Release preparation for version 2.14.1

2026-04-26 01:05:15 +02:00 · 2023-07-20 16:32:27 +00:00
parent b21580b71f
commit c936a920b0
143 changed files with 505 additions and 273 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,28 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Major Analysis Improvements
+
+* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
+  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
+  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
+  are consumed by a library. See the documentation for `API::Node` for details and examples.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.
+
 ## 0.7.0

 ### Deprecated APIs
--- a/ruby/ql/lib/change-notes/2023-06-28-tracking-on-demand.md
+++ b/ruby/ql/lib/change-notes/2023-06-28-tracking-on-demand.md
@@ -1,7 +0,0 @@
---
-category: majorAnalysis
---
-* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
-  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
-  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
-  are consumed by a library. See the documentation for `API::Node` for details and examples.
--- a/ruby/ql/lib/change-notes/2023-07-05-rack-env-query-params.md
+++ b/ruby/ql/lib/change-notes/2023-07-05-rack-env-query-params.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.
--- a/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
+++ b/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
-* Calls to `Rack::Utils.parse_query` now propagate taint.
--- a/ruby/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md
+++ b/ruby/ql/lib/change-notes/2023-07-12-default-stateconfigsig-predicates.md
@@ -1,6 +0,0 @@
---
-category: feature
---
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
-  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
-  
--- a/ruby/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md
+++ b/ruby/ql/lib/change-notes/2023-07-19-neverskip-additionalstep.md
@@ -1,8 +0,0 @@
---
-category: minorAnalysis
---
-* Data flow configurations can now include a predicate `neverSkip(Node node)`
-  in order to ensure inclusion of certain nodes in the path explanations. The
-  predicate defaults to the end-points of the additional flow steps provided in
-  the configuration, which means that such steps now always are visible by
-  default in path explanations.
--- a/ruby/ql/lib/change-notes/released/0.7.1.md
+++ b/ruby/ql/lib/change-notes/released/0.7.1.md
@@ -0,0 +1,24 @@
+## 0.7.1
+
+### New Features
+
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
+  Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Major Analysis Improvements
+
+* The API graph library (`codeql.ruby.ApiGraphs`) has been significantly improved, with better support for inheritance,
+  and data-flow nodes can now be converted to API nodes by calling `.track()` or `.backtrack()` on the node.
+  API graphs allow for efficient modelling of how a given value is used by the code base, or how values produced by the code base
+  are consumed by a library. See the documentation for `API::Node` for details and examples.
+
+### Minor Analysis Improvements
+
+* Data flow configurations can now include a predicate `neverSkip(Node node)`
+  in order to ensure inclusion of certain nodes in the path explanations. The
+  predicate defaults to the end-points of the additional flow steps provided in
+  the configuration, which means that such steps now always are visible by
+  default in path explanations.
+* The `'QUERY_STRING'` field of a Rack `env` parameter is now recognized as a source of remote user input.
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.7.1-dev
+version: 0.7.1
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.7.1
+
+### New Queries
+
+* Added a new experimental query, `rb/xpath-injection`, to detect cases where XPath statements are constructed from user input in an unsafe manner.
+
+### Minor Analysis Improvements
+
+* Improved resolution of calls performed on an object created with `Proc.new`.
+
 ## 0.7.0

 ### Minor Analysis Improvements
--- a/ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md
+++ b/ruby/ql/src/change-notes/2023-06-29-api-graph-explicit-proc-lambda.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved resolution of calls performed on an object created with `Proc.new`.
--- a/ruby/ql/src/change-notes/2023-05-11-xpath-injection-query.md
+++ b/ruby/ql/src/change-notes/2023-05-11-xpath-injection-query.md
@@ -1,4 +1,9 @@
---
-category: newQuery
---
+## 0.7.1
+
+### New Queries
+
 * Added a new experimental query, `rb/xpath-injection`, to detect cases where XPath statements are constructed from user input in an unsafe manner.
+
+### Minor Analysis Improvements
+
+* Improved resolution of calls performed on an object created with `Proc.new`.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.7.1-dev
+version: 0.7.1
 groups: 
  - ruby
  - queries