Release preparation for version 2.20.1

2026-04-25 08:45:14 +02:00 · 2025-01-06 18:20:22 +00:00
parent 0c2e05717f
commit a121c5a5d0
168 changed files with 447 additions and 197 deletions
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.31
+
+No user-facing changes.
+
 ## 1.7.30

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.31.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.31.md
@@ -0,0 +1,3 @@
+## 1.7.31
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.30
+lastReleaseVersion: 1.7.31
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.31-dev
+version: 1.7.31
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.31
+
+No user-facing changes.
+
 ## 1.7.30

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.31.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.31.md
@@ -0,0 +1,3 @@
+## 1.7.31
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.30
+lastReleaseVersion: 1.7.31
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.31-dev
+version: 1.7.31
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 4.0.1
+
+### Minor Analysis Improvements
+
+* C# 13: Added QL library support for *collection* like type `params` parameters.
+* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
+  - `[SupplyParameterFromForm]`
+  - `[SupplyParameterFromQuery]`
+* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
+* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
+* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
+* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
+
 ## 4.0.0

 ### Breaking Changes
--- a/csharp/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md
+++ b/csharp/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
--- a/csharp/ql/lib/change-notes/2024-12-04-dotnet9.md
+++ b/csharp/ql/lib/change-notes/2024-12-04-dotnet9.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
--- a/csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md
+++ b/csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
--- a/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md
+++ b/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
--- a/csharp/ql/lib/change-notes/2024-12-18-blazor-attribute-sources.md
+++ b/csharp/ql/lib/change-notes/2024-12-18-blazor-attribute-sources.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
-  - `[SupplyParameterFromForm]`
-  - `[SupplyParameterFromQuery]`
--- a/csharp/ql/lib/change-notes/2024-12-20-collection-params.md
+++ b/csharp/ql/lib/change-notes/2024-12-20-collection-params.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* C# 13: Added QL library support for *collection* like type `params` parameters.
--- a/csharp/ql/lib/change-notes/released/4.0.1.md
+++ b/csharp/ql/lib/change-notes/released/4.0.1.md
@@ -0,0 +1,12 @@
+## 4.0.1
+
+### Minor Analysis Improvements
+
+* C# 13: Added QL library support for *collection* like type `params` parameters.
+* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
+  - `[SupplyParameterFromForm]`
+  - `[SupplyParameterFromQuery]`
+* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
+* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
+* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
+* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.0.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 4.0.1-dev
+version: 4.0.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.0.14
+
+### Minor Analysis Improvements
+
+* The `ExternalApi` and `TestLibrary` modules have been moved to the library pack.
+
 ## 1.0.13

 ### Minor Analysis Improvements
--- a/csharp/ql/src/change-notes/2024-12-17-move-libraries.md
+++ b/csharp/ql/src/change-notes/2024-12-17-move-libraries.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 1.0.14
+
+### Minor Analysis Improvements
+
 * The `ExternalApi` and `TestLibrary` modules have been moved to the library pack.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.13
+lastReleaseVersion: 1.0.14
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.14-dev
+version: 1.0.14
 groups:
  - csharp
  - queries