Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0

Post-release preparation for codeql-cli-2.13.0

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,24 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.
+
+### Minor Analysis Improvements
+
+* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
+3.1 and 3.2.
+* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
+* Accesses of `params` in Sinatra applications are now recognized as HTTP input accesses.
+* Data flow is tracked from Sinatra route handlers to ERB files.
+* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
+
+### Bug Fixes
+
+* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
+
 ## 0.5.6
 
 No user-facing changes.

ruby/ql/lib/change-notes/2023-03-13-sinatra.md

@@ -1,6 +0,0 @@
----
- category: minorAnalysis
----
-* Accesses of `params` in Sinatra applications are now recognised as HTTP input accesses.
-* Data flow is tracked from Sinatra route handlers to ERB files.
-* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.

ruby/ql/lib/change-notes/2023-03-16-cleartext-hash-flow.md

@@ -1,4 +0,0 @@
----
- category: minorAnalysis
----
-* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.

ruby/ql/lib/change-notes/2023-03-21-evaluation-order.md

@@ -1,5 +0,0 @@
----
- category: minorAnalysis
----
-* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
-3.1 and 3.2.

ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md

@@ -1,6 +0,0 @@
----
-category: deprecated
----
-* The recently introduced new data flow and taint tracking APIs have had a
-  number of module and predicate renamings. The old APIs remain in place for
-  now.

ruby/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.

ruby/ql/lib/change-notes/released/0.6.0.md

@@ -0,0 +1,20 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.
+
+### Minor Analysis Improvements
+
+* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 
+3.1 and 3.2.
+* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
+* Accesses of `params` in Sinatra applications are now recognized as HTTP input accesses.
+* Data flow is tracked from Sinatra route handlers to ERB files.
+* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
+
+### Bug Fixes
+
+* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.6
+lastReleaseVersion: 0.6.0

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.0-dev
+version: 0.6.1-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.6.0
+
+### New Queries
+
+* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.
+
 ## 0.5.6
 
 ### Minor Analysis Improvements

ruby/ql/src/change-notes/released/0.6.0.md

@@ -1,4 +1,5 @@
----
-category: newQuery
----
-* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.
+## 0.6.0
+
+### New Queries
+
+* Added a new experimental query, `rb/server-side-template-injection`, to detect cases where user input may be embedded into a template's code in an unsafe manner.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.6
+lastReleaseVersion: 0.6.0

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.6.0-dev
+version: 0.6.1-dev
 groups: 
   - ruby
   - queries