Release preparation for version 2.8.4

2026-04-30 11:15:13 +02:00 · 2022-03-21 13:25:49 +00:00
parent c891c53835
commit dedc8c2254
90 changed files with 327 additions and 184 deletions
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 0.0.12
+
+### Breaking Changes
+
+* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
+
+### Deprecated APIs
+
+* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### New Features
+
+* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
+
+### Minor Analysis Improvements
+
+* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
+* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.
+* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.
+
 ## 0.0.11

 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
+++ b/ruby/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
@@ -1,5 +0,0 @@
---
-category: deprecated
---
-* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
-  The old name still exists as a deprecated alias.
--- a/ruby/ql/lib/change-notes/2022-02-28-orm-write-access.md
+++ b/ruby/ql/lib/change-notes/2022-02-28-orm-write-access.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.
--- a/ruby/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
+++ b/ruby/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
--- a/ruby/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
+++ b/ruby/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
--- a/ruby/ql/lib/change-notes/2022-03-16-string-escape-sequences.md
+++ b/ruby/ql/lib/change-notes/2022-03-16-string-escape-sequences.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
-* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.
--- a/ruby/ql/lib/change-notes/released/0.0.12.md
+++ b/ruby/ql/lib/change-notes/released/0.0.12.md
@@ -0,0 +1,20 @@
+## 0.0.12
+
+### Breaking Changes
+
+* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
+
+### Deprecated APIs
+
+* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### New Features
+
+* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
+
+### Minor Analysis Improvements
+
+* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
+* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.
+* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.11
+lastReleaseVersion: 0.0.12
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.0.12-dev
+version: 0.0.12
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.0.12
+
+### New Queries
+
+* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.
+* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.
+
 ## 0.0.11

 ## 0.0.10
--- a/ruby/ql/src/change-notes/2022-02-10-incomplete-hostname-regexp.md
+++ b/ruby/ql/src/change-notes/2022-02-10-incomplete-hostname-regexp.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.
--- a/ruby/ql/src/change-notes/2022-03-05-rb-clear-text-storage-sensitive-data.md
+++ b/ruby/ql/src/change-notes/2022-03-05-rb-clear-text-storage-sensitive-data.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.
--- a/ruby/ql/src/change-notes/released/0.0.12.md
+++ b/ruby/ql/src/change-notes/released/0.0.12.md
@@ -0,0 +1,6 @@
+## 0.0.12
+
+### New Queries
+
+* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.
+* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.11
+lastReleaseVersion: 0.0.12
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.0.12-dev
+version: 0.0.12
 groups: 
  - ruby
  - queries