Merge pull request #13525 from github/rc/3.10

Merge `rc/3.10` back to `main`

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 0.6.3
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
+* Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
+* Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.
+* Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.
+* Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.
+* Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.
+
 ## 0.6.2
 
 ### Minor Analysis Improvements

ruby/ql/lib/change-notes/2023-05-06-mysql2.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.

ruby/ql/lib/change-notes/2023-05-06-pg.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.

ruby/ql/lib/change-notes/2023-05-07-sequel.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.

ruby/ql/lib/change-notes/2023-06-02-delete-deps.md

@@ -1,7 +0,0 @@
----
-category: minorAnalysis
----
-* Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
-* Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
-* Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.

ruby/ql/lib/change-notes/released/0.6.3.md

@@ -0,0 +1,11 @@
+## 0.6.3
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
+* Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
+* Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.
+* Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.
+* Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.
+* Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.3-dev
+version: 0.6.4-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.6.3
+
+### Minor Analysis Improvements
+
+* Fixed a bug that would occur when an `initialize` method returns `self` or one of its parameters.
+  In such cases, the corresponding calls to `new` would be associated with an incorrect return type.
+  This could result in inaccurate call target resolution and cause false positive alerts.
+* Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
+  as if the argument value was not a known constant.
+
 ## 0.6.2
 
 No user-facing changes.

ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md

@@ -1,5 +0,0 @@
----
-category: minorAnalysis
----
-* Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
-  as if the argument value was not a known constant.

ruby/ql/src/change-notes/released/0.6.3.md

@@ -1,6 +1,9 @@
----
-category: minorAnalysis
----
+## 0.6.3
+
+### Minor Analysis Improvements
+
 * Fixed a bug that would occur when an `initialize` method returns `self` or one of its parameters.
   In such cases, the corresponding calls to `new` would be associated with an incorrect return type.
   This could result in inaccurate call target resolution and cause false positive alerts.
+* Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
+  as if the argument value was not a known constant.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.6.3-dev
+version: 0.6.4-dev
 groups: 
   - ruby
   - queries