Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass

ruby/ql/src/CHANGELOG.md

@@ -0,0 +1,10 @@
+## 0.0.4
+
+### New Queries
+
+* A new query (`rb/request-forgery`) has been added. The query finds HTTP requests made with user-controlled URLs.
+* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explictly disabled.
+
+### Query Metadata Changes
+
+* The precision of "Hard-coded credentials" (`rb/hardcoded-credentials`) has been decreased from "high" to "medium". This query will no longer be run and displayed by default on Code Scanning and LGTM.

ruby/ql/src/change-notes/released/0.0.4.md

@@ -0,0 +1,10 @@
+## 0.0.4
+
+### New Queries
+
+* A new query (`rb/request-forgery`) has been added. The query finds HTTP requests made with user-controlled URLs.
+* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explictly disabled.
+
+### Query Metadata Changes
+
+* The precision of "Hard-coded credentials" (`rb/hardcoded-credentials`) has been decreased from "high" to "medium". This query will no longer be run and displayed by default on Code Scanning and LGTM.

ruby/ql/src/codeql-pack.release.yml

@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.4

ruby/ql/src/qlpack.yml

@@ -1,5 +1,6 @@
 name: codeql/ruby-queries
-version: 0.0.2
+version: 0.0.5-dev
+groups: ruby
 suites: codeql-suites
 defaultSuiteFile: codeql-suites/ruby-code-scanning.qls
 dependencies: