From abf2b12b1cd0443739dea7a8b53fbcc45ac425dd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 5 Sep 2023 16:56:14 +0000 Subject: [PATCH] Release preparation for version 2.14.4 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++++ .../2023-08-24-no-taint-argv-indirections.md | 4 ---- .../2023-08-25-delete-or-delete-array.md | 4 ---- .../2023-08-25-getAllocatorCall-deprecated.md | 4 ---- cpp/ql/lib/change-notes/2023-08-29-delete-ir.md | 4 ---- cpp/ql/lib/change-notes/released/0.9.2.md | 14 ++++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 12 ++++++++++++ .../2023-08-21-invalid-pointer-deref.md | 4 ---- .../2023-08-24-no-taint-argv-indirections.md | 4 ---- ...23-08-24-remove-non-constant-assign-sources.md | 4 ---- .../2023-08-25-compare-where-assign-meant.md | 4 ---- cpp/ql/src/change-notes/released/0.7.4.md | 11 +++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.6.4.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.6.4.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 6 ++++++ .../0.7.4.md} | 9 +++++---- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/0.7.4.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 ++++++ .../0.6.4.md} | 9 +++++---- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/0.6.4.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 3 +++ .../automodel/src/change-notes/released/0.0.3.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 ++ java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 13 +++++++++++++ .../change-notes/2023-08-07-jaxrs-new-models.md | 4 ---- ...2023-08-21-java-command-injection-sanitizer.md | 4 ---- .../change-notes/2023-08-23-mad-nestednames.md | 4 ---- .../lib/change-notes/2023-08-24-kotlin-1.9.10.md | 4 ---- .../0.7.4.md} | 14 +++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 10 ++++++++++ .../src/change-notes/2023-07-19-xxe-new-sinks.md | 4 ---- .../0.7.4.md} | 10 +++++++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 ++++++ .../lib/change-notes/2023-06-30-typescript-5-2.md | 4 ---- javascript/ql/lib/change-notes/released/0.7.4.md | 5 +++++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 11 +++++++++++ .../2023-08-23-fix-cyclic-alias-extraction.md | 4 ---- .../change-notes/2023-08-23-ignore-huge-files.md | 4 ---- .../change-notes/2023-08-23-import-path-string.md | 4 ---- javascript/ql/src/change-notes/released/0.7.4.md | 10 ++++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/0.6.4.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 +++++++ .../2023-07-20-shlex-quote-sanitizer.md | 4 ---- .../0.10.4.md} | 8 +++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 7 +++++++ .../2023-08-17-improved-path-graph.md | 4 ---- .../0.8.4.md} | 8 +++++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/0.7.4.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++++ .../0.7.4.md} | 7 ++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/0.0.3.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 10 ++++++++++ .../change-notes/2023-08-04-taint-tracking.md | 4 ---- .../change-notes/2023-08-24-inline-flow-test.md | 4 ---- shared/dataflow/change-notes/released/0.0.3.md | 9 +++++++++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/0.1.4.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/0.1.4.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/0.1.4.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/0.1.4.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../typetracking/change-notes/released/0.1.4.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/0.1.4.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/0.1.4.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/0.1.4.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++++ .../change-notes/2023-08-21-keypath-optionals.md | 5 ----- .../0.2.4.md} | 7 ++++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 6 ++++++ .../0.2.4.md} | 6 +++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 142 files changed, 392 insertions(+), 177 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md delete mode 100644 cpp/ql/lib/change-notes/2023-08-29-delete-ir.md create mode 100644 cpp/ql/lib/change-notes/released/0.9.2.md delete mode 100644 cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md delete mode 100644 cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md delete mode 100644 cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md delete mode 100644 cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md create mode 100644 cpp/ql/src/change-notes/released/0.7.4.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md rename csharp/ql/lib/change-notes/{2023-08-20-standaloneextraction-mscorlib.md => released/0.7.4.md} (50%) create mode 100644 csharp/ql/src/change-notes/released/0.7.4.md rename go/ql/lib/change-notes/{2023-08-28-add-error-sanitizer-for-xss.md => released/0.6.4.md} (54%) create mode 100644 go/ql/src/change-notes/released/0.6.4.md create mode 100644 java/ql/automodel/src/CHANGELOG.md create mode 100644 java/ql/automodel/src/change-notes/released/0.0.3.md create mode 100644 java/ql/automodel/src/codeql-pack.release.yml delete mode 100644 java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md delete mode 100644 java/ql/lib/change-notes/2023-08-23-mad-nestednames.md delete mode 100644 java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md rename java/ql/lib/change-notes/{2023-08-07-jaxrs-webmethod-improvements.md => released/0.7.4.md} (50%) delete mode 100644 java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md rename java/ql/src/change-notes/{2023-07-25-trust-boundary-violation-query.md => released/0.7.4.md} (50%) delete mode 100644 javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md create mode 100644 javascript/ql/lib/change-notes/released/0.7.4.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md delete mode 100644 javascript/ql/src/change-notes/2023-08-23-import-path-string.md create mode 100644 javascript/ql/src/change-notes/released/0.7.4.md create mode 100644 misc/suite-helpers/change-notes/released/0.6.4.md delete mode 100644 python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md rename python/ql/lib/change-notes/{2023-07-20-regex-parse-modes.md => released/0.10.4.md} (52%) delete mode 100644 python/ql/src/change-notes/2023-08-17-improved-path-graph.md rename python/ql/src/change-notes/{2023-08-29-fixed-jsonify-xss-fp.md => released/0.8.4.md} (56%) create mode 100644 ruby/ql/lib/change-notes/released/0.7.4.md rename ruby/ql/src/change-notes/{2023-05-29-improper-ldap-auth-query.md => released/0.7.4.md} (88%) create mode 100644 shared/controlflow/change-notes/released/0.0.3.md delete mode 100644 shared/dataflow/change-notes/2023-08-04-taint-tracking.md delete mode 100644 shared/dataflow/change-notes/2023-08-24-inline-flow-test.md create mode 100644 shared/dataflow/change-notes/released/0.0.3.md create mode 100644 shared/mad/change-notes/released/0.1.4.md create mode 100644 shared/regex/change-notes/released/0.1.4.md create mode 100644 shared/ssa/change-notes/released/0.1.4.md create mode 100644 shared/tutorial/change-notes/released/0.1.4.md create mode 100644 shared/typetracking/change-notes/released/0.1.4.md create mode 100644 shared/typos/change-notes/released/0.1.4.md create mode 100644 shared/util/change-notes/released/0.1.4.md create mode 100644 shared/yaml/change-notes/released/0.1.4.md delete mode 100644 swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md rename swift/ql/lib/change-notes/{2023-08-04-closure-models.md => released/0.2.4.md} (50%) rename swift/ql/src/change-notes/{2023-08-23-incomplete-hostname-regex.md => released/0.2.4.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 2bdc935dfac..58c1d800b3d 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. + ## 0.9.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 4baf9b770d6..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md b/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md deleted file mode 100644 index f3f3a59e8f0..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md b/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md deleted file mode 100644 index b9bb1fada5b..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md b/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md deleted file mode 100644 index 2b8817c8d2b..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.9.2.md b/cpp/ql/lib/change-notes/released/0.9.2.md new file mode 100644 index 00000000000..93b36c8e40a --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.9.2.md @@ -0,0 +1,14 @@ +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 6789dcd18b7..e1eda519435 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 1a8ab0be7bb..6c56393b656 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.2-dev +version: 0.9.2 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index f3d5cd46f66..6edc055a334 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. + ## 0.7.3 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md b/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md deleted file mode 100644 index d8207a75604..00000000000 --- a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. diff --git a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 74b8e6910da..00000000000 --- a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. diff --git a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md b/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md deleted file mode 100644 index f4dcc011a29..00000000000 --- a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md b/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md deleted file mode 100644 index 8872ba413fb..00000000000 --- a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. diff --git a/cpp/ql/src/change-notes/released/0.7.4.md b/cpp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..bdec41d4f69 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,11 @@ +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index fd076044593..0fe920a9439 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.4-dev +version: 0.7.4 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 887b20471da..e17f85e34d1 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 5719e05afcf..c60da3557a0 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.4-dev +version: 1.6.4 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 887b20471da..e17f85e34d1 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 2a3524ece6d..22e9e2f575b 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.4-dev +version: 1.6.4 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index c96f22b5aa8..b16907bd011 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. + ## 0.7.3 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md b/csharp/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md rename to csharp/ql/lib/change-notes/released/0.7.4.md index 47da98538af..9665706305a 100644 --- a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md +++ b/csharp/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `--nostdlib` extractor option for the standalone extractor has been removed. \ No newline at end of file +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index ba47a23065f..6bc467079d9 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.4-dev +version: 0.7.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0d165e05a25..0326272c6d8 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.4 + +No user-facing changes. + ## 0.7.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.7.4.md b/csharp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..1b33df9cb1e --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,3 @@ +## 0.7.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index a9d4c81c0f1..857555c05d8 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.4-dev +version: 0.7.4 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index fb9e1f49e54..136789c4419 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md b/go/ql/lib/change-notes/released/0.6.4.md similarity index 54% rename from go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md rename to go/ql/lib/change-notes/released/0.6.4.md index 2f1f5037390..6c561f82177 100644 --- a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md +++ b/go/ql/lib/change-notes/released/0.6.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. \ No newline at end of file +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b7dafe32c5d..ced8cf94614 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index d3765da2f89..6fa1f846bdd 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.4-dev +version: 0.6.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index cfe3163c6e9..7e8335b6aff 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.4 + +No user-facing changes. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.6.4.md b/go/ql/src/change-notes/released/0.6.4.md new file mode 100644 index 00000000000..7e98b0159fc --- /dev/null +++ b/go/ql/src/change-notes/released/0.6.4.md @@ -0,0 +1,3 @@ +## 0.6.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b7dafe32c5d..ced8cf94614 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index a625c40a9c8..cd538178553 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.4-dev +version: 0.6.4 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md new file mode 100644 index 00000000000..af7864fc7d5 --- /dev/null +++ b/java/ql/automodel/src/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.3.md b/java/ql/automodel/src/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..af7864fc7d5 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.3.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 851dbe69e82..514ab9d0896 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.3-dev +version: 0.0.3 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 42a5c07e826..eaec0383f13 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. +* The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. + ## 0.7.3 ### Major Analysis Improvements diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md b/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md deleted file mode 100644 index 8b34698758b..00000000000 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more dataflow models for JAX-RS. diff --git a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md b/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md deleted file mode 100644 index ca183d5d065..00000000000 --- a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new sanitizer to Java command injection model \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md b/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md deleted file mode 100644 index 0a804f1866f..00000000000 --- a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed the MaD signature specifications to use proper nested type names. diff --git a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md b/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md deleted file mode 100644 index ee878bb11af..00000000000 --- a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.10 are now supported. diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md b/java/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md rename to java/ql/lib/change-notes/released/0.7.4.md index be19599c865..78491df85eb 100644 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md +++ b/java/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. * The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e708ee160f2..f4c8b284176 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.4-dev +version: 0.7.4 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 4c5b963ada7..76cd01f48eb 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.4 + +### New Queries + +* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. + +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. + ## 0.7.3 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md b/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md deleted file mode 100644 index 6f062a63e81..00000000000 --- a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md b/java/ql/src/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md rename to java/ql/src/change-notes/released/0.7.4.md index 802e367bf10..c214e52bd23 100644 --- a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md +++ b/java/ql/src/change-notes/released/0.7.4.md @@ -1,5 +1,9 @@ ---- -category: newQuery ---- +## 0.7.4 + +### New Queries + * Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index b2a297894fa..8fadb6cf148 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.4-dev +version: 0.7.4 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index ad0301e9c7b..13a56f3dcda 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### Major Analysis Improvements + +* Added support for TypeScript 5.2. + ## 0.7.3 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md b/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md deleted file mode 100644 index 2aa36cac278..00000000000 --- a/javascript/ql/lib/change-notes/2023-06-30-typescript-5-2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for TypeScript 5.2. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/released/0.7.4.md b/javascript/ql/lib/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..7608c571bdf --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.7.4.md @@ -0,0 +1,5 @@ +## 0.7.4 + +### Major Analysis Improvements + +* Added support for TypeScript 5.2. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d65eefd366c..bb8abe793e6 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.4-dev +version: 0.7.4 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d77e565ad90..3cf78549f64 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* Files larger than 10 MB are no longer be extracted or analyzed. +* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. + +### Bug Fixes + +* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. + ## 0.7.3 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md b/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md deleted file mode 100644 index 66769f2b8fa..00000000000 --- a/javascript/ql/src/change-notes/2023-08-23-fix-cyclic-alias-extraction.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. diff --git a/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md b/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md deleted file mode 100644 index fc82b3b5a3f..00000000000 --- a/javascript/ql/src/change-notes/2023-08-23-ignore-huge-files.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Files larger than 10 MB are no longer be extracted or analyzed. diff --git a/javascript/ql/src/change-notes/2023-08-23-import-path-string.md b/javascript/ql/src/change-notes/2023-08-23-import-path-string.md deleted file mode 100644 index 64a70c1fe10..00000000000 --- a/javascript/ql/src/change-notes/2023-08-23-import-path-string.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. diff --git a/javascript/ql/src/change-notes/released/0.7.4.md b/javascript/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..55118b12535 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,10 @@ +## 0.7.4 + +### Minor Analysis Improvements + +* Files larger than 10 MB are no longer be extracted or analyzed. +* Imports can now be resolved in more cases, where a non-constant string expression is passed to a `require()` call. + +### Bug Fixes + +* Fixed an extractor crash that would occur in rare cases when a TypeScript file contains a self-referential namespace alias. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 04ee9ae6135..343d34fce46 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.4-dev +version: 0.7.4 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 0abf0d49317..ab0e65b02b1 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.4 + +No user-facing changes. + ## 0.6.3 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.6.4.md b/misc/suite-helpers/change-notes/released/0.6.4.md new file mode 100644 index 00000000000..7e98b0159fc --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.6.4.md @@ -0,0 +1,3 @@ +## 0.6.4 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b7dafe32c5d..ced8cf94614 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 0c423deb64d..79c9cad4f4e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.4-dev +version: 0.6.4 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index d3b291f4b48..fcef91e98a4 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.10.4 + +### Minor Analysis Improvements + +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. +* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. + ## 0.10.3 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md b/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md deleted file mode 100644 index 71238715831..00000000000 --- a/python/ql/lib/change-notes/2023-07-20-shlex-quote-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md b/python/ql/lib/change-notes/released/0.10.4.md similarity index 52% rename from python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md rename to python/ql/lib/change-notes/released/0.10.4.md index 2d676227491..7f93237c621 100644 --- a/python/ql/lib/change-notes/2023-07-20-regex-parse-modes.md +++ b/python/ql/lib/change-notes/released/0.10.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.10.4 + +### Minor Analysis Improvements + * Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. +* Added `shlex.quote` as a sanitizer for the `py/shell-command-constructed-from-input` query. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index c6c21ef7d6c..0e1088e51a9 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.3 +lastReleaseVersion: 0.10.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index cac5d51e2e4..bb4f49e84e8 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.4-dev +version: 0.10.4 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index d8bc409ff86..2cd732792f6 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.4 + +### Minor Analysis Improvements + +* Improved _Reflected server-side cross-site scripting_ (`py/reflective-xss`) query to not alert on data passed to `flask.jsonify`. Since these HTTP responses are returned with mime-type `application/json`, they do not pose a security risk for XSS. +* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. + ## 0.8.3 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-08-17-improved-path-graph.md b/python/ql/src/change-notes/2023-08-17-improved-path-graph.md deleted file mode 100644 index a2545d362e9..00000000000 --- a/python/ql/src/change-notes/2023-08-17-improved-path-graph.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. diff --git a/python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md b/python/ql/src/change-notes/released/0.8.4.md similarity index 56% rename from python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md rename to python/ql/src/change-notes/released/0.8.4.md index 8268f296606..223f2a83361 100644 --- a/python/ql/src/change-notes/2023-08-29-fixed-jsonify-xss-fp.md +++ b/python/ql/src/change-notes/released/0.8.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.8.4 + +### Minor Analysis Improvements + * Improved _Reflected server-side cross-site scripting_ (`py/reflective-xss`) query to not alert on data passed to `flask.jsonify`. Since these HTTP responses are returned with mime-type `application/json`, they do not pose a security risk for XSS. +* Updated path explanations for `@kind path-problem` queries to always include left hand side of assignments, making paths easier to understand. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index b6e46394f37..32eff3dc9f3 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.3 +lastReleaseVersion: 0.8.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index f7ff3ff2348..37fb0ca7969 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.4-dev +version: 0.8.4 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index ae92859730f..c9c03626ec3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.4 + +No user-facing changes. + ## 0.7.3 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/0.7.4.md b/ruby/ql/lib/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..1b33df9cb1e --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.7.4.md @@ -0,0 +1,3 @@ +## 0.7.4 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index e50377dfb13..7f512644e8d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.4-dev +version: 0.7.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 9e85e2317d3..2bc373cd332 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.4 + +### New Queries + +* Added a new experimental query, `rb/improper-ldap-auth`, to detect cases where user input is used during LDAP authentication without proper validation or sanitization, potentially leading to authentication bypass. + ## 0.7.3 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md b/ruby/ql/src/change-notes/released/0.7.4.md similarity index 88% rename from ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md rename to ruby/ql/src/change-notes/released/0.7.4.md index 13c5a89c808..228683b8a68 100644 --- a/ruby/ql/src/change-notes/2023-05-29-improper-ldap-auth-query.md +++ b/ruby/ql/src/change-notes/released/0.7.4.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.7.4 + +### New Queries + * Added a new experimental query, `rb/improper-ldap-auth`, to detect cases where user input is used during LDAP authentication without proper validation or sanitization, potentially leading to authentication bypass. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index a4ea9c8de17..e388f34b4ec 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.7.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 441effac827..92a6a245e19 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.4-dev +version: 0.7.4 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index aab63b11f75..b6f5cd028e2 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.3 + +No user-facing changes. + ## 0.0.2 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.0.3.md b/shared/controlflow/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..af7864fc7d5 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.0.3.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 55dc06fbd76..a24b693d1e7 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.2 +lastReleaseVersion: 0.0.3 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 90520957d85..08806425df6 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.0.3-dev +version: 0.0.3 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 1a5f4d38663..7ab03105cb7 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.0.3 + +### New Features + +* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. + +### Minor Analysis Improvements + +* The shared taint-tracking library is now part of the dataflow qlpack. + ## 0.0.2 ### Major Analysis Improvements diff --git a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md deleted file mode 100644 index 000d7ea265c..00000000000 --- a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The shared taint-tracking library is now part of the dataflow qlpack. diff --git a/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md b/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md deleted file mode 100644 index 4f879df3fd3..00000000000 --- a/shared/dataflow/change-notes/2023-08-24-inline-flow-test.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. diff --git a/shared/dataflow/change-notes/released/0.0.3.md b/shared/dataflow/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..4b6ac03adc1 --- /dev/null +++ b/shared/dataflow/change-notes/released/0.0.3.md @@ -0,0 +1,9 @@ +## 0.0.3 + +### New Features + +* The various inline flow test libraries have been consolidated as a shared library part in the dataflow qlpack. + +### Minor Analysis Improvements + +* The shared taint-tracking library is now part of the dataflow qlpack. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 55dc06fbd76..a24b693d1e7 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.2 +lastReleaseVersion: 0.0.3 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 62a35f1ccc8..0a15dee3ec6 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.0.3-dev +version: 0.0.3 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 4c7b7dd6878..2bfa7916b94 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.1.4.md b/shared/mad/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/mad/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index cf6c9c6ea7d..711f69baef6 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 8cd409f9735..bcf4cdb469c 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.1.4.md b/shared/regex/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/regex/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a30e17c4d96..9ae2aebd903 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 466f3f45326..175ecab1b6e 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.1.4.md b/shared/ssa/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/ssa/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0db56594e86..22ca03d8047 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 0474ebe6865..01c61a97e76 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.1.4.md b/shared/tutorial/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/tutorial/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 4beadd85122..520077ea1d5 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index ee0d1b59186..6a11a27cd0c 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.1.4.md b/shared/typetracking/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/typetracking/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 3505e8f33f1..e50be8d7635 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index a8f556aa029..675cc520f94 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.1.4.md b/shared/typos/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/typos/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index ec757b0242c..2c8585faa48 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index cf58b4ea37c..b42b17238e5 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 No user-facing changes. diff --git a/shared/util/change-notes/released/0.1.4.md b/shared/util/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/util/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 24020172913..75eb3bf288a 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e41dc84c7c8..72ed00d14e3 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.4 + +No user-facing changes. + ## 0.1.3 ### New Features diff --git a/shared/yaml/change-notes/released/0.1.4.md b/shared/yaml/change-notes/released/0.1.4.md new file mode 100644 index 00000000000..a77c429adba --- /dev/null +++ b/shared/yaml/change-notes/released/0.1.4.md @@ -0,0 +1,3 @@ +## 0.1.4 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index b79d8f9d00a..e8ee3af8ef9 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.3 +lastReleaseVersion: 0.1.4 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 58627ae3db8..e68ccfec57d 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.4-dev +version: 0.1.4 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index ad443f621cb..b59991858c6 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.2.4 + +### Minor Analysis Improvements + +* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. +* Added flow models of collection `.withContiguous[Mutable]StorageIfAvailable`, `.withUnsafe[Mutable]BufferPointer` and `.withUnsafe[Mutable]Bytes` methods. + ## 0.2.3 ### Major Analysis Improvements diff --git a/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md b/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md deleted file mode 100644 index 9e2d3bd0e25..00000000000 --- a/swift/ql/lib/change-notes/2023-08-21-keypath-optionals.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. diff --git a/swift/ql/lib/change-notes/2023-08-04-closure-models.md b/swift/ql/lib/change-notes/released/0.2.4.md similarity index 50% rename from swift/ql/lib/change-notes/2023-08-04-closure-models.md rename to swift/ql/lib/change-notes/released/0.2.4.md index ba655f59774..b7e6c5dcc0f 100644 --- a/swift/ql/lib/change-notes/2023-08-04-closure-models.md +++ b/swift/ql/lib/change-notes/released/0.2.4.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.2.4 +### Minor Analysis Improvements + +* Flow through optional chaining and forced unwrapping in keypaths is now supported by the data flow library. * Added flow models of collection `.withContiguous[Mutable]StorageIfAvailable`, `.withUnsafe[Mutable]BufferPointer` and `.withUnsafe[Mutable]Bytes` methods. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 0b605901b42..7f1e3841dcd 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index cd9b209ffae..b079f1b600d 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.4-dev +version: 0.2.4 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 71fec278599..7f1e54070bc 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.4 + +### New Queries + +* Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that may match more hostnames than expected. + ## 0.2.3 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md b/swift/ql/src/change-notes/released/0.2.4.md similarity index 88% rename from swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md rename to swift/ql/src/change-notes/released/0.2.4.md index d70dfce16f7..12170e4fdf6 100644 --- a/swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md +++ b/swift/ql/src/change-notes/released/0.2.4.md @@ -1,5 +1,5 @@ ---- -category: newQuery ---- +## 0.2.4 + +### New Queries * Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that may match more hostnames than expected. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 0b605901b42..7f1e3841dcd 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 87c3fb14701..96c455c5ce8 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.4-dev +version: 0.2.4 groups: - swift - queries