Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0

Post-release preparation for codeql-cli-2.13.0
2025-12-20 18:56:32 +01:00 · 2023-04-18 14:40:40 +01:00
parent ba49386e6c 648f0e19ec
commit 924ce250dd
142 changed files with 531 additions and 323 deletions
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.6.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.0.
+
+### Minor Analysis Improvements
+
+* `router.push` and `router.replace` in `Next.js` are now considered as XSS sink.
+* The crypto-js module in `CryptoLibraries.qll` now supports progressive hashing with algo.update().
+
 ## 0.5.2

 No user-facing changes.
--- a/javascript/ql/lib/change-notes/2023-01-27-typescript-5-0.md
+++ b/javascript/ql/lib/change-notes/2023-01-27-typescript-5-0.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Added support for TypeScript 5.0.
--- a/javascript/ql/lib/change-notes/2023-03-26-CryptoJS-progressive-hashing.md
+++ b/javascript/ql/lib/change-notes/2023-03-26-CryptoJS-progressive-hashing.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The crypto-js module in `CryptoLibraries.qll` now supports progressive hashing with algo.update().
--- a/javascript/ql/lib/change-notes/2023-04-08-NextJS-router-push.md
+++ b/javascript/ql/lib/change-notes/2023-04-08-NextJS-router-push.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* `router.push` and `router.replace` in `Next.js` are now considered as XSS sink.
--- a/javascript/ql/lib/change-notes/released/0.6.0.md
+++ b/javascript/ql/lib/change-notes/released/0.6.0.md
@@ -0,0 +1,10 @@
+## 0.6.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.0.
+
+### Minor Analysis Improvements
+
+* `router.push` and `router.replace` in `Next.js` are now considered as XSS sink.
+* The crypto-js module in `CryptoLibraries.qll` now supports progressive hashing with algo.update().
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.6.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.6.0-dev
+version: 0.6.1-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,18 @@
+## 0.6.0
+
+### Minor Analysis Improvements
+
+* The `DisablingCertificateValidation.ql` query has been updated to check `createServer` from `https` for disabled certificate validation.
+* Improved the model of jQuery to account for XSS sinks where the HTML string
+  is provided via a callback. This may lead to more results for the `js/xss` query.
+* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
+  such as AES-ECB.
+
+### Bug Fixes
+
+* Fixed a bug where a destructuring pattern could not be parsed if it had a property
+  named `get` or `set` with a default value.
+
 ## 0.5.6

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2023-03-16-block-modes.md
+++ b/javascript/ql/src/change-notes/2023-03-16-block-modes.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
-  such as AES-ECB.
--- a/javascript/ql/src/change-notes/2023-03-27-disabling-certificate-validation.md
+++ b/javascript/ql/src/change-notes/2023-03-27-disabling-certificate-validation.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `DisablingCertificateValidation.ql` query has been updated to check `createServer` from `https` for disabled certificate validation.
--- a/javascript/ql/src/change-notes/2023-03-27-jquery-callback-sinks.md
+++ b/javascript/ql/src/change-notes/2023-03-27-jquery-callback-sinks.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved the model of jQuery to account for XSS sinks where the HTML string
-  is provided via a callback. This may lead to more results for the `js/xss` query.
--- a/javascript/ql/src/change-notes/2023-04-04-getset-in-pattern.md
+++ b/javascript/ql/src/change-notes/2023-04-04-getset-in-pattern.md
@@ -1,5 +0,0 @@
---
-category: fix
---
-* Fixed a bug where a destructuring pattern could not be parsed if it had a property
-  named `get` or `set` with a default value.
--- a/javascript/ql/src/change-notes/released/0.6.0.md
+++ b/javascript/ql/src/change-notes/released/0.6.0.md
@@ -0,0 +1,14 @@
+## 0.6.0
+
+### Minor Analysis Improvements
+
+* The `DisablingCertificateValidation.ql` query has been updated to check `createServer` from `https` for disabled certificate validation.
+* Improved the model of jQuery to account for XSS sinks where the HTML string
+  is provided via a callback. This may lead to more results for the `js/xss` query.
+* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
+  such as AES-ECB.
+
+### Bug Fixes
+
+* Fixed a bug where a destructuring pattern could not be parsed if it had a property
+  named `get` or `set` with a default value.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.6
+lastReleaseVersion: 0.6.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.6.0-dev
+version: 0.6.1-dev
 groups: 
  - javascript
  - queries