Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5

Post-release preparation for codeql-cli-2.12.5
2026-04-28 02:05:14 +02:00 · 2023-03-21 13:06:25 +01:00
parent 219031f62b 981e171525
commit 6d665da4dc
119 changed files with 491 additions and 229 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,29 @@
+## 0.5.5
+
+### New Features
+
+* Added support for merging two `PathGraph`s via disjoint union to allow results from multiple data flow computations in a single `path-problem` query.
+
+### Major Analysis Improvements
+
+* The main data flow and taint tracking APIs have been changed. The old APIs
+  remain in place for now and translate to the new through a
+  backwards-compatible wrapper. If multiple configurations are in scope
+  simultaneously, then this may affect results slightly. The new API is quite
+  similar to the old, but makes use of a configuration module instead of a
+  configuration class.
+
+### Minor Analysis Improvements
+
+* Data flow through `initialize` methods is now taken into account also when the receiver of a `new` call is an (implicit or explicit) `self`.
+* The Active Record query methods `reorder` and `count_by_sql` are now recognized as SQL executions.
+* Calls to `ActiveRecord::Connection#execute`, including those via subclasses, are now recognized as SQL executions.
+* Data flow through `ActionController::Parameters#require` is now tracked properly.
+* The severity of parse errors was reduced to warning (previously error). 
+* Deleted the deprecated `getQualifiedName` predicate from the `ConstantWriteAccess` class.
+* Deleted the deprecated `getWhenBranch` and `getAWhenBranch` predicates from the `CaseExpr` class.
+* Deleted the deprecated `Self`, `PatternParameter`, `Pattern`, `VariablePattern`, `TuplePattern`, and `TuplePatternParameter` classes.
+
 ## 0.5.4

 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2023-03-02-dataflow-conf-module.md
+++ b/ruby/ql/lib/change-notes/2023-03-02-dataflow-conf-module.md
@@ -1,9 +0,0 @@
---
-category: majorAnalysis
---
-* The main data flow and taint tracking APIs have been changed. The old APIs
-  remain in place for now and translate to the new through a
-  backwards-compatible wrapper. If multiple configurations are in scope
-  simultaneously, then this may affect results slightly. The new API is quite
-  similar to the old, but makes use of a configuration module instead of a
-  configuration class.
--- a/ruby/ql/lib/change-notes/2023-03-03-delete-deps.md
+++ b/ruby/ql/lib/change-notes/2023-03-03-delete-deps.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted the deprecated `getQualifiedName` predicate from the `ConstantWriteAccess` class.
-* Deleted the deprecated `getWhenBranch` and `getAWhenBranch` predicates from the `CaseExpr` class.
-* Deleted the deprecated `Self`, `PatternParameter`, `Pattern`, `VariablePattern`, `TuplePattern`, and `TuplePatternParameter` classes.
--- a/ruby/ql/lib/change-notes/2023-03-09-parse-error.md
+++ b/ruby/ql/lib/change-notes/2023-03-09-parse-error.md
@@ -1,4 +0,0 @@
---
- category: minorAnalysis
---
-* The severity of parse errors was reduced to warning (previously error). 
--- a/ruby/ql/lib/change-notes/2023-03-13-initalize-flow.md
+++ b/ruby/ql/lib/change-notes/2023-03-13-initalize-flow.md
@@ -1,4 +0,0 @@
---
- category: minorAnalysis
---
-* Data flow through `initialize` methods is now taken into account also when the receiver of a `new` call is an (implicit or explicit) `self`.
--- a/ruby/ql/lib/change-notes/2023-03-13-mergepathgraph.md
+++ b/ruby/ql/lib/change-notes/2023-03-13-mergepathgraph.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Added support for merging two `PathGraph`s via disjoint union to allow results from multiple data flow computations in a single `path-problem` query.
--- a/ruby/ql/lib/change-notes/2023-03-13-rails-sinks.md
+++ b/ruby/ql/lib/change-notes/2023-03-13-rails-sinks.md
@@ -1,6 +0,0 @@
---
- category: minorAnalysis
---
-* The Active Record query methods `reorder` and `count_by_sql` are now recognised as SQL executions.
-* Calls to `ActiveRecord::Connection#execute`, including those via subclasses, are now recognised as SQL executions.
-* Data flow through `ActionController::Parameters#require` is now tracked properly.
--- a/ruby/ql/lib/change-notes/released/0.5.5.md
+++ b/ruby/ql/lib/change-notes/released/0.5.5.md
@@ -0,0 +1,25 @@
+## 0.5.5
+
+### New Features
+
+* Added support for merging two `PathGraph`s via disjoint union to allow results from multiple data flow computations in a single `path-problem` query.
+
+### Major Analysis Improvements
+
+* The main data flow and taint tracking APIs have been changed. The old APIs
+  remain in place for now and translate to the new through a
+  backwards-compatible wrapper. If multiple configurations are in scope
+  simultaneously, then this may affect results slightly. The new API is quite
+  similar to the old, but makes use of a configuration module instead of a
+  configuration class.
+
+### Minor Analysis Improvements
+
+* Data flow through `initialize` methods is now taken into account also when the receiver of a `new` call is an (implicit or explicit) `self`.
+* The Active Record query methods `reorder` and `count_by_sql` are now recognized as SQL executions.
+* Calls to `ActiveRecord::Connection#execute`, including those via subclasses, are now recognized as SQL executions.
+* Data flow through `ActionController::Parameters#require` is now tracked properly.
+* The severity of parse errors was reduced to warning (previously error). 
+* Deleted the deprecated `getQualifiedName` predicate from the `ConstantWriteAccess` class.
+* Deleted the deprecated `getWhenBranch` and `getAWhenBranch` predicates from the `CaseExpr` class.
+* Deleted the deprecated `Self`, `PatternParameter`, `Pattern`, `VariablePattern`, `TuplePattern`, and `TuplePatternParameter` classes.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.5.5
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.5.5-dev
+version: 0.5.6-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.5.5
+
+### New Queries
+
+* Added a new query, `rb/zip-slip`, to detect arbitrary file writes during extraction of zip/tar archives.
+
 ## 0.5.4

 No user-facing changes.
--- a/ruby/ql/src/change-notes/2023-02-17-zip-slip-query.md
+++ b/ruby/ql/src/change-notes/2023-02-17-zip-slip-query.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/zip-slip`, to detect arbitrary file writes during extraction of zip/tar archives.
--- a/ruby/ql/src/change-notes/released/0.5.5.md
+++ b/ruby/ql/src/change-notes/released/0.5.5.md
@@ -0,0 +1,5 @@
+## 0.5.5
+
+### New Queries
+
+* Added a new query, `rb/zip-slip`, to detect arbitrary file writes during extraction of zip/tar archives.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.5.5
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.5.5-dev
+version: 0.5.6-dev
 groups: 
  - ruby
  - queries