Release preparation for version 2.12.0

2025-12-21 19:26:31 +01:00 · 2023-01-05 16:32:14 +00:00
parent f58ec799dd
commit b6a8193785
163 changed files with 521 additions and 377 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 0.5.0
+
+### Breaking Changes
+
+The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
+
+### Deprecated APIs
+
+* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
+* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
+* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
+
+### Minor Analysis Improvements
+
+* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.
+* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
+* The `getaddrinfo` function is now recognized as a flow source.
+* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
+* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
+* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.
+
 ## 0.4.6

 No user-facing changes.
--- a/cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md
+++ b/cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md
@@ -1,6 +0,0 @@
---
-category: deprecated
---
-
-
-* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
--- a/cpp/ql/lib/change-notes/2022-11-16-must-flow.md
+++ b/cpp/ql/lib/change-notes/2022-11-16-must-flow.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
--- a/cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md
+++ b/cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.
--- a/cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md
+++ b/cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md
@@ -1,6 +0,0 @@
---
-category: deprecated
---
-
-* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
-* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
--- a/cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `getaddrinfo` function is now recognized as a flow source.
--- a/cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
--- a/cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
--- a/cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md
+++ b/cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
--- a/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md
+++ b/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.
--- a/cpp/ql/lib/change-notes/released/0.5.0.md
+++ b/cpp/ql/lib/change-notes/released/0.5.0.md
@@ -0,0 +1,20 @@
+## 0.5.0
+
+### Breaking Changes
+
+The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
+
+### Deprecated APIs
+
+* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
+* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
+* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
+
+### Minor Analysis Improvements
+
+* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.
+* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
+* The `getaddrinfo` function is now recognized as a flow source.
+* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
+* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
+* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.6
+lastReleaseVersion: 0.5.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.5.0-dev
+version: 0.5.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.5.0
+
+### Minor Analysis Improvements
+
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
+* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.
+
 ## 0.4.6

 No user-facing changes.
--- a/cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md
+++ b/cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.
--- a/cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md
+++ b/cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.5.0
+
+### Minor Analysis Improvements
+
 * The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
+* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.6
+lastReleaseVersion: 0.5.0
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.5.0-dev
+version: 0.5.0
 groups: 
  - cpp
  - queries