Release preparation for version 2.16.4

2025-12-16 16:53:25 +01:00 · 2024-03-05 18:13:58 +00:00
parent 7e2a775a2a
commit 661e68dab5
150 changed files with 394 additions and 168 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.12.7
 ### Minor Analysis Improvements
 * Added destructors for named objects to the intermediate representation.
 ## 0.12.6
 ### New Features
--- a/cpp/ql/lib/change-notes/2024-02-26-ir-named-destructors.md
+++ b/cpp/ql/lib/change-notes/2024-02-26-ir-named-destructors.md
@@ -1,4 +1,5 @@
---
+## 0.12.7
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
-* Added destructors for named objects to the intermediate representation.
+
 * Added destructors for named objects to the intermediate representation.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.6
+lastReleaseVersion: 0.12.7
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.7-dev
+version: 0.12.7
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 0.9.6
 ### Minor Analysis Improvements
 * The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
 * The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
 ## 0.9.5
 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/2024-02-29-non-constant-format-path-query.md
+++ b/cpp/ql/src/change-notes/2024-02-29-non-constant-format-path-query.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
--- a/cpp/ql/src/change-notes/2024-02-16-modelled-functions-block-flow.md
+++ b/cpp/ql/src/change-notes/2024-02-16-modelled-functions-block-flow.md
@@ -1,4 +1,6 @@
---
+## 0.9.6
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
 * The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.5
+lastReleaseVersion: 0.9.6
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.6-dev
+version: 0.9.6
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.10
 No user-facing changes.
 ## 1.7.9
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.10.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.10.md
@@ -0,0 +1,3 @@
 ## 1.7.10
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.9
+lastReleaseVersion: 1.7.10
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.10-dev
+version: 1.7.10
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.10
 No user-facing changes.
 ## 1.7.9
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.10.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.10.md
@@ -0,0 +1,3 @@
 ## 1.7.10
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.9
+lastReleaseVersion: 1.7.10
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.10-dev
+version: 1.7.10
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
 ## 0.8.10
 ### Major Analysis Improvements
 * Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
 * We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
 ### Minor Analysis Improvements
 * C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
 * C# 12: Add extractor and QL library support for `ref readonly` parameters.
 * C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
 * Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
 ## 0.8.9
 ### Minor Analysis Improvements
--- a/csharp/ql/lib/change-notes/2024-02-21-getonly-properties.md
+++ b/csharp/ql/lib/change-notes/2024-02-21-getonly-properties.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
--- a/csharp/ql/lib/change-notes/2024-02-22-no-db-stats.md
+++ b/csharp/ql/lib/change-notes/2024-02-22-no-db-stats.md
@@ -1,4 +0,0 @@
 ---
 category: majorAnalysis
 ---
 * We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
--- a/csharp/ql/lib/change-notes/2024-02-23-compiler-generated.md
+++ b/csharp/ql/lib/change-notes/2024-02-23-compiler-generated.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
--- a/csharp/ql/lib/change-notes/2024-02-26-variable-capture-flow.md
+++ b/csharp/ql/lib/change-notes/2024-02-26-variable-capture-flow.md
@@ -1,4 +0,0 @@
 ---
 category: majorAnalysis
 ---
 * Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
--- a/csharp/ql/lib/change-notes/2024-02-28-experimental-attribute.md
+++ b/csharp/ql/lib/change-notes/2024-02-28-experimental-attribute.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
--- a/csharp/ql/lib/change-notes/2024-02-28-refreadonly-parameter.md
+++ b/csharp/ql/lib/change-notes/2024-02-28-refreadonly-parameter.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * C# 12: Add extractor and QL library support for `ref readonly` parameters.
--- a/csharp/ql/lib/change-notes/released/0.8.10.md
+++ b/csharp/ql/lib/change-notes/released/0.8.10.md
@@ -0,0 +1,13 @@
 ## 0.8.10
 ### Major Analysis Improvements
 * Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
 * We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
 ### Minor Analysis Improvements
 * C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
 * C# 12: Add extractor and QL library support for `ref readonly` parameters.
 * C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
 * Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.10-dev
+version: 0.8.10
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
 ## 0.8.9
 ### Minor Analysis Improvements
--- a/csharp/ql/src/change-notes/2024-02-06-threat-models.md
+++ b/csharp/ql/src/change-notes/2024-02-06-threat-models.md
@@ -1,4 +1,5 @@
---
+## 0.8.10
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
+
 * Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.10-dev
+version: 0.8.10
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.0.9
 No user-facing changes.
 ## 0.0.8
 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/0.0.9.md
+++ b/go/ql/consistency-queries/change-notes/released/0.0.9.md
@@ -0,0 +1,3 @@
 ## 0.0.9
 No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.8
+lastReleaseVersion: 0.0.9
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.9-dev
+version: 0.0.9
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
 ## 0.7.10
 ### Major Analysis Improvements
 * We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
 * Go 1.22 has been included in the range of supported Go versions.
 ### Bug Fixes
 * Fixed dataflow out of a `map` using a `range` statement.
 ## 0.7.9
 No user-facing changes.
--- a/go/ql/lib/change-notes/2024-02-14-range-map-read.md
+++ b/go/ql/lib/change-notes/2024-02-14-range-map-read.md
@@ -1,4 +0,0 @@
 ---
 category: fix
 ---
 * Fixed dataflow out of a `map` using a `range` statement.
--- a/go/ql/lib/change-notes/2024-03-04-autobuilder-changes.md
+++ b/go/ql/lib/change-notes/2024-03-04-autobuilder-changes.md
@@ -1,5 +1,10 @@
---
+## 0.7.10
-category: majorAnalysis
+
---
+### Major Analysis Improvements
 * We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
 * Go 1.22 has been included in the range of supported Go versions.
 ### Bug Fixes
 * Fixed dataflow out of a `map` using a `range` statement.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.9
+lastReleaseVersion: 0.7.10
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.10-dev
+version: 0.7.10
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.7.10
 No user-facing changes.
 ## 0.7.9
 ### New Queries
--- a/go/ql/src/change-notes/released/0.7.10.md
+++ b/go/ql/src/change-notes/released/0.7.10.md
@@ -0,0 +1,3 @@
 ## 0.7.10
 No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.9
+lastReleaseVersion: 0.7.10
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.10-dev
+version: 0.7.10
 groups:
  - go
  - queries
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.0.17
 No user-facing changes.
 ## 0.0.16
 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.17.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.17.md
@@ -0,0 +1,3 @@
 ## 0.0.17
 No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.16
+lastReleaseVersion: 0.0.17
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.17-dev
+version: 0.0.17
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
 ### Bug Fixes
 * Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
 * Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
 ## 0.8.9
 ### Deprecated APIs
--- a/java/ql/lib/change-notes/2024-02-23-widget-flowsteps.md
+++ b/java/ql/lib/change-notes/2024-02-23-widget-flowsteps.md
@@ -1,4 +0,0 @@
 ---
 category: fix
 ---
 * Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
--- a/java/ql/lib/change-notes/2024-02-27-error-types.md
+++ b/java/ql/lib/change-notes/2024-02-27-error-types.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
--- a/java/ql/lib/change-notes/2024-02-27-mvnw-versions.md
+++ b/java/ql/lib/change-notes/2024-02-27-mvnw-versions.md
@@ -1,4 +0,0 @@
 ---
 category: fix
 ---
 * Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
--- a/java/ql/lib/change-notes/released/0.8.10.md
+++ b/java/ql/lib/change-notes/released/0.8.10.md
@@ -0,0 +1,10 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
 ### Bug Fixes
 * Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
 * Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.10-dev
+version: 0.8.10
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
 ## 0.8.10
 ### New Queries
 * Added a new query `java/android/insecure-local-key-gen` for finding instances of keys generated for biometric authentication in an insecure way.
 ### Minor Analysis Improvements
 * To reduce the number of false positives in the query "Insertion of sensitive information into log files" (`java/sensitive-log`), variables with names that contain "null" (case-insensitively) are no longer considered sources of sensitive information.
 ## 0.8.9
 ### New Queries
--- a/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
+++ b/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
@@ -1,4 +0,0 @@
 ---
 category: newQuery
 ---
 * Added a new query `java/android/insecure-local-key-gen` for finding instances of keys generated for biometric authentication in an insecure way.
--- a/java/ql/src/change-notes/2024-03-04-sensitive-log-remove-null-from-sources.md
+++ b/java/ql/src/change-notes/2024-03-04-sensitive-log-remove-null-from-sources.md
@@ -1,4 +1,9 @@
---
+## 0.8.10
-category: minorAnalysis
+
---
+### New Queries
 * Added a new query `java/android/insecure-local-key-gen` for finding instances of keys generated for biometric authentication in an insecure way.
 ### Minor Analysis Improvements
 * To reduce the number of false positives in the query "Insertion of sensitive information into log files" (`java/sensitive-log`), variables with names that contain "null" (case-insensitively) are no longer considered sources of sensitive information.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.10-dev
+version: 0.8.10
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.8.10
 No user-facing changes.
 ## 0.8.9
 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/released/0.8.10.md
+++ b/javascript/ql/lib/change-notes/released/0.8.10.md
@@ -0,0 +1,3 @@
 ## 0.8.10
 No user-facing changes.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.8.10-dev
+version: 0.8.10
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.8.10
 No user-facing changes.
 ## 0.8.9
 ### Bug Fixes
--- a/javascript/ql/src/change-notes/released/0.8.10.md
+++ b/javascript/ql/src/change-notes/released/0.8.10.md
@@ -0,0 +1,3 @@
 ## 0.8.10
 No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.8.10-dev
+version: 0.8.10
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.7.10
 No user-facing changes.
 ## 0.7.9
 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.7.10.md
+++ b/misc/suite-helpers/change-notes/released/0.7.10.md
@@ -0,0 +1,3 @@
 ## 0.7.10
 No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.9
+lastReleaseVersion: 0.7.10
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 0.7.10-dev
+version: 0.7.10
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 0.11.10
 ### Minor Analysis Improvements
 * Fixed missing flow for dictionary updates (`d[<key>] = ...`) when `<key>` is a string constant not used in dictionary literals or as name of keyword-argument.
 * Fixed flow for iterable unpacking (`a,b = my_tuple`) when it occurs on top-level (module) scope.
 ## 0.11.9
 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/2024-02-28-iterable-unpacking-module-scope.md
+++ b/python/ql/lib/change-notes/2024-02-28-iterable-unpacking-module-scope.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Fixed flow for iterable unpacking (`a,b = my_tuple`) when it occurs on top-level (module) scope.
--- a/python/ql/lib/change-notes/2024-03-01-dict-update-content.md
+++ b/python/ql/lib/change-notes/2024-03-01-dict-update-content.md
@@ -1,4 +1,6 @@
---
+## 0.11.10
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Fixed missing flow for dictionary updates (`d[<key>] = ...`) when `<key>` is a string constant not used in dictionary literals or as name of keyword-argument.
 * Fixed flow for iterable unpacking (`a,b = my_tuple`) when it occurs on top-level (module) scope.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.9
+lastReleaseVersion: 0.11.10
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.11.10-dev
+version: 0.11.10
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.9.10
 ### New Queries
 * The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now part of the default security suite.
 ## 0.9.9
 No user-facing changes.
--- a/python/ql/src/change-notes/2024-03-04-nosql-injection.md
+++ b/python/ql/src/change-notes/2024-03-04-nosql-injection.md
@@ -1,4 +1,5 @@
---
+## 0.9.10
-category: newQuery
+
---
+### New Queries
 * The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now part of the default security suite.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.9
+lastReleaseVersion: 0.9.10
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.10-dev
+version: 0.9.10
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,12 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Calls to `I18n.translate` as well as Rails helper translate methods now propagate taint from their keyword arguments. The Rails translate methods are also recognized as XSS sanitizers when using keys marked as html safe.
 * Calls to `Arel::Nodes::SqlLiteral.new` are now modeled as instances of the `SqlConstruction` concept, as well as propagating taint from their argument.
 * Additional arguments beyond the first of calls to the  `ActiveRecord` methods `select`, `reselect`, `order`, `reorder`, `joins`, `group`, and `pluck` are now recognized as sql injection sinks. 
 * Calls to several methods of `ActiveRecord::Connection`, such as `ActiveRecord::Connection#exec_query`, are now recognized as SQL executions, including those via subclasses.
 ## 0.8.9
 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2024-02-15-activerecord_connection_sql_sinks.md
+++ b/ruby/ql/lib/change-notes/2024-02-15-activerecord_connection_sql_sinks.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Calls to several methods of `ActiveRecord::Connection`, such as `ActiveRecord::Connection#exec_query`, are now recognized as SQL executions, including those via subclasses.
--- a/ruby/ql/lib/change-notes/2024-02-20-activerecord-sql-sink-arguments.md
+++ b/ruby/ql/lib/change-notes/2024-02-20-activerecord-sql-sink-arguments.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Additional arguments beyond the first of calls to the  `ActiveRecord` methods `select`, `reselect`, `order`, `reorder`, `joins`, `group`, and `pluck` are now recognized as sql injection sinks. 
--- a/ruby/ql/lib/change-notes/2024-02-26-arel-sqlliteral.md
+++ b/ruby/ql/lib/change-notes/2024-02-26-arel-sqlliteral.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Calls to `Arel::Nodes::SqlLiteral.new` are now modeled as instances of the `SqlConstruction` concept, as well as propagating taint from their argument.
--- a/ruby/ql/lib/change-notes/2024-02-29-i18n-translate.md
+++ b/ruby/ql/lib/change-notes/2024-02-29-i18n-translate.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Calls to `I18n.translate` as well as Rails helper translate methods now propagate taint from their keyword arguments. The Rails translate methods are also recognized as XSS sanitizers when using keys marked as html safe.
--- a/ruby/ql/lib/change-notes/released/0.8.10.md
+++ b/ruby/ql/lib/change-notes/released/0.8.10.md
@@ -0,0 +1,8 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Calls to `I18n.translate` as well as Rails helper translate methods now propagate taint from their keyword arguments. The Rails translate methods are also recognized as XSS sanitizers when using keys marked as html safe.
 * Calls to `Arel::Nodes::SqlLiteral.new` are now modeled as instances of the `SqlConstruction` concept, as well as propagating taint from their argument.
 * Additional arguments beyond the first of calls to the  `ActiveRecord` methods `select`, `reselect`, `order`, `reorder`, `joins`, `group`, and `pluck` are now recognized as sql injection sinks. 
 * Calls to several methods of `ActiveRecord::Connection`, such as `ActiveRecord::Connection#exec_query`, are now recognized as SQL executions, including those via subclasses.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.8.10-dev
+version: 0.8.10
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 0.8.10
 ### Minor Analysis Improvements
 * Calls to `Object#method`, `Object#public_method` and `Object#singleton_method` with untrusted data are now recognised as sinks for code injection.
 * Added additional request sources for Ruby on Rails.
 ## 0.8.9
 No user-facing changes.
--- a/ruby/ql/src/change-notes/2024-02-13-rails-more-request-sources.md
+++ b/ruby/ql/src/change-notes/2024-02-13-rails-more-request-sources.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added additional request sources for Ruby on Rails.
--- a/ruby/ql/src/change-notes/2024-03-01-method-code-injection-sinks.md
+++ b/ruby/ql/src/change-notes/2024-03-01-method-code-injection-sinks.md
@@ -1,4 +1,6 @@
---
+## 0.8.10
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
-* Calls to `Object#method`, `Object#public_method` and `Object#singleton_method` with untrusted data are now recognised as sinks for code injection.
+
 * Calls to `Object#method`, `Object#public_method` and `Object#singleton_method` with untrusted data are now recognised as sinks for code injection.
 * Added additional request sources for Ruby on Rails.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.9
+lastReleaseVersion: 0.8.10
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.8.10-dev
+version: 0.8.10
 groups:
  - ruby
  - queries
--- a/shared/controlflow/CHANGELOG.md
+++ b/shared/controlflow/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.1.10
 No user-facing changes.
 ## 0.1.9
 No user-facing changes.
--- a/shared/controlflow/change-notes/released/0.1.10.md
+++ b/shared/controlflow/change-notes/released/0.1.10.md
@@ -0,0 +1,3 @@
 ## 0.1.10
 No user-facing changes.
--- a/shared/controlflow/codeql-pack.release.yml
+++ b/shared/controlflow/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.9
+lastReleaseVersion: 0.1.10
--- a/shared/controlflow/qlpack.yml
+++ b/shared/controlflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 0.1.10-dev
+version: 0.1.10
 groups: shared
 library: true
 dependencies:
--- a/shared/dataflow/CHANGELOG.md
+++ b/shared/dataflow/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.2.1
 No user-facing changes.
 ## 0.2.0
 ### Breaking Changes
--- a/shared/dataflow/change-notes/released/0.2.1.md
+++ b/shared/dataflow/change-notes/released/0.2.1.md
@@ -0,0 +1,3 @@
 ## 0.2.1
 No user-facing changes.
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 0.12.6`	`lastReleaseVersion: 0.12.7`