Merge branch 'main' into amammad-python-WebAppsConstatntSecretKeys

2026-04-25 00:35:20 +02:00 · 2023-07-14 14:32:43 +02:00
parent 2ba83022c7 9193de6898
commit 8279cf7c9c
677 changed files with 15882 additions and 4544 deletions
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.8.0
+
+### Bug Fixes
+
+* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
+
+## 0.7.4
+
+No user-facing changes.
+
 ## 0.7.3

 ### Bug Fixes
--- a/python/ql/src/change-notes/2023-07-06-aiohttp-clientsession-modeling.md
+++ b/python/ql/src/change-notes/2023-07-06-aiohttp-clientsession-modeling.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed modeling of `aiohttp.ClientSession` so we properly handle `async with` uses. This can impact results of server-side request forgery queries (`py/full-ssrf`, `py/partial-ssrf`).
--- a/python/ql/src/change-notes/released/0.7.4.md
+++ b/python/ql/src/change-notes/released/0.7.4.md
@@ -0,0 +1,3 @@
+## 0.7.4
+
+No user-facing changes.
--- a/python/ql/src/change-notes/2023-06-16-zipslip-rename.md
+++ b/python/ql/src/change-notes/2023-06-16-zipslip-rename.md
@@ -1,4 +1,5 @@
---
-category: fix
---
+## 0.8.0
+
+### Bug Fixes
+
 * The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.3
+lastReleaseVersion: 0.8.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.7.4-dev
+version: 0.8.1-dev
 groups: 
  - python
  - queries