Release preparation for version 2.20.1

2026-04-25 16:55:19 +02:00 · 2025-01-06 18:20:22 +00:00
parent 0c2e05717f
commit a121c5a5d0
168 changed files with 447 additions and 197 deletions
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 3.1.0
+
+### New Features
+
+- Added support for parameter annotations in API graphs. This means that in a function definition such as `def foo(x: Bar): ...`, you can now use the `getInstanceFromAnnotation()` method to step from `Bar` to `x`. In addition to this, the `getAnInstance` method now also includes instances arising from parameter annotations.
+
+### Minor Analysis Improvements
+
+* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input,
+  and modeling of tainted data flow out of these request objects.
+
 ## 3.0.0

 ### Breaking Changes
--- a/python/ql/lib/change-notes/2024-12-18-fastapi-request-modeling.md
+++ b/python/ql/lib/change-notes/2024-12-18-fastapi-request-modeling.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input,
-  and modeling of tainted data flow out of these request objects.
--- a/python/ql/lib/change-notes/2024-11-26-parameter-annotation-api-graph-support.md
+++ b/python/ql/lib/change-notes/2024-11-26-parameter-annotation-api-graph-support.md
@@ -1,5 +1,10 @@
---
-category: feature
---
+## 3.1.0
+
+### New Features

 - Added support for parameter annotations in API graphs. This means that in a function definition such as `def foo(x: Bar): ...`, you can now use the `getInstanceFromAnnotation()` method to step from `Bar` to `x`. In addition to this, the `getAnInstance` method now also includes instances arising from parameter annotations.
+
+### Minor Analysis Improvements
+
+* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input,
+  and modeling of tainted data flow out of these request objects.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 3.0.0
+lastReleaseVersion: 3.1.0
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 3.0.1-dev
+version: 3.1.0
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.4.0
+
+### New Queries
+
+* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
+
 ## 1.3.4

 No user-facing changes.
--- a/python/ql/src/change-notes/2024-11-21-template-injection.md
+++ b/python/ql/src/change-notes/2024-11-21-template-injection.md
@@ -1,4 +1,5 @@
---
-category: newQuery
---
-* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
+## 1.4.0
+
+### New Queries
+
+* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.4
+lastReleaseVersion: 1.4.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.3.5-dev
+version: 1.4.0
 groups:
  - python
  - queries