Release preparation for version 2.14.0

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,22 @@
+## 0.10.0
+
+### New Features
+
+* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value"
+
+### Minor Analysis Improvements
+
+* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder.
+* More precise modelling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`).
+* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`.
+* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead.
+* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead.
+* Deleted many deprecated predicates in `PointsTo.qll`. 
+* Deleted many deprecated files from the `semmle.python.security` package.
+* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`.
+* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries.
+
 ## 0.9.4
 
 No user-facing changes.

python/ql/lib/change-notes/2023-05-30-typetracking-via-flow-summaries.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries.

python/ql/lib/change-notes/2023-06-09-delete-deps.md

@@ -1,9 +0,0 @@
----
-category: minorAnalysis
----
-* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead.
-* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead.
-* Deleted many deprecated predicates in `PointsTo.qll`. 
-* Deleted many deprecated files from the `semmle.python.security` package.
-* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`.

python/ql/lib/change-notes/2023-06-12-flask-render-template-string.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`.

python/ql/lib/change-notes/2023-06-13-container-store-steps.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* More precise modelling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`).

python/ql/lib/change-notes/2023-06-14-delete-deps.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder.

python/ql/lib/change-notes/2023-06-20-summaries-from-models.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value"

python/ql/lib/change-notes/released/0.10.0.md

@@ -0,0 +1,18 @@
+## 0.10.0
+
+### New Features
+
+* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value"
+
+### Minor Analysis Improvements
+
+* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder.
+* More precise modelling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`).
+* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`.
+* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead.
+* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead.
+* Deleted many deprecated predicates in `PointsTo.qll`. 
+* Deleted many deprecated files from the `semmle.python.security` package.
+* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`.
+* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.4
+lastReleaseVersion: 0.10.0

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.10.0-dev
+version: 0.10.0
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.0
+
+### Bug Fixes
+
+* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
+
 ## 0.7.4
 
 No user-facing changes.

python/ql/src/change-notes/released/0.8.0.md

@@ -1,4 +1,5 @@
----
-category: fix
----
+## 0.8.0
+
+### Bug Fixes
+
 * The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.4
+lastReleaseVersion: 0.8.0

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.8.0-dev
+version: 0.8.0
 groups: 
   - python
   - queries