Merge pull request #13793 from github/post-release-prep/codeql-cli-2.14.1

Post-release preparation for codeql-cli-2.14.1

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 0.8.1
+
+### Deprecated APIs
+
+* The library `semmle.code.cpp.dataflow.DataFlow` has been deprecated. Please use `semmle.code.cpp.dataflow.new.DataFlow` instead.
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `IRGuards` library has improved handling of pointer addition and subtraction operations.
+
 ## 0.8.0
 
 ### New Features

cpp/ql/lib/change-notes/2023-06-29-deprecate-ast-dataflow.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* The library `semmle.code.cpp.dataflow.DataFlow` has been deprecated. Please use `semmle.code.cpp.dataflow.new.DataFlow` instead.

cpp/ql/lib/change-notes/2023-07-07-irguards-compares-pointers.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The `IRGuards` library has improved handling of pointer addition and subtraction operations.

cpp/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

cpp/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md

@@ -1,8 +0,0 @@
----
-category: minorAnalysis
----
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.

cpp/ql/lib/change-notes/released/0.8.1.md

@@ -0,0 +1,19 @@
+## 0.8.1
+
+### Deprecated APIs
+
+* The library `semmle.code.cpp.dataflow.DataFlow` has been deprecated. Please use `semmle.code.cpp.dataflow.new.DataFlow` instead.
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `IRGuards` library has improved handling of pointer addition and subtraction operations.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.8.1-dev
+version: 0.8.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* The `cpp/uninitialized-local` query now excludes uninitialized uses that are explicitly cast to void and are expression statements. As a result, the query will report less false positives.
+
 ## 0.7.0
 
 ### Minor Analysis Improvements

cpp/ql/src/change-notes/released/0.7.1.md

@@ -1,4 +1,5 @@
----
+## 0.7.1
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * The `cpp/uninitialized-local` query now excludes uninitialized uses that are explicitly cast to void and are expression statements. As a result, the query will report less false positives.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: 
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.6.1
+
+No user-facing changes.
+
 ## 1.6.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.1.md

@@ -0,0 +1,3 @@
+## 1.6.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.0
+lastReleaseVersion: 1.6.1

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.6.1-dev
+version: 1.6.2-dev
 groups:
     - csharp
     - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.6.1
+
+No user-facing changes.
+
 ## 1.6.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.1.md

@@ -0,0 +1,3 @@
+## 1.6.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.0
+lastReleaseVersion: 1.6.1

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.6.1-dev
+version: 1.6.2-dev
 groups:
     - csharp
     - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+
 ## 0.7.0
 
 ### Major Analysis Improvements

csharp/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

csharp/ql/lib/change-notes/released/0.7.1.md

@@ -1,6 +1,12 @@
----
+## 0.7.1
-category: minorAnalysis
+
----
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
 * Data flow configurations can now include a predicate `neverSkip(Node node)`
   in order to ensure inclusion of certain nodes in the path explanations. The
   predicate defaults to the end-points of the additional flow steps provided in

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.1
+
+No user-facing changes.
+
 ## 0.7.0
 
 ### New Queries

csharp/ql/src/change-notes/released/0.7.1.md

@@ -0,0 +1,3 @@
+## 0.7.1
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: 
   - csharp
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 0.6.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Parameter nodes now exist for unused parameters as well as used parameters.
+* Add support for v4 of the [Go Micro framework](https://github.com/go-micro/go-micro).
+* Support for the [Bun framework](https://bun.uptrace.dev/) has been added.
+* Support for [gqlgen](https://github.com/99designs/gqlgen) has been added.
+* Support for the [go-pg framework](https://github.com/go-pg/pg) has been improved.
+
 ## 0.6.0
 
 ### Deprecated APIs

go/ql/lib/change-notes/2023-06-28--add-support-for-bun-framework.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Support for the [Bun framework](https://bun.uptrace.dev/) has been added.

go/ql/lib/change-notes/2023-06-28--add-support-for-gqlgen-framework.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Support for [gqlgen](https://github.com/99designs/gqlgen) has been added.

go/ql/lib/change-notes/2023-06-28--improve-support-for-gopg-framework.md

@@ -1,5 +0,0 @@
----
-category: minorAnalysis
----
-* Support for the [go-pg framework](https://github.com/go-pg/pg) has been improved.
-

go/ql/lib/change-notes/2023-06-29-modelling-go-micro.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Add support for v4 of the [Go Micro framework](https://github.com/go-micro/go-micro).

go/ql/lib/change-notes/2023-07-05-parameter-nodes-for-unused-parameters.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Parameter nodes now exist for unused parameters as well as used parameters.

go/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

go/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md

@@ -1,8 +0,0 @@
----
-category: minorAnalysis
----
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.

go/ql/lib/change-notes/released/0.6.1.md

@@ -0,0 +1,19 @@
+## 0.6.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Parameter nodes now exist for unused parameters as well as used parameters.
+* Add support for v4 of the [Go Micro framework](https://github.com/go-micro/go-micro).
+* Support for the [Bun framework](https://bun.uptrace.dev/) has been added.
+* Support for [gqlgen](https://github.com/99designs/gqlgen) has been added.
+* Support for the [go-pg framework](https://github.com/go-pg/pg) has been improved.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.6.1

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.6.1-dev
+version: 0.6.2-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.1
+
+No user-facing changes.
+
 ## 0.6.0
 
 ### Bug Fixes

go/ql/src/change-notes/released/0.6.1.md

@@ -0,0 +1,3 @@
+## 0.6.1
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.6.1

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.6.1-dev
+version: 0.6.2-dev
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,32 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+* A `Class.isFileClass()` predicate, to identify Kotlin file classes, has been added.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Added models for Apache Commons Lang3 `ToStringBuilder.reflectionToString` method.
+* Added support for the Kotlin method `apply`.
+* Added models for the following packages:
+
+  * java.io
+  * java.lang
+  * java.net
+  * java.nio.channels
+  * java.nio.file
+  * java.util.zip
+  * okhttp3
+  * org.gradle.api.file
+  * retrofit2
+
 ## 0.7.0
 
 ### Deprecated APIs

java/ql/lib/change-notes/2023-06-08-new-models.md

@@ -1,14 +0,0 @@
----
-category: minorAnalysis
----
-* Added models for the following packages:
-
-  * java.io
-  * java.lang
-  * java.net
-  * java.nio.channels
-  * java.nio.file
-  * java.util.zip
-  * okhttp3
-  * org.gradle.api.file
-  * retrofit2

java/ql/lib/change-notes/2023-07-10-kotlin-apply.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added support for the Kotlin method `apply`.

java/ql/lib/change-notes/2023-07-11-file-classes.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* A `Class.isFileClass()` predicate, to identify Kotlin file classes, has been added.

java/ql/lib/change-notes/2023-07-12-apache-commons-lang3-tostringbuilder.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added models for Apache Commons Lang3 `ToStringBuilder.reflectionToString` method.

java/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

java/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md

@@ -1,8 +0,0 @@
----
-category: minorAnalysis
----
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.

java/ql/lib/change-notes/released/0.7.1.md

@@ -0,0 +1,28 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+* A `Class.isFileClass()` predicate, to identify Kotlin file classes, has been added.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Added models for Apache Commons Lang3 `ToStringBuilder.reflectionToString` method.
+* Added support for the Kotlin method `apply`.
+* Added models for the following packages:
+
+  * java.io
+  * java.lang
+  * java.net
+  * java.nio.channels
+  * java.nio.file
+  * java.util.zip
+  * okhttp3
+  * org.gradle.api.file
+  * retrofit2

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* The query "Unsafe resource fetching in Android WebView" (`java/android/unsafe-android-webview-fetch`) now recognizes WebViews where `setJavascriptEnabled`, `setAllowFileAccess`, `setAllowUniversalAccessFromFileURLs`, and/or `setAllowFileAccessFromFileURLs` are set inside the function block of the Kotlin `apply` function.
+
 ## 0.7.0
 
 ### Minor Analysis Improvements

java/ql/src/change-notes/released/0.7.1.md

@@ -1,4 +1,5 @@
----
+## 0.7.1
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * The query "Unsafe resource fetching in Android WebView" (`java/android/unsafe-android-webview-fetch`) now recognizes WebViews where `setJavascriptEnabled`, `setAllowFileAccess`, `setAllowUniversalAccessFromFileURLs`, and/or `setAllowFileAccessFromFileURLs` are set inside the function block of the Kotlin `apply` function.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: 
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.1
+
+No user-facing changes.
+
 ## 0.7.0
 
 ### Minor Analysis Improvements

javascript/ql/lib/change-notes/released/0.7.1.md

@@ -0,0 +1,3 @@
+## 0.7.1
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* The `fs/promises` package is now recognised as an alias for `require('fs').promises`.
+* The `js/path-injection` query can now track taint through calls to `path.join()` with a spread argument, such as `path.join(baseDir, ...args)`.
+
 ## 0.7.0
 
 ### Bug Fixes

javascript/ql/src/change-notes/released/0.7.1.md

@@ -1,5 +1,6 @@
----
+## 0.7.1
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * The `fs/promises` package is now recognised as an alias for `require('fs').promises`.
 * The `js/path-injection` query can now track taint through calls to `path.join()` with a spread argument, such as `path.join(baseDir, ...args)`.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: 
   - javascript
   - queries

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.1
+
+No user-facing changes.
+
 ## 0.6.0
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/0.6.1.md

@@ -0,0 +1,3 @@
+## 0.6.1
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.6.1

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 0.6.1-dev
+version: 0.6.2-dev
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 0.10.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Add support for Models as Data for Reflected XSS query
+* Parameters with a default value are now considered a `DefinitionNode`. This improvement was motivated by allowing type-tracking and API graphs to follow flow from such a default value to a use by a captured variable.
+
 ## 0.10.0
 
 ### New Features

python/ql/lib/change-notes/2023-07-07-parameter-default-value-definition-node.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Parameters with a default value are now considered a `DefinitionNode`. This improvement was motivated by allowing type-tracking and API graphs to follow flow from such a default value to a use by a captured variable.

python/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

python/ql/lib/change-notes/2023-07-13-mad-xss.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Add support for Models as Data for Reflected XSS query

python/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md

@@ -1,8 +0,0 @@
----
-category: minorAnalysis
----
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.

python/ql/lib/change-notes/released/0.10.1.md

@@ -0,0 +1,16 @@
+## 0.10.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* Add support for Models as Data for Reflected XSS query
+* Parameters with a default value are now considered a `DefinitionNode`. This improvement was motivated by allowing type-tracking and API graphs to follow flow from such a default value to a use by a captured variable.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.10.0
+lastReleaseVersion: 0.10.1

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.10.1-dev
+version: 0.10.2-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Fixed modeling of `aiohttp.ClientSession` so we properly handle `async with` uses. This can impact results of server-side request forgery queries (`py/full-ssrf`, `py/partial-ssrf`).
+
 ## 0.8.0
 
 ### Bug Fixes

python/ql/src/change-notes/released/0.8.1.md

@@ -1,4 +1,5 @@
----
+## 0.8.1
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * Fixed modeling of `aiohttp.ClientSession` so we properly handle `async with` uses. This can impact results of server-side request forgery queries (`py/full-ssrf`, `py/partial-ssrf`).

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.8.1-dev
+version: 0.8.2-dev
 groups: 
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,28 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Major Analysis Improvements
+
+* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
+  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
+  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
+  are consumed by a library. See the documentation for `API::Node` for details and examples.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.
+
 ## 0.7.0
 
 ### Deprecated APIs

ruby/ql/lib/change-notes/2023-06-28-tracking-on-demand.md

@@ -1,7 +0,0 @@
----
-category: majorAnalysis
----
-* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
-  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
-  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
-  are consumed by a library. See the documentation for `API::Node` for details and examples.

ruby/ql/lib/change-notes/2023-07-05-rack-env-query-params.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.

ruby/ql/lib/change-notes/2023-07-05-rack-response.md

@@ -1,5 +0,0 @@
----
-category: minorAnalysis
----
-* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
-* Calls to `Rack::Utils.parse_query` now propagate taint.

ruby/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md

@@ -1,6 +0,0 @@
----
-category: feature
----
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  

ruby/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md

@@ -1,8 +0,0 @@
----
-category: minorAnalysis
----
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.

ruby/ql/lib/change-notes/released/0.7.1.md

@@ -0,0 +1,24 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Major Analysis Improvements
+
+* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
+  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
+  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
+  are consumed by a library. See the documentation for `API::Node` for details and examples.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.7.1
+
+### New Queries
+
+* Added a new experimental query, `rb/xpath-injection`, to detect cases where XPath statements are constructed from user input in an unsafe manner.
+
+### Minor Analysis Improvements
+
+* Improved resolution of calls performed on an object created with `Proc.new`.
+
 ## 0.7.0
 
 ### Minor Analysis Improvements

ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Improved resolution of calls performed on an object created with `Proc.new`.

ruby/ql/src/change-notes/released/0.7.1.md

@@ -1,4 +1,9 @@
----
+## 0.7.1
-category: newQuery
+
----
+### New Queries
+
 * Added a new experimental query, `rb/xpath-injection`, to detect cases where XPath statements are constructed from user input in an unsafe manner.
+
+### Minor Analysis Improvements
+
+* Improved resolution of calls performed on an object created with `Proc.new`.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: 
   - ruby
   - queries

shared/mad/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.1.1
+
+No user-facing changes.
+
 ## 0.1.0
 
 No user-facing changes.

shared/mad/change-notes/released/0.1.1.md

@@ -0,0 +1,3 @@
+## 0.1.1
+
+No user-facing changes.

shared/mad/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1

shared/mad/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 0.1.1-dev
+version: 0.1.2-dev
 groups: shared
 library: true
 dependencies: