Release preparation for version 2.25.4

2026-05-14 11:19:27 +02:00 · 2026-05-05 09:34:30 +00:00
parent 4c1461ad5b
commit 88e1d86c27
184 changed files with 514 additions and 196 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 2.7.0
+
+### New Features
+
+* Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognized via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.
+* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
+
 ## 2.6.28

 No user-facing changes.
--- a/javascript/ql/lib/change-notes/2026-03-20-data-extensions-barriers.md
+++ b/javascript/ql/lib/change-notes/2026-03-20-data-extensions-barriers.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
--- a/javascript/ql/lib/change-notes/2026-04-12-vercel-node.md
+++ b/javascript/ql/lib/change-notes/2026-04-12-vercel-node.md
@@ -1,4 +1,6 @@
---
-category: feature
---
+## 2.7.0
+
+### New Features
+
 * Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognized via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.
+* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.28
+lastReleaseVersion: 2.7.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.29-dev
+version: 2.7.0
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 2.3.9
+
+No user-facing changes.
+
 ## 2.3.8

 ### Minor Analysis Improvements
--- a/javascript/ql/src/change-notes/released/2.3.9.md
+++ b/javascript/ql/src/change-notes/released/2.3.9.md
@@ -0,0 +1,3 @@
+## 2.3.9
+
+No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.3.8
+lastReleaseVersion: 2.3.9
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.3.9-dev
+version: 2.3.9
 groups:
  - javascript
  - queries