Merge pull request #17041 from github/post-release-prep/codeql-cli-2.18.1

Post-release preparation for codeql-cli-2.18.1

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.4
+
+No user-facing changes.
+
 ## 1.0.3
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/1.0.4.md

@@ -0,0 +1,3 @@
+## 1.0.4
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.3
+lastReleaseVersion: 1.0.4

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 1.0.4-dev
+version: 1.0.5-dev
 groups:
     - java
     - automodel

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,24 @@
+## 2.0.0
+
+### Breaking Changes
+
+* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.
+
+### Deprecated APIs
+
+* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.
+
+### New Features
+
+* Kotlin support is now out of beta, and generally available
+* Kotlin versions up to 2.0.2*x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added a path-injection sink for `hudson.FilePath.exists()`.
+* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.
+* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
+
 ## 1.1.2
 
 ### Minor Analysis Improvements

java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.

java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Kotlin versions up to 2.0.2\ *x* are now supported.

java/ql/lib/change-notes/2024-06-25-java-tools-status.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.

java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.

java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added a path-injection sink for `hudson.FilePath.exists()`.

java/ql/lib/change-notes/2024-07-11-kotlin-ga.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Kotlin support is now out of beta, and generally available

java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.

java/ql/lib/change-notes/released/2.0.0.md

@@ -0,0 +1,20 @@
+## 2.0.0
+
+### Breaking Changes
+
+* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.
+
+### Deprecated APIs
+
+* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.
+
+### New Features
+
+* Kotlin support is now out of beta, and generally available
+* Kotlin versions up to 2.0.2*x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added a path-injection sink for `hudson.FilePath.exists()`.
+* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.
+* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 2.0.0

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 1.1.3-dev
+version: 2.0.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.1.1
+
+### Minor Analysis Improvements
+
+* The heuristic to enable certain Android queries has been improved. Now it ignores Android Manifests which don't define an activity, content provider or service. We also only consider files which are under a folder containing such an Android Manifest for these queries. This should remove some false positive alerts.
+
 ## 1.1.0
 
 ### Major Analysis Improvements

java/ql/src/change-notes/released/1.1.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.1.1
+
+### Minor Analysis Improvements
+
 * The heuristic to enable certain Android queries has been improved. Now it ignores Android Manifests which don't define an activity, content provider or service. We also only consider files which are under a folder containing such an Android Manifest for these queries. This should remove some false positive alerts.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.1.1-dev
+version: 1.1.2-dev
 groups:
   - java
   - queries