Release preparation for version 2.20.5

2025-12-16 16:53:25 +01:00 · 2025-02-17 16:55:54 +00:00
parent 7fa41c438f
commit 6f4562f3bd
163 changed files with 450 additions and 159 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.4.3
 ### New Features
 * The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
 ## 0.4.2
 ### Bug Fixes
--- a/actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md
+++ b/actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md
@@ -1,4 +1,5 @@
---
+## 0.4.3
-category: feature
+
---
+### New Features
-* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
+
 * The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.4.3
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.3-dev
+version: 0.4.3
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,29 @@
 ## 0.5.0
 ### Breaking Changes
 * The following queries have been removed from the `code-scanning` and `security-extended` suites.
  Any existing alerts for these queries will be closed automatically.
  * `actions/if-expression-always-true/critical`
  * `actions/if-expression-always-true/high`
  * `actions/unnecessary-use-of-advanced-config`
 * The following query has been moved from the `code-scanning` suite to the `security-extended`
  suite. Any existing alerts for this query will be closed automatically unless the analysis is
  configured to use the `security-extended` suite.
  * `actions/unpinned-tag`
 * The following queries have been added to the `security-extended` suite.
  * `actions/unversioned-immutable-action`
  * `actions/envpath-injection/medium`
  * `actions/envvar-injection/medium`
  * `actions/code-injection/medium`
  * `actions/artifact-poisoning/medium`
  * `actions/untrusted-checkout/medium`
 ### Minor Analysis Improvements
 * Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
 ## 0.4.2
 No user-facing changes.
--- a/actions/ql/src/change-notes/2025-02-14-docker-false-positives.md
+++ b/actions/ql/src/change-notes/2025-02-14-docker-false-positives.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
--- a/actions/ql/src/change-notes/2025-02-06-curate-suites.md
+++ b/actions/ql/src/change-notes/2025-02-06-curate-suites.md
@@ -1,6 +1,7 @@
---
+## 0.5.0
-category: breaking
+
---
+### Breaking Changes
 * The following queries have been removed from the `code-scanning` and `security-extended` suites.
  Any existing alerts for these queries will be closed automatically.
  * `actions/if-expression-always-true/critical`
@@ -18,3 +19,7 @@ category: breaking
  * `actions/code-injection/medium`
  * `actions/artifact-poisoning/medium`
  * `actions/untrusted-checkout/medium`
 ### Minor Analysis Improvements
 * Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.5.0
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.4.3-dev
+version: 0.5.0
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 4.0.1
 No user-facing changes.
 ## 4.0.0
 ### Breaking Changes
--- a/cpp/ql/lib/change-notes/released/4.0.1.md
+++ b/cpp/ql/lib/change-notes/released/4.0.1.md
@@ -0,0 +1,3 @@
 ## 4.0.1
 No user-facing changes.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.0.1
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.0.1-dev
+version: 4.0.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.3.4
 No user-facing changes.
 ## 1.3.3
 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/released/1.3.4.md
+++ b/cpp/ql/src/change-notes/released/1.3.4.md
@@ -0,0 +1,3 @@
 ## 1.3.4
 No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.3
+lastReleaseVersion: 1.3.4
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.4-dev
+version: 1.3.4
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.34
 No user-facing changes.
 ## 1.7.33
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.34.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.34.md
@@ -0,0 +1,3 @@
 ## 1.7.34
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.33
+lastReleaseVersion: 1.7.34
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.34-dev
+version: 1.7.34
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.34
 No user-facing changes.
 ## 1.7.33
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.34.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.34.md
@@ -0,0 +1,3 @@
 ## 1.7.34
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.33
+lastReleaseVersion: 1.7.34
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.34-dev
+version: 1.7.34
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,18 @@
 ## 5.1.0
 ### Deprecated APIs
 * The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
  class have been deprecated in favor of the newly added `dominatingEdge`
  predicate.
 ### Minor Analysis Improvements
 * Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
 * C# 13: Add generated models for .NET 9.
 * The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
 * Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.
 ## 5.0.0
 ### Breaking Changes
--- a/csharp/ql/lib/change-notes/2025-02-03-blazor-routing-parameters.md
+++ b/csharp/ql/lib/change-notes/2025-02-03-blazor-routing-parameters.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.
--- a/csharp/ql/lib/change-notes/2025-02-05-update-system.net.http.httprequestmessage-and-system.uribuilder-models.md
+++ b/csharp/ql/lib/change-notes/2025-02-05-update-system.net.http.httprequestmessage-and-system.uribuilder-models.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
--- a/csharp/ql/lib/change-notes/2025-02-07-dotnet-models.md
+++ b/csharp/ql/lib/change-notes/2025-02-07-dotnet-models.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * C# 13: Add generated models for .NET 9.
--- a/csharp/ql/lib/change-notes/2025-02-13-csharp13-dotnet9.md
+++ b/csharp/ql/lib/change-notes/2025-02-13-csharp13-dotnet9.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
--- a/csharp/ql/lib/change-notes/released/5.1.0.md
+++ b/csharp/ql/lib/change-notes/released/5.1.0.md
@@ -0,0 +1,14 @@
 ## 5.1.0
 ### Deprecated APIs
 * The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
  class have been deprecated in favor of the newly added `dominatingEdge`
  predicate.
 ### Minor Analysis Improvements
 * Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
 * C# 13: Add generated models for .NET 9.
 * The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
 * Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.0
+lastReleaseVersion: 5.1.0
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.0.1-dev
+version: 5.1.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.17
 No user-facing changes.
 ## 1.0.16
 ### Minor Analysis Improvements
--- a/csharp/ql/src/change-notes/released/1.0.17.md
+++ b/csharp/ql/src/change-notes/released/1.0.17.md
@@ -0,0 +1,3 @@
 ## 1.0.17
 No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.16
+lastReleaseVersion: 1.0.17
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.17-dev
+version: 1.0.17
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.17
 No user-facing changes.
 ## 1.0.16
 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.17.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.17.md
@@ -0,0 +1,3 @@
 ## 1.0.17
 No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.16
+lastReleaseVersion: 1.0.17
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.17-dev
+version: 1.0.17
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
 ## 4.1.0
 ### Deprecated APIs
 * The class `NamedType` has been deprecated. Use the new class `DefinedType` instead. This better matches the terminology used in the Go language specification, which was changed in Go 1.9.
 * The member predicate `getNamedType` on `GoMicro::ServiceInterfaceType` has been deprecated. Use the new member predicate `getDefinedType` instead.
 * The member predicate `getNamedType` on `Twirp::ServiceInterfaceType` has been deprecated. Use the new member predicate `getDefinedType` instead.
 ### Minor Analysis Improvements
 * Taint models have been added for the `weak` package, which was added in Go 1.24.
 * Taint models have been added for the interfaces `TextAppender` and `BinaryAppender` in the `encoding` package, which were added in Go 1.24.
 ## 4.0.0
 ### Breaking Changes
--- a/go/ql/lib/change-notes/2025-01-09-model-stdlib-1.24.md
+++ b/go/ql/lib/change-notes/2025-01-09-model-stdlib-1.24.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Taint models have been added for the `weak` package, which was added in Go 1.24.
 * Taint models have been added for the interfaces `TextAppender` and `BinaryAppender` in the `encoding` package, which were added in Go 1.24.
--- a/go/ql/lib/change-notes/2025-02-12-deprecate-namedtype.md
+++ b/go/ql/lib/change-notes/2025-02-12-deprecate-namedtype.md
@@ -1,6 +1,12 @@
---
+## 4.1.0
-category: deprecated
+
---
+### Deprecated APIs
 * The class `NamedType` has been deprecated. Use the new class `DefinedType` instead. This better matches the terminology used in the Go language specification, which was changed in Go 1.9.
 * The member predicate `getNamedType` on `GoMicro::ServiceInterfaceType` has been deprecated. Use the new member predicate `getDefinedType` instead.
 * The member predicate `getNamedType` on `Twirp::ServiceInterfaceType` has been deprecated. Use the new member predicate `getDefinedType` instead.
 ### Minor Analysis Improvements
 * Taint models have been added for the `weak` package, which was added in Go 1.24.
 * Taint models have been added for the interfaces `TextAppender` and `BinaryAppender` in the `encoding` package, which were added in Go 1.24.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.1.0
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.0.1-dev
+version: 4.1.0
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.1.8
 ### Minor Analysis Improvements
 * Added [github.com/gorilla/mux.Vars](https://pkg.go.dev/github.com/gorilla/mux#Vars) to path sanitizers (disabled if [github.com/gorilla/mix.Router.SkipClean](https://pkg.go.dev/github.com/gorilla/mux#Router.SkipClean) has been called).
 ## 1.1.7
 No user-facing changes.
--- a/go/ql/src/change-notes/2024-10-14-gopathsanitizer.md
+++ b/go/ql/src/change-notes/2024-10-14-gopathsanitizer.md
@@ -1,4 +1,5 @@
---
+## 1.1.8
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
-* Added [github.com/gorilla/mux.Vars](https://pkg.go.dev/github.com/gorilla/mux#Vars) to path sanitizers (disabled if [github.com/gorilla/mix.Router.SkipClean](https://pkg.go.dev/github.com/gorilla/mux#Router.SkipClean) has been called).
+
 * Added [github.com/gorilla/mux.Vars](https://pkg.go.dev/github.com/gorilla/mux#Vars) to path sanitizers (disabled if [github.com/gorilla/mix.Router.SkipClean](https://pkg.go.dev/github.com/gorilla/mux#Router.SkipClean) has been called).
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.7
+lastReleaseVersion: 1.1.8
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.8-dev
+version: 1.1.8
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 7.0.1
 No user-facing changes.
 ## 7.0.0
 ### Breaking Changes
--- a/java/ql/lib/change-notes/released/7.0.1.md
+++ b/java/ql/lib/change-notes/released/7.0.1.md
@@ -0,0 +1,3 @@
 ## 7.0.1
 No user-facing changes.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.0.0
+lastReleaseVersion: 7.0.1
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.0.1-dev
+version: 7.0.1
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.2.0
 ### New Queries
 * Added a new query, `java/csrf-unprotected-request-type`, to detect Cross-Site Request Forgery (CSRF) vulnerabilities due to using HTTP request types that are not default-protected from CSRF.
 ## 1.1.13
 ### Minor Analysis Improvements
--- a/java/ql/src/change-notes/2024-12-16-csrf-unprotected-request-type.md
+++ b/java/ql/src/change-notes/2024-12-16-csrf-unprotected-request-type.md
@@ -1,4 +1,5 @@
---
+## 1.2.0
-category: newQuery
+
---
+### New Queries
 * Added a new query, `java/csrf-unprotected-request-type`, to detect Cross-Site Request Forgery (CSRF) vulnerabilities due to using HTTP request types that are not default-protected from CSRF.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.13
+lastReleaseVersion: 1.2.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.1.14-dev
+version: 1.2.0
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 2.4.1
 ### Minor Analysis Improvements
 * Added support for regular expressions using the `v` flag.
 ## 2.4.0
 ### Major Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-02-16-v-flag.md
+++ b/javascript/ql/lib/change-notes/2025-02-16-v-flag.md
@@ -1,4 +1,5 @@
---
+## 2.4.1
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Added support for regular expressions using the `v` flag.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.4.0
+lastReleaseVersion: 2.4.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.4.1-dev
+version: 2.4.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
 ## 1.4.1
 ### Bug Fixes
 * Fixed a recently-introduced bug that prevented taint tracking through `URLSearchParams` objects.
  The original behaviour has been restored and taint should once again be tracked through such objects.
 * Fixed a rare issue that would occur when a function declaration inside a block statement was referenced before it was declared.
  Such code is reliant on legacy web semantics, which is non-standard but nevertheless implemented by most engines.
  CodeQL now takes legacy web semantics into account and resolves references to these functions correctly.
 * Fixed a bug that would cause parse errors in `.jsx` files in rare cases where the file
  contained syntax that was misinterpreted as Flow syntax.
 ## 1.4.0
 ### Major Analysis Improvements
--- a/javascript/ql/src/change-notes/2025-02-04-jsx-parser-first-attempt.md
+++ b/javascript/ql/src/change-notes/2025-02-04-jsx-parser-first-attempt.md
@@ -1,5 +0,0 @@
 ---
 category: fix
 ---
 * Fixed a bug that would cause parse errors in `.jsx` files in rare cases where the file
  contained syntax that was misinterpreted as Flow syntax.
--- a/javascript/ql/src/change-notes/2025-02-06-hoist-in-block.md
+++ b/javascript/ql/src/change-notes/2025-02-06-hoist-in-block.md
@@ -1,6 +0,0 @@
 ---
 category: fix
 ---
 * Fixed a rare issue that would occur when a function declaration inside a block statement was referenced before it was declared.
  Such code is reliant on legacy web semantics, which is non-standard but nevertheless implemented by most engines.
  CodeQL now takes legacy web semantics into account and resolves references to these functions correctly.
--- a/javascript/ql/src/change-notes/2025-02-13-url-search-params.md
+++ b/javascript/ql/src/change-notes/2025-02-13-url-search-params.md
@@ -1,5 +0,0 @@
 ---
 category: fix
 ---
 * Fixed a recently-introduced bug that prevented taint tracking through `URLSearchParams` objects.
  The original behaviour has been restored and taint should once again be tracked through such objects.
--- a/javascript/ql/src/change-notes/released/1.4.1.md
+++ b/javascript/ql/src/change-notes/released/1.4.1.md
@@ -0,0 +1,11 @@
 ## 1.4.1
 ### Bug Fixes
 * Fixed a recently-introduced bug that prevented taint tracking through `URLSearchParams` objects.
  The original behaviour has been restored and taint should once again be tracked through such objects.
 * Fixed a rare issue that would occur when a function declaration inside a block statement was referenced before it was declared.
  Such code is reliant on legacy web semantics, which is non-standard but nevertheless implemented by most engines.
  CodeQL now takes legacy web semantics into account and resolves references to these functions correctly.
 * Fixed a bug that would cause parse errors in `.jsx` files in rare cases where the file
  contained syntax that was misinterpreted as Flow syntax.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.4.1-dev
+version: 1.4.1
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.17
 No user-facing changes.
 ## 1.0.16
 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.17.md
+++ b/misc/suite-helpers/change-notes/released/1.0.17.md
@@ -0,0 +1,3 @@
 ## 1.0.17
 No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.16
+lastReleaseVersion: 1.0.17
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.17-dev
+version: 1.0.17
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 4.0.1
 ### Bug Fixes
 - Fixed a bug in the extractor where a comment inside a subscript could sometimes cause the AST to be missing nodes.
 - Using the `break` and `continue` keywords outside of a loop, which is a syntax error but is accepted by our parser, would cause the control-flow construction to fail. This is now no longer the case.
 ## 4.0.0
 ### Breaking Changes
--- a/python/ql/lib/change-notes/2025-02-06-allow-comments-in-subscripts.md
+++ b/python/ql/lib/change-notes/2025-02-06-allow-comments-in-subscripts.md
@@ -1,5 +0,0 @@
 ---
 category: fix
 ---
 - Fixed a bug in the extractor where a comment inside a subscript could sometimes cause the AST to be missing nodes.
--- a/python/ql/lib/change-notes/2025-02-06-robustly-handle-loop-constructs.md
+++ b/python/ql/lib/change-notes/2025-02-06-robustly-handle-loop-constructs.md
@@ -1,5 +1,6 @@
---
+## 4.0.1
 category: fix
 ---
 ### Bug Fixes
 - Fixed a bug in the extractor where a comment inside a subscript could sometimes cause the AST to be missing nodes.
 - Using the `break` and `continue` keywords outside of a loop, which is a syntax error but is accepted by our parser, would cause the control-flow construction to fail. This is now no longer the case.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.0.1
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.1-dev
+version: 4.0.1
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.4.3
 No user-facing changes.
 ## 1.4.2
 No user-facing changes.
--- a/python/ql/src/change-notes/released/1.4.3.md
+++ b/python/ql/src/change-notes/released/1.4.3.md
@@ -0,0 +1,3 @@
 ## 1.4.3
 No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.2
+lastReleaseVersion: 1.4.3
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.4.3-dev
+version: 1.4.3
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
 ## 4.1.0
 ### Deprecated APIs
 * The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
  class have been deprecated in favor of the newly added `dominatingEdge`
  predicate.
 ## 4.0.0
 ### Breaking Changes
--- a/csharp/ql/lib/change-notes/2025-02-11-basic-block-rename.md
+++ b/csharp/ql/lib/change-notes/2025-02-11-basic-block-rename.md
@@ -1,6 +1,7 @@
---
+## 4.1.0
-category: deprecated
+
---
+### Deprecated APIs
 * The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
  class have been deprecated in favor of the newly added `dominatingEdge`
  predicate.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.1.0
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 4.0.1-dev
+version: 4.1.0
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.1.12
 No user-facing changes.
 ## 1.1.11
 No user-facing changes.
--- a/ruby/ql/src/change-notes/released/1.1.12.md
+++ b/ruby/ql/src/change-notes/released/1.1.12.md
@@ -0,0 +1,3 @@
 ## 1.1.12
 No user-facing changes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.11
+lastReleaseVersion: 1.1.12
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.1.12-dev
+version: 1.1.12
 groups:
  - ruby
  - queries
--- a/rust/ql/lib/CHANGELOG.md
+++ b/rust/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.1.2
 No user-facing changes.
 ## 0.1.1
 No user-facing changes.
--- a/rust/ql/lib/change-notes/released/0.1.2.md
+++ b/rust/ql/lib/change-notes/released/0.1.2.md
@@ -0,0 +1,3 @@
 ## 0.1.2
 No user-facing changes.
--- a/rust/ql/lib/codeql-pack.release.yml
+++ b/rust/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.1
+lastReleaseVersion: 0.1.2
--- a/rust/ql/lib/qlpack.yml
+++ b/rust/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.1.2-dev
+version: 0.1.2
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme
--- a/rust/ql/src/CHANGELOG.md
+++ b/rust/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.1.2
 No user-facing changes.
 ## 0.1.1
 No user-facing changes.
--- a/rust/ql/src/change-notes/released/0.1.2.md
+++ b/rust/ql/src/change-notes/released/0.1.2.md
@@ -0,0 +1,3 @@
 ## 0.1.2
 No user-facing changes.
--- a/rust/ql/src/codeql-pack.release.yml
+++ b/rust/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.1
+lastReleaseVersion: 0.1.2
--- a/rust/ql/src/qlpack.yml
+++ b/rust/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-queries
-version: 0.1.2-dev
+version: 0.1.2
 groups:
  - rust
  - queries
--- a/shared/controlflow/CHANGELOG.md
+++ b/shared/controlflow/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 2.0.1
 No user-facing changes.
 ## 2.0.0
 ### Breaking Changes
--- a/shared/controlflow/change-notes/released/2.0.1.md
+++ b/shared/controlflow/change-notes/released/2.0.1.md
@@ -0,0 +1,3 @@
 ## 2.0.1
 No user-facing changes.
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 0.4.2`	`lastReleaseVersion: 0.4.3`