Merge branch 'main' of github.com:github/codeql into python-api-enhancements

python/change-notes/2021-02-02-port-weak-crypto-key-query.md

@@ -0,0 +1,3 @@
+lgtm,codescanning
+* Updated _Use of weak cryptographic key_ (`py/weak-crypto-key`) query to use the new type-tracking approach instead of points-to analysis. You may see differences in the results found by the query, but overall this change should result in a more robust and accurate analysis.
+* Renamed the query file for _Use of weak cryptographic key_ (`py/weak-crypto-key`) from `WeakCrypto.ql` to `WeakCryptoKey.ql` (in the `python/ql/src/Security/CWE-326/` folder). This will affect any custom query suites that include or exclude this query using its path.

python/change-notes/2021-03-18-yaml-handle-C-based-loaders.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improved modeling of the `PyYAML` PyPI package, so we now correctly treat `CSafeLoader` and `CBaseLoader` as being safe loaders that can not lead to code execution.

python/change-notes/2021-03-22-getacall-callcfgnode.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The `API::Node::getACall` method now has the more specific return type `DataFlow::CallCfgNode`, which improves the ease of use when working with calls to API functions.

python/change-notes/2021-03-23-django-forms-fields-classes.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improved modeling of `django` to recognize sources of remote user input (`RemoteFlowSource`) in Django forms (`django.forms.Form`) and fields (`django.forms.Field`) subclasses.

python/change-notes/2021-03-25-remove-legacy.md

@@ -0,0 +1,3 @@
+lgtm,codescanning
+* The legacy code duplication library has been removed.
+* Legacy filter queries have been removed.