Release preparation for version 2.11.1

2026-04-30 19:26:02 +02:00 · 2022-10-07 02:20:28 +00:00
parent 10eb548156
commit a02dcdc5e1
88 changed files with 257 additions and 127 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,26 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
+    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
+    * `CookieCall`, now accessed as `Rails::CookieCall`.
+* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
+    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
+    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
+    * `RenderCall`, now accessed as `Rails::RenderCall`.
+    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
+* Subclasses of `ActionController::Metal` are now recognised as controllers.
+* `ActionController::DataStreaming::send_file` is now recognized as a
+  `FileSystemAccess`.
+* Various XSS sinks in the ActionView library are now recognized.
+* Calls to `ActiveRecord::Base.create` are now recognized as model
+  instantiations.
+* Various code executions, command executions and HTTP requests in the
+  ActiveStorage library are now recognized.
+* `MethodBase` now has two new predicates related to visibility: `isPublic` and
+  `isProtected`. These hold, respectively, if the method is public or protected.
+
 ## 0.4.0

 ### Breaking Changes
--- a/ruby/ql/lib/change-notes/2022-08-16-protected-methods.md
+++ b/ruby/ql/lib/change-notes/2022-08-16-protected-methods.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* `MethodBase` now has two new predicates related to visibility: `isPublic` and
-  `isProtected`. These hold, respectively, if the method is public or protected.
--- a/ruby/ql/lib/change-notes/2022-08-30-activestorage.md
+++ b/ruby/ql/lib/change-notes/2022-08-30-activestorage.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Various code executions, command executions and HTTP requests in the
-  ActiveStorage library are now recognized.
-
--- a/ruby/ql/lib/change-notes/2022-09-27-actionview.md
+++ b/ruby/ql/lib/change-notes/2022-09-27-actionview.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Various XSS sinks in the ActionView library are now recognized.
--- a/ruby/ql/lib/change-notes/2022-09-27-activerecord-create.md
+++ b/ruby/ql/lib/change-notes/2022-09-27-activerecord-create.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Calls to `ActiveRecord::Base.create` are now recognized as model
-  instantiations.
--- a/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-metal.md
+++ b/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-metal.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Subclasses of `ActionController::Metal` are now recognised as controllers.
--- a/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-sendfile.md
+++ b/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-sendfile.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* `ActionController::DataStreaming::send_file` is now recognized as a
-  `FileSystemAccess`.
-
--- a/ruby/ql/lib/change-notes/2022-10-04-actionview-controller-renames.md
+++ b/ruby/ql/lib/change-notes/2022-10-04-actionview-controller-renames.md
@@ -1,11 +0,0 @@
---
-category: minorAnalysis
---
-* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
-    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
-    * `CookieCall`, now accessed as `Rails::CookieCall`.
-* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
-    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
-    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
-    * `RenderCall`, now accessed as `Rails::RenderCall`.
-    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
--- a/ruby/ql/lib/change-notes/released/0.4.1.md
+++ b/ruby/ql/lib/change-notes/released/0.4.1.md
@@ -0,0 +1,22 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
+    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
+    * `CookieCall`, now accessed as `Rails::CookieCall`.
+* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
+    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
+    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
+    * `RenderCall`, now accessed as `Rails::RenderCall`.
+    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
+* Subclasses of `ActionController::Metal` are now recognised as controllers.
+* `ActionController::DataStreaming::send_file` is now recognized as a
+  `FileSystemAccess`.
+* Various XSS sinks in the ActionView library are now recognized.
+* Calls to `ActiveRecord::Base.create` are now recognized as model
+  instantiations.
+* Various code executions, command executions and HTTP requests in the
+  ActiveStorage library are now recognized.
+* `MethodBase` now has two new predicates related to visibility: `isPublic` and
+  `isProtected`. These hold, respectively, if the method is public or protected.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.1-dev
+version: 0.4.1
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The `rb/xxe` query has been updated to add the following sinks for XML external entity expansion:
+    1. Calls to parse XML using `LibXML` when its `default_substitute_entities` option is enabled.
+    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
+
 ## 0.4.0

 ### New Queries
--- a/ruby/ql/src/change-notes/2022-09-27-libxml-xxe.md
+++ b/ruby/ql/src/change-notes/2022-09-27-libxml-xxe.md
@@ -1,6 +1,7 @@
---
-category: minorAnalysis
---
+## 0.4.1
+
+### Minor Analysis Improvements
+
 * The `rb/xxe` query has been updated to add the following sinks for XML external entity expansion:
    1. Calls to parse XML using `LibXML` when its `default_substitute_entities` option is enabled.
-    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
+    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - ruby
  - queries