mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Release preparation for version 2.20.0
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,13 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `NonThrowing` class (`semmle.code.cpp.models.interfaces.NonThrowing`) has been deprecated. Please use the `NonCppThrowingFunction` class instead.
|
||||
|
||||
## 2.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `NonThrowing` class (`semmle.code.cpp.models.interfaces.NonThrowing`) has been deprecated. Please use the `NonCppThrowingFunction` class instead.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `NonThrowing` class (`semmle.code.cpp.models.interfaces.NonThrowing`) has been deprecated. Please use the `NonCppThrowingFunction` class instead.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.1.1
|
||||
lastReleaseVersion: 3.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 2.1.2-dev
|
||||
version: 3.0.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 1.3.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new high-precision quality query, `cpp/guarded-free`, which detects useless NULL pointer checks before calls to `free`. A variation of this query was originally contributed as an [experimental query by @mario-campos](https://github.com/github/codeql/pull/16331).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
|
||||
|
||||
## 1.2.7
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 1.3.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new high-precision quality query, `cpp/guarded-free`, which detects useless NULL pointer checks before calls to `free`. A variation of this query was originally contributed as an [experimental query by @mario-campos](https://github.com/github/codeql/pull/16331).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.2.7
|
||||
lastReleaseVersion: 1.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.2.8-dev
|
||||
version: 1.3.0
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.30
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.29
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.30
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.29
|
||||
lastReleaseVersion: 1.7.30
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.30-dev
|
||||
version: 1.7.30
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.30
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.29
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.30
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.29
|
||||
lastReleaseVersion: 1.7.30
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.30-dev
|
||||
version: 1.7.30
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 4.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for data-flow through member accesses of objects with `dynamic` types.
|
||||
* Only extract *public* and *protected* members from reference assemblies. This yields an approximate average speed-up of around 10% for extraction and query execution. Custom MaD rows using `Field`-based summaries may need to be changed to `SyntheticField`-based flows if they reference private fields.
|
||||
* Added `Microsoft.AspNetCore.Components.NagivationManager::Uri` as a remote flow source, since this value may contain user-specified values.
|
||||
* Added the following URI-parsing methods as summaries, as they may be tainted with user-specified values:
|
||||
- `System.Web.HttpUtility::ParseQueryString`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseQuery`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseNullableQuery`
|
||||
* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript.
|
||||
|
||||
## 3.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript.
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `Microsoft.AspNetCore.Components.NagivationManager::Uri` as a remote flow source, since this value may contain user-specified values.
|
||||
* Added the following URI-parsing methods as summaries, as they may be tainted with user-specified values:
|
||||
- `System.Web.HttpUtility::ParseQueryString`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseQuery`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseNullableQuery`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added support for data-flow through member accesses of objects with `dynamic` types.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Only extract *public* and *protected* members from reference assemblies. This yields an approximate average speed-up of around 10% for extraction and query execution. Custom MaD rows using `Field`-based summaries may need to be changed to `SyntheticField`-based flows if they reference private fields.
|
||||
16
csharp/ql/lib/change-notes/released/4.0.0.md
Normal file
16
csharp/ql/lib/change-notes/released/4.0.0.md
Normal file
@@ -0,0 +1,16 @@
|
||||
## 4.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for data-flow through member accesses of objects with `dynamic` types.
|
||||
* Only extract *public* and *protected* members from reference assemblies. This yields an approximate average speed-up of around 10% for extraction and query execution. Custom MaD rows using `Field`-based summaries may need to be changed to `SyntheticField`-based flows if they reference private fields.
|
||||
* Added `Microsoft.AspNetCore.Components.NagivationManager::Uri` as a remote flow source, since this value may contain user-specified values.
|
||||
* Added the following URI-parsing methods as summaries, as they may be tainted with user-specified values:
|
||||
- `System.Web.HttpUtility::ParseQueryString`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseQuery`
|
||||
- `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseNullableQuery`
|
||||
* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 3.1.1
|
||||
lastReleaseVersion: 4.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 3.1.2-dev
|
||||
version: 4.0.0
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.0.13
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* `csharp/diagnostic/database-quality` has been changed to exclude various property access expressions from database quality evaluation. The excluded property access expressions are expected to have no target callables even in manual or autobuilt databases.
|
||||
|
||||
## 1.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.0.13
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* `csharp/diagnostic/database-quality` has been changed to exclude various property access expressions from database quality evaluation. The excluded property access expressions are expected to have no target callables even in manual or autobuilt databases.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.12
|
||||
lastReleaseVersion: 1.0.13
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.0.13-dev
|
||||
version: 1.0.13
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.12
|
||||
lastReleaseVersion: 1.0.13
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.13-dev
|
||||
version: 1.0.13
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,17 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.
|
||||
|
||||
## 2.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
|
||||
13
go/ql/lib/change-notes/released/3.0.0.md
Normal file
13
go/ql/lib/change-notes/released/3.0.0.md
Normal file
@@ -0,0 +1,13 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.1.3
|
||||
lastReleaseVersion: 3.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 2.1.4-dev
|
||||
version: 3.0.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.1.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added value flow models for functions in the `slices` package which do not involve the `iter` package.
|
||||
|
||||
## 1.1.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.1.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added value flow models for functions in the `slices` package which do not involve the `iter` package.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.3
|
||||
lastReleaseVersion: 1.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.1.4-dev
|
||||
version: 1.1.4
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 5.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Calling `coll.contains(x)` is now a taint sanitizer (for any query) for the value `x`, where `coll` is a collection of constants.
|
||||
|
||||
## 4.2.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Calling `coll.contains(x)` is now a taint sanitizer (for any query) for the value `x`, where `coll` is a collection of constants.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 5.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Calling `coll.contains(x)` is now a taint sanitizer (for any query) for the value `x`, where `coll` is a collection of constants.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.2.1
|
||||
lastReleaseVersion: 5.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 4.2.2-dev
|
||||
version: 5.0.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 1.1.10
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SHA-384 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA-384.
|
||||
* Added SHA3 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA3.
|
||||
* The `java/weak-cryptographic-algorithm` query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. The `java/potentially-weak-cryptographic-algorithm` query has been updated to report these uses instead.
|
||||
|
||||
## 1.1.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added SHA3 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA3.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added SHA-384 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA-384.
|
||||
@@ -1,4 +1,7 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.1.10
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SHA-384 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA-384.
|
||||
* Added SHA3 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA3.
|
||||
* The `java/weak-cryptographic-algorithm` query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. The `java/potentially-weak-cryptographic-algorithm` query has been updated to report these uses instead.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.9
|
||||
lastReleaseVersion: 1.1.10
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.1.10-dev
|
||||
version: 1.1.10
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,12 +1,27 @@
|
||||
## 2.2.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The `js/incomplete-sanitization` query now also checks regular expressions constructed using `new RegExp(..)`. Previously it only checked regular expression literals.
|
||||
* Regular expression-based sanitisers implemented with `new RegExp(..)` are now detected in more cases.
|
||||
* Regular expression related queries now account for unknown flags.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added taint-steps for `String.prototype.toWellFormed`.
|
||||
* Added taint-steps for `Map.groupBy` and `Object.groupBy`.
|
||||
* Added taint-steps for `Array.prototype.findLast`
|
||||
* Added taint-steps for `Array.prototype.findLastIndex`
|
||||
|
||||
## 2.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
Added taint-steps for `Array.prototype.with`.
|
||||
Added taint-steps for `Array.prototype.toSpliced`
|
||||
* Added taint-steps for `Array.prototype.with`.
|
||||
* Added taint-steps for `Array.prototype.toSpliced`
|
||||
* Added taint-steps for `Array.prototype.toReversed`.
|
||||
* Added taint-steps for `Array.prototype.toSorted`.
|
||||
Added support for `String.prototype.matchAll`.
|
||||
* Added support for `String.prototype.matchAll`.
|
||||
* Added taint-steps for `Array.prototype.reverse`
|
||||
|
||||
## 2.1.0
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint-steps for `Array.prototype.findLast`
|
||||
* Added taint-steps for `Array.prototype.findLastIndex`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint-steps for `String.prototype.toWellFormed`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint-steps for `Map.groupBy` and `Object.groupBy`.
|
||||
@@ -1,6 +1,14 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 2.2.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The `js/incomplete-sanitization` query now also checks regular expressions constructed using `new RegExp(..)`. Previously it only checked regular expression literals.
|
||||
* Regular expression-based sanitisers implemented with `new RegExp(..)` are now detected in more cases.
|
||||
* Regular expression related queries now account for unknown flags.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added taint-steps for `String.prototype.toWellFormed`.
|
||||
* Added taint-steps for `Map.groupBy` and `Object.groupBy`.
|
||||
* Added taint-steps for `Array.prototype.findLast`
|
||||
* Added taint-steps for `Array.prototype.findLastIndex`
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.1.1
|
||||
lastReleaseVersion: 2.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.1.2-dev
|
||||
version: 2.2.0
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.2.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.2.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
javascript/ql/src/change-notes/released/1.2.5.md
Normal file
3
javascript/ql/src/change-notes/released/1.2.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.2.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.2.4
|
||||
lastReleaseVersion: 1.2.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 1.2.5-dev
|
||||
version: 1.2.5
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.13.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.13.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.12
|
||||
lastReleaseVersion: 1.0.13
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.13-dev
|
||||
version: 1.0.13
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- Fixed a problem with the control-flow graph construction, where writing `case True:` or `case False:` would cause parts of the graph to be pruned by mistake.
|
||||
|
||||
## 2.2.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
|
||||
- Fixed a problem with the control-flow graph construction, where writing `case True:` or `case False:` would cause parts of the graph to be pruned by mistake.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
9
python/ql/lib/change-notes/released/3.0.0.md
Normal file
9
python/ql/lib/change-notes/released/3.0.0.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- Fixed a problem with the control-flow graph construction, where writing `case True:` or `case False:` would cause parts of the graph to be pruned by mistake.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.2.0
|
||||
lastReleaseVersion: 3.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 2.2.1-dev
|
||||
version: 3.0.0
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.3.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.3.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
python/ql/src/change-notes/released/1.3.4.md
Normal file
3
python/ql/src/change-notes/released/1.3.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.3.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.3.3
|
||||
lastReleaseVersion: 1.3.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 1.3.4-dev
|
||||
version: 1.3.4
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
|
||||
## 2.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.0.4
|
||||
lastReleaseVersion: 3.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 2.0.5-dev
|
||||
version: 3.0.0
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.7
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
ruby/ql/src/change-notes/released/1.1.8.md
Normal file
3
ruby/ql/src/change-notes/released/1.1.8.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.1.8
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.7
|
||||
lastReleaseVersion: 1.1.8
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 1.1.8-dev
|
||||
version: 1.1.8
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
shared/controlflow/change-notes/released/1.0.13.md
Normal file
3
shared/controlflow/change-notes/released/1.0.13.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.12
|
||||
lastReleaseVersion: 1.0.13
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/controlflow
|
||||
version: 1.0.13-dev
|
||||
version: 1.0.13
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.7
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
shared/dataflow/change-notes/released/1.1.7.md
Normal file
3
shared/dataflow/change-notes/released/1.1.7.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.1.7
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.6
|
||||
lastReleaseVersion: 1.1.7
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/dataflow
|
||||
version: 1.1.7-dev
|
||||
version: 1.1.7
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
shared/mad/change-notes/released/1.0.13.md
Normal file
3
shared/mad/change-notes/released/1.0.13.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.12
|
||||
lastReleaseVersion: 1.0.13
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user