Release preparation for version 2.21.1

2025-12-16 16:53:25 +01:00 · 2025-04-14 09:53:06 +00:00
parent 884c4a6e7b
commit b961c5961d
170 changed files with 424 additions and 167 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.7
+
+No user-facing changes.
+
 ## 0.4.6

 ### Bug Fixes
--- a/actions/ql/lib/change-notes/released/0.4.7.md
+++ b/actions/ql/lib/change-notes/released/0.4.7.md
@@ -0,0 +1,3 @@
+## 0.4.7
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.6
+lastReleaseVersion: 0.4.7
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.7-dev
+version: 0.4.7
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.5.4
+
+### Bug Fixes
+
+* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
+
 ## 0.5.3

 ### Bug Fixes
--- a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
+++ b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
@@ -1,4 +1,5 @@
---
-category: fix
---
+## 0.5.4
+
+### Bug Fixes
+
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.5.4-dev
+version: 0.5.4
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 4.2.0
+
+### New Features
+
+* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
+* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
+
 ## 4.1.0

 ### New Features
--- a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
+++ b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
@@ -1,5 +1,6 @@
---
-category: feature
---
+## 4.2.0
+
+### New Features
+
 * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
 * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.2.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.1.1-dev
+version: 4.2.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.8
+
+No user-facing changes.
+
 ## 1.3.7

 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/released/1.3.8.md
+++ b/cpp/ql/src/change-notes/released/1.3.8.md
@@ -0,0 +1,3 @@
+## 1.3.8
+
+No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.7
+lastReleaseVersion: 1.3.8
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.8-dev
+version: 1.3.8
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.38
+
+No user-facing changes.
+
 ## 1.7.37

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
@@ -0,0 +1,3 @@
+## 1.7.38
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.37
+lastReleaseVersion: 1.7.38
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.38-dev
+version: 1.7.38
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.38
+
+No user-facing changes.
+
 ## 1.7.37

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md
@@ -0,0 +1,3 @@
+## 1.7.38
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.37
+lastReleaseVersion: 1.7.38
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.38-dev
+version: 1.7.38
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 5.1.4
+
+### Minor Analysis Improvements
+
+* The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`.
+* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
+
 ## 5.1.3

 ### Minor Analysis Improvements
--- a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md
+++ b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
--- a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md
+++ b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 5.1.4
+
+### Minor Analysis Improvements
+
 * The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`.
+* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.3
+lastReleaseVersion: 5.1.4
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.4-dev
+version: 5.1.4
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.1.1
+
+### Minor Analysis Improvements
+
+* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query.
+* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
+
 ## 1.1.0

 ### New Queries
--- a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md
+++ b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
--- a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md
+++ b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 1.1.1
+
+### Minor Analysis Improvements
+
 * Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query.
+* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.1.1-dev
+version: 1.1.1
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.21
+
+No user-facing changes.
+
 ## 1.0.20

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.21.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.21.md
@@ -0,0 +1,3 @@
+## 1.0.21
+
+No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.20
+lastReleaseVersion: 1.0.21
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.21-dev
+version: 1.0.21
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 4.2.3
+
+### Minor Analysis Improvements
+
+* Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`.
+
 ## 4.2.2

 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md
+++ b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 4.2.3
+
+### Minor Analysis Improvements
+
 * Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.2
+lastReleaseVersion: 4.2.3
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.3-dev
+version: 4.2.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.1.12
+
+No user-facing changes.
+
 ## 1.1.11

 ### Minor Analysis Improvements
--- a/go/ql/src/change-notes/released/1.1.12.md
+++ b/go/ql/src/change-notes/released/1.1.12.md
@@ -0,0 +1,3 @@
+## 1.1.12
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.11
+lastReleaseVersion: 1.1.12
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.12-dev
+version: 1.1.12
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 7.1.3
+
+### Minor Analysis Improvements
+
+* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
+* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
+
 ## 7.1.2

 ### Minor Analysis Improvements
--- a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md
+++ b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
--- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md
+++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 7.1.3
+
+### Minor Analysis Improvements
+
 * Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
+* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.2
+lastReleaseVersion: 7.1.3
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.1.3-dev
+version: 7.1.3
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.1
+
+No user-facing changes.
+
 ## 1.4.0

 ### New Queries
--- a/java/ql/src/change-notes/released/1.4.1.md
+++ b/java/ql/src/change-notes/released/1.4.1.md
@@ -0,0 +1,3 @@
+## 1.4.1
+
+No user-facing changes.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.4.1-dev
+version: 1.4.1
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 2.6.1
+
+### Minor Analysis Improvements
+
+* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
+* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
+* Added support for the `make-dir` package.
+* Added support for the `open` package.
+* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
+* Improved detection of `WebSocket` and `SockJS` usage.
+* Added data received from `WebSocket` clients as a remote flow source.
+* Added support for additional `mkdirp` methods as sinks in path-injection queries.
+* Added support for additional `rimraf` methods as sinks in path-injection queries.
+
 ## 2.6.0

 ### New Features
--- a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md
+++ b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for additional `mkdirp` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md
+++ b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for additional `rimraf` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/change-notes/2025-04-07-open-package.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-open-package.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for the `open` package.
--- a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
--- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md
+++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved detection of `WebSocket` and `SockJS` usage.
-* Added data received from `WebSocket` clients as a remote flow source.
--- a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md
+++ b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for the `make-dir` package.
--- a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md
+++ b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
-* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
--- a/javascript/ql/lib/change-notes/released/2.6.1.md
+++ b/javascript/ql/lib/change-notes/released/2.6.1.md
@@ -0,0 +1,13 @@
+## 2.6.1
+
+### Minor Analysis Improvements
+
+* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
+* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.
+* Added support for the `make-dir` package.
+* Added support for the `open` package.
+* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`.
+* Improved detection of `WebSocket` and `SockJS` usage.
+* Added data received from `WebSocket` clients as a remote flow source.
+* Added support for additional `mkdirp` methods as sinks in path-injection queries.
+* Added support for additional `rimraf` methods as sinks in path-injection queries.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.0
+lastReleaseVersion: 2.6.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.1-dev
+version: 2.6.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 1.5.3
+
+### Minor Analysis Improvements
+
+* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
+* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
+
+### Bug Fixes
+
+* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
+
 ## 1.5.2

 ### Bug Fixes
--- a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md
+++ b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
--- a/javascript/ql/src/change-notes/2025-04-09-web-response.md
+++ b/javascript/ql/src/change-notes/2025-04-09-web-response.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
--- a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md
+++ b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
--- a/javascript/ql/src/change-notes/released/1.5.3.md
+++ b/javascript/ql/src/change-notes/released/1.5.3.md
@@ -0,0 +1,10 @@
+## 1.5.3
+
+### Minor Analysis Improvements
+
+* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`.
+* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.
+
+### Bug Fixes
+
+* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.5.3
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.5.3-dev
+version: 1.5.3
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.21
+
+No user-facing changes.
+
 ## 1.0.20

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.21.md
+++ b/misc/suite-helpers/change-notes/released/1.0.21.md
@@ -0,0 +1,3 @@
+## 1.0.21
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.20
+lastReleaseVersion: 1.0.21
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.21-dev
+version: 1.0.21
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.0.5
+
+No user-facing changes.
+
 ## 4.0.4

 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/released/4.0.5.md
+++ b/python/ql/lib/change-notes/released/4.0.5.md
@@ -0,0 +1,3 @@
+## 4.0.5
+
+No user-facing changes.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.4
+lastReleaseVersion: 4.0.5
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.5-dev
+version: 4.0.5
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.4.7
+
+### Minor Analysis Improvements
+
+- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives.
+
 ## 1.4.6

 ### Minor Analysis Improvements
--- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md
+++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md
@@ -1,5 +1,5 @@
---
-category: minorAnalysis
---
+## 1.4.7
+
+### Minor Analysis Improvements

 - The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.6
+lastReleaseVersion: 1.4.7
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.4.7-dev
+version: 1.4.7
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 4.1.4
+
+### Minor Analysis Improvements
+
+* Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`.
+
 ## 4.1.3

 No user-facing changes.
--- a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md
+++ b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 4.1.4
+
+### Minor Analysis Improvements
+
 * Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.3
+lastReleaseVersion: 4.1.4
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 4.1.4-dev
+version: 4.1.4
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.2.0
+
+### Major Analysis Improvements
+
+* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
+* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file.
+
 ## 1.1.15

 No user-facing changes.
--- a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md
+++ b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
--- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md
+++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md
@@ -1,4 +1,6 @@
---
-category: majorAnalysis
---
+## 1.2.0
+
+### Major Analysis Improvements
+
+* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives.
 * The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.15
+lastReleaseVersion: 1.2.0
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.1.16-dev
+version: 1.2.0
 groups:
  - ruby
  - queries
--- a/rust/ql/lib/CHANGELOG.md
+++ b/rust/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.6
+
+No user-facing changes.
+
 ## 0.1.5

 No user-facing changes.
--- a/rust/ql/lib/change-notes/released/0.1.6.md
+++ b/rust/ql/lib/change-notes/released/0.1.6.md
@@ -0,0 +1,3 @@
+## 0.1.6
+
+No user-facing changes.
--- a/rust/ql/lib/codeql-pack.release.yml
+++ b/rust/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.5
+lastReleaseVersion: 0.1.6
--- a/rust/ql/lib/qlpack.yml
+++ b/rust/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.1.6-dev
+version: 0.1.6
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme
--- a/rust/ql/src/CHANGELOG.md
+++ b/rust/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.6
+
+No user-facing changes.
+
 ## 0.1.5

 No user-facing changes.
--- a/rust/ql/src/change-notes/released/0.1.6.md
+++ b/rust/ql/src/change-notes/released/0.1.6.md
@@ -0,0 +1,3 @@
+## 0.1.6
+
+No user-facing changes.
--- a/Show More
+++ b/Show More