Merge pull request #17041 from github/post-release-prep/codeql-cli-2.18.1

Post-release preparation for codeql-cli-2.18.1
2026-04-26 01:05:15 +02:00 · 2024-07-23 06:48:30 -07:00
parent e467cc033e 49cc8f8ff8
commit 67dac96e80
155 changed files with 406 additions and 145 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 2.0.0
+
+### Breaking Changes
+
+* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.
+
+### Deprecated APIs
+
+* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.
+
+### New Features
+
+* Kotlin support is now out of beta, and generally available
+* Kotlin versions up to 2.0.2*x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added a path-injection sink for `hudson.FilePath.exists()`.
+* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.
+* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
+
 ## 1.1.2

 ### Minor Analysis Improvements
--- a/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md
+++ b/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.
--- a/java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md
+++ b/java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Kotlin versions up to 2.0.2\ *x* are now supported.
--- a/java/ql/lib/change-notes/2024-06-25-java-tools-status.md
+++ b/java/ql/lib/change-notes/2024-06-25-java-tools-status.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
--- a/java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md
+++ b/java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.
--- a/java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md
+++ b/java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added a path-injection sink for `hudson.FilePath.exists()`.
--- a/java/ql/lib/change-notes/2024-07-11-kotlin-ga.md
+++ b/java/ql/lib/change-notes/2024-07-11-kotlin-ga.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Kotlin support is now out of beta, and generally available
--- a/java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md
+++ b/java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.
--- a/java/ql/lib/change-notes/released/2.0.0.md
+++ b/java/ql/lib/change-notes/released/2.0.0.md
@@ -0,0 +1,20 @@
+## 2.0.0
+
+### Breaking Changes
+
+* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.
+
+### Deprecated APIs
+
+* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead.
+
+### New Features
+
+* Kotlin support is now out of beta, and generally available
+* Kotlin versions up to 2.0.2*x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added a path-injection sink for `hudson.FilePath.exists()`.
+* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`.
+* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 2.0.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 1.1.3-dev
+version: 2.0.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java