,3 @@
+## 5.0.2
+
+No user-facing changes.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.0
+lastReleaseVersion: 5.0.2

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 5.0.1-dev
+version: 5.0.3-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.7.2
+
+No user-facing changes.
+
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0
 
 ### Query Metadata Changes

python/ql/src/change-notes/released/1.7.1.md

@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.

python/ql/src/change-notes/released/1.7.2.md

@@ -0,0 +1,3 @@
+## 1.7.2
+
+No user-facing changes.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.2

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.7.1-dev
+version: 1.7.3-dev
 groups:
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 5.1.5
+
+No user-facing changes.
+
+## 5.1.4
+
+No user-facing changes.
+
 ## 5.1.3
 
 No user-facing changes.

ruby/ql/lib/change-notes/released/5.1.4.md

@@ -0,0 +1,3 @@
+## 5.1.4
+
+No user-facing changes.

ruby/ql/lib/change-notes/released/5.1.5.md

@@ -0,0 +1,3 @@
+## 5.1.5
+
+No user-facing changes.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.3
+lastReleaseVersion: 5.1.5