Release preparation for version 2.21.1

2025-12-16 16:53:25 +01:00 · 2025-04-14 09:53:06 +00:00
parent 884c4a6e7b
commit b961c5961d
170 changed files with 424 additions and 167 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.4.7
 No user-facing changes.
 ## 0.4.6
 ### Bug Fixes
--- a/actions/ql/lib/change-notes/released/0.4.7.md
+++ b/actions/ql/lib/change-notes/released/0.4.7.md
@@ -0,0 +1,3 @@
 ## 0.4.7
 No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.6
+lastReleaseVersion: 0.4.7
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.7-dev
+version: 0.4.7
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.5.4
 ### Bug Fixes
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
 ## 0.5.3
 ### Bug Fixes
--- a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
+++ b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
@@ -1,4 +1,5 @@
---
+## 0.5.4
-category: fix
+
---
+### Bug Fixes
-* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
+
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.5.4-dev
+version: 0.5.4
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 4.2.0
 ### New Features
 * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
 * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
 ## 4.1.0
 ### New Features
--- a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
+++ b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
@@ -1,5 +1,6 @@
---
+## 4.2.0
-category: feature
+
---
+### New Features
 * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
 * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.2.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.1.1-dev
+version: 4.2.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.3.8
 No user-facing changes.
 ## 1.3.7
 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/released/1.3.8.md
+++ b/cpp/ql/src/change-notes/released/1.3.8.md
@@ -0,0 +1,3 @@
 ## 1.3.8
 No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.7
+lastReleaseVersion: 1.3.8
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.8-dev
+version: 1.3.8
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.38
 No user-facing changes.
 ## 1.7.37
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
@@ -0,0 +1,3 @@
 ## 1.7.38
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.37
+lastReleaseVersion: 1.7.38
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.38-dev
+version: 1.7.38
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.38
 No user-facing changes.
 ## 1.7.37
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md
@@ -0,0 +1,3 @@
 ## 1.7.38
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.37
+lastReleaseVersion: 1.7.38
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.38-dev
+version: 1.7.38
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 5.1.4
 ### Minor Analysis Improvements
 * The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`.
 * Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
 ## 5.1.3
 ### Minor Analysis Improvements
--- a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md
+++ b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
--- a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md
+++ b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md
@@ -1,4 +1,6 @@
---
+## 5.1.4
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`.
 * Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.3
+lastReleaseVersion: 5.1.4
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.4-dev
+version: 5.1.4
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 1.1.1
 ### Minor Analysis Improvements
 * Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query.
 * The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
 ## 1.1.0
 ### New Queries
--- a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md
+++ b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
--- a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md
+++ b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md
@@ -1,4 +1,6 @@
---
+## 1.1.1
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query.
 * The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.1.1-dev
+version: 1.1.1
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.21
 No user-facing changes.
 ## 1.0.20
 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.21.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.21.md
@@ -0,0 +1,3 @@
 ## 1.0.21
 No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.20
+lastReleaseVersion: 1.0.21
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.21-dev
+version: 1.0.21
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 4.2.3
 ### Minor Analysis Improvements
 * Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`.
 ## 4.2.2
 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md
+++ b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md
@@ -1,4 +1,5 @@
---
+## 4.2.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.2
+lastReleaseVersion: 4.2.3
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.3-dev
+version: 4.2.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.1.12
 No user-facing changes.
 ## 1.1.11
 ### Minor Analysis Improvements
--- a/go/ql/src/change-notes/released/1.1.12.md
+++ b/go/ql/src/change-notes/released/1.1.12.md
@@ -0,0 +1,3 @@
 ## 1.1.12
 No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.11
+lastReleaseVersion: 1.1.12
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.12-dev
+version: 1.1.12
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 7.1.3
 ### Minor Analysis Improvements
 * Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
 * All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
 ## 7.1.2
 ### Minor Analysis Improvements
--- a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md
+++ b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
--- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md
+++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md
@@ -1,4 +1,6 @@
---
+## 7.1.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
 * All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.2
+lastReleaseVersion: 7.1.3
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.1.3-dev
+version: 7.1.3
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.4.1
 No user-facing changes.
 ## 1.4.0
 ### New Queries
--- a/java/ql/src/change-notes/released/1.4.1.md
+++ b/java/ql/src/change-notes/released/1.4.1.md
@@ -0,0 +1,3 @@
 ## 1.4.1
 No user-facing changes.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.4.1-dev
+version: 1.4.1
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
 ## 2.6.1
 ### Minor Analysis Improvements
 * Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
 * Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
 * Added support for the `make-dir` package.
 * Added support for the `open` package.
 * Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
 * Improved detection of `WebSocket` and `SockJS` usage.
 * Added data received from `WebSocket` clients as a remote flow source.
 * Added support for additional `mkdirp` methods as sinks in path-injection queries.
 * Added support for additional `rimraf` methods as sinks in path-injection queries.
 ## 2.6.0
 ### New Features
--- a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md
+++ b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added support for additional `mkdirp` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md
+++ b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added support for additional `rimraf` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/change-notes/2025-04-07-open-package.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-open-package.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added support for the `open` package.
--- a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
--- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Improved detection of `WebSocket` and `SockJS` usage.
 * Added data received from `WebSocket` clients as a remote flow source.
--- a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md
+++ b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added support for the `make-dir` package.
--- a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md
+++ b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
 * Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
--- a/javascript/ql/lib/change-notes/released/2.6.1.md
+++ b/javascript/ql/lib/change-notes/released/2.6.1.md
@@ -0,0 +1,13 @@
 ## 2.6.1
 ### Minor Analysis Improvements
 * Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
 * Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
 * Added support for the `make-dir` package.
 * Added support for the `open` package.
 * Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
 * Improved detection of `WebSocket` and `SockJS` usage.
 * Added data received from `WebSocket` clients as a remote flow source.
 * Added support for additional `mkdirp` methods as sinks in path-injection queries.
 * Added support for additional `rimraf` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.0
+lastReleaseVersion: 2.6.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.1-dev
+version: 2.6.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,14 @@
 ## 1.5.3
 ### Minor Analysis Improvements
 * Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
 * Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
 ### Bug Fixes
 * Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
 ## 1.5.2
 ### Bug Fixes
--- a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md
+++ b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
--- a/javascript/ql/src/change-notes/2025-04-09-web-response.md
+++ b/javascript/ql/src/change-notes/2025-04-09-web-response.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
--- a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md
+++ b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md
@@ -1,4 +0,0 @@
 ---
 category: fix
 ---
 * Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
--- a/javascript/ql/src/change-notes/released/1.5.3.md
+++ b/javascript/ql/src/change-notes/released/1.5.3.md
@@ -0,0 +1,10 @@
 ## 1.5.3
 ### Minor Analysis Improvements
 * Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
 * Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
 ### Bug Fixes
 * Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.5.3
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.5.3-dev
+version: 1.5.3
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.21
 No user-facing changes.
 ## 1.0.20
 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.21.md
+++ b/misc/suite-helpers/change-notes/released/1.0.21.md
@@ -0,0 +1,3 @@
 ## 1.0.21
 No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.20
+lastReleaseVersion: 1.0.21
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.21-dev
+version: 1.0.21
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 4.0.5
 No user-facing changes.
 ## 4.0.4
 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/released/4.0.5.md
+++ b/python/ql/lib/change-notes/released/4.0.5.md
@@ -0,0 +1,3 @@
 ## 4.0.5
 No user-facing changes.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.4
+lastReleaseVersion: 4.0.5
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.5-dev
+version: 4.0.5
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.4.7
 ### Minor Analysis Improvements
 - The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives.
 ## 1.4.6
 ### Minor Analysis Improvements
--- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md
+++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md
@@ -1,5 +1,5 @@
---
+## 1.4.7
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 - The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.6
+lastReleaseVersion: 1.4.7
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.4.7-dev
+version: 1.4.7
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 4.1.4
 ### Minor Analysis Improvements
 * Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`.
 ## 4.1.3
 No user-facing changes.
--- a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md
+++ b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md
@@ -1,4 +1,5 @@
---
+## 4.1.4
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.3
+lastReleaseVersion: 4.1.4
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 4.1.4-dev
+version: 4.1.4
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
 ## 1.2.0
 ### Major Analysis Improvements
 * The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
 * The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file.
 ## 1.1.15
 No user-facing changes.
--- a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md
+++ b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md
@@ -1,4 +0,0 @@
 ---
 category: majorAnalysis
 ---
 * The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
--- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md
+++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md
@@ -1,4 +1,6 @@
---
+## 1.2.0
-category: majorAnalysis
+
---
+### Major Analysis Improvements
 * The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
 * The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.15
+lastReleaseVersion: 1.2.0
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.1.16-dev
+version: 1.2.0
 groups:
  - ruby
  - queries
--- a/rust/ql/lib/CHANGELOG.md
+++ b/rust/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.1.6
 No user-facing changes.
 ## 0.1.5
 No user-facing changes.
--- a/rust/ql/lib/change-notes/released/0.1.6.md
+++ b/rust/ql/lib/change-notes/released/0.1.6.md
@@ -0,0 +1,3 @@
 ## 0.1.6
 No user-facing changes.
--- a/rust/ql/lib/codeql-pack.release.yml
+++ b/rust/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.5
+lastReleaseVersion: 0.1.6
--- a/rust/ql/lib/qlpack.yml
+++ b/rust/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.1.6-dev
+version: 0.1.6
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme
--- a/rust/ql/src/CHANGELOG.md
+++ b/rust/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.1.6
 No user-facing changes.
 ## 0.1.5
 No user-facing changes.
--- a/rust/ql/src/change-notes/released/0.1.6.md
+++ b/rust/ql/src/change-notes/released/0.1.6.md
@@ -0,0 +1,3 @@
 ## 0.1.6
 No user-facing changes.
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 0.4.6`	`lastReleaseVersion: 0.4.7`