Merge pull request #10075 from erik-krogh/depOld

delete old deprecations
2025-12-24 04:36:35 +01:00 · 2022-08-17 21:21:57 +02:00
parent 78756bdc6a 6b9f01535b
commit e93ff8672c
31 changed files with 39 additions and 1030 deletions
--- a/cpp/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/cpp/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * All deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/StdPair.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/StdPair.qll
@@ -11,12 +11,6 @@ private class StdPair extends ClassTemplateInstantiation {
  StdPair() { this.hasQualifiedName(["std", "bsl"], "pair") }
 }
 /**
 * DEPRECATED: This is now called `StdPair` and is a private part of the
 * library implementation.
 */
 deprecated class StdPairClass = StdPair;
 /**
 * Any of the single-parameter constructors of `std::pair` that takes a reference to an
 * instantiation of `std::pair`. These constructors allow conversion between pair types when the
--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll
@@ -27,13 +27,6 @@ abstract class RemoteFlowSourceFunction extends Function {
  predicate hasSocketInput(FunctionInput input) { none() }
 }
 /**
 * DEPRECATED: Use `RemoteFlowSourceFunction` instead.
 *
 * A library function that returns data that may be read from a network connection.
 */
 deprecated class RemoteFlowFunction = RemoteFlowSourceFunction;
 /**
 * A library function that returns data that is directly controlled by a user.
 */
@@ -44,13 +37,6 @@ abstract class LocalFlowSourceFunction extends Function {
  abstract predicate hasLocalFlowSource(FunctionOutput output, string description);
 }
 /**
 * DEPRECATED: Use `LocalFlowSourceFunction` instead.
 *
 * A library function that returns data that is directly controlled by a user.
 */
 deprecated class LocalFlowFunction = LocalFlowSourceFunction;
 /** A library function that sends data over a network connection. */
 abstract class RemoteFlowSinkFunction extends Function {
  /**
--- a/csharp/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/csharp/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * All deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/csharp/ql/lib/semmle/code/cil/DataFlow.qll
+++ b/csharp/ql/lib/semmle/code/cil/DataFlow.qll
@@ -109,125 +109,6 @@ private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) {
  src = sink.(UnaryBitwiseOperation).getOperand()
 }
 deprecated module DefUse {
  /**
   * A classification of variable references into reads and writes.
   */
  private newtype RefKind =
    Read() or
    Write()
  /**
   * Holds if the `i`th node of basic block `bb` is a reference to `v`,
   * either a read (when `k` is `Read()`) or a write (when `k` is `Write()`).
   */
  private predicate ref(BasicBlock bb, int i, StackVariable v, RefKind k) {
    exists(ReadAccess ra | bb.getNode(i) = ra |
      ra.getTarget() = v and
      k = Read()
    )
    or
    exists(VariableUpdate vu | bb.getNode(i) = vu |
      vu.getVariable() = v and
      k = Write()
    )
  }
  /**
   * Gets the (1-based) rank of the reference to `v` at the `i`th node of
   * basic block `bb`, which has the given reference kind `k`.
   */
  private int refRank(BasicBlock bb, int i, StackVariable v, RefKind k) {
    i = rank[result](int j | ref(bb, j, v, _)) and
    ref(bb, i, v, k)
  }
  /**
   * Holds if stack variable `v` is live at the beginning of basic block `bb`.
   */
  private predicate liveAtEntry(BasicBlock bb, StackVariable v) {
    // The first reference to `v` inside `bb` is a read
    refRank(bb, _, v, Read()) = 1
    or
    // There is no reference to `v` inside `bb`, but `v` is live at entry
    // to a successor basic block of `bb`
    not exists(refRank(bb, _, v, _)) and
    liveAtExit(bb, v)
  }
  /**
   * Holds if stack variable `v` is live at the end of basic block `bb`.
   */
  private predicate liveAtExit(BasicBlock bb, StackVariable v) {
    liveAtEntry(bb.getASuccessor(), v)
  }
  /**
   * Holds if the variable update `vu` reaches rank index `rankix`
   * in its own basic block `bb`.
   */
  private predicate defReachesRank(BasicBlock bb, VariableUpdate vu, int rankix, StackVariable v) {
    exists(int i |
      rankix = refRank(bb, i, v, Write()) and
      vu = bb.getNode(i)
    )
    or
    defReachesRank(bb, vu, rankix - 1, v) and
    rankix = refRank(bb, _, v, Read())
  }
  /**
   * Holds if the variable update `vu` of stack variable `v` reaches the
   * end of a basic block `bb`, at which point it is still live, without
   * crossing another update.
   */
  private predicate defReachesEndOfBlock(BasicBlock bb, VariableUpdate vu, StackVariable v) {
    liveAtExit(bb, v) and
    (
      exists(int last | last = max(refRank(bb, _, v, _)) | defReachesRank(bb, vu, last, v))
      or
      defReachesStartOfBlock(bb, vu, v) and
      not exists(refRank(bb, _, v, Write()))
    )
  }
  pragma[noinline]
  private predicate defReachesStartOfBlock(BasicBlock bb, VariableUpdate vu, StackVariable v) {
    defReachesEndOfBlock(bb.getAPredecessor(), vu, v)
  }
  /**
   * Holds if the variable update `vu` of stack variable `v` reaches `read` in the
   * same basic block without crossing another update of `v`.
   */
  private predicate defReachesReadWithinBlock(StackVariable v, VariableUpdate vu, ReadAccess read) {
    exists(BasicBlock bb, int rankix, int i |
      defReachesRank(bb, vu, rankix, v) and
      rankix = refRank(bb, i, v, Read()) and
      read = bb.getNode(i)
    )
  }
  /** Holds if the variable update `vu` can be used at the read `use`. */
  cached
  deprecated predicate variableUpdateUse(StackVariable target, VariableUpdate vu, ReadAccess use) {
    defReachesReadWithinBlock(target, vu, use)
    or
    exists(BasicBlock bb, int i |
      exists(refRank(bb, i, target, Read())) and
      use = bb.getNode(i) and
      defReachesEndOfBlock(bb.getAPredecessor(), vu, target) and
      not defReachesReadWithinBlock(target, _, use)
    )
  }
  /** Holds if the update `def` can be used at the read `use`. */
  cached
  deprecated predicate defUse(StackVariable target, Expr def, ReadAccess use) {
    exists(VariableUpdate vu | def = vu.getSource() | variableUpdateUse(target, vu, use))
  }
 }
 /** A node that updates a variable. */
 abstract class VariableUpdate extends DataFlowNode {
  /** Gets the value assigned, if any. */
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/CallContext.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/CallContext.qll
@@ -1,96 +0,0 @@
 /**
 * DEPRECATED.
 *
 * Provides classes for data flow call contexts.
 */
 import csharp
 private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
 private import semmle.code.csharp.dispatch.Dispatch
 // Internal representation of call contexts
 cached
 private newtype TCallContext =
  TEmptyCallContext() or
  TArgNonDelegateCallContext(Expr arg) { exists(DispatchCall dc | arg = dc.getArgument(_)) } or
  TArgDelegateCallContext(DelegateCall dc, int i) { exists(dc.getArgument(i)) } or
  TArgFunctionPointerCallContext(FunctionPointerCall fptrc, int i) { exists(fptrc.getArgument(i)) }
 /**
 * DEPRECATED.
 *
 * A call context.
 *
 * A call context records the origin of data flow into callables.
 */
 deprecated class CallContext extends TCallContext {
  /** Gets a textual representation of this call context. */
  string toString() { none() }
  /** Gets the location of this call context, if any. */
  Location getLocation() { none() }
 }
 /** DEPRECATED. An empty call context. */
 deprecated class EmptyCallContext extends CallContext, TEmptyCallContext {
  override string toString() { result = "<empty>" }
  override EmptyLocation getLocation() { any() }
 }
 /**
 * DEPRECATED.
 *
 * An argument call context, that is a call argument through which data flows
 * into a callable.
 */
 abstract deprecated class ArgumentCallContext extends CallContext {
  /**
   * Holds if this call context represents the argument at position `i` of the
   * call expression `call`.
   */
  abstract predicate isArgument(Expr call, int i);
 }
 /** DEPRECATED. An argument of a non-delegate call. */
 deprecated class NonDelegateCallArgumentCallContext extends ArgumentCallContext,
  TArgNonDelegateCallContext {
  Expr arg;
  NonDelegateCallArgumentCallContext() { this = TArgNonDelegateCallContext(arg) }
  override predicate isArgument(Expr call, int i) {
    exists(DispatchCall dc | arg = dc.getArgument(i) | call = dc.getCall())
  }
  override string toString() { result = arg.toString() }
  override Location getLocation() { result = arg.getLocation() }
 }
 /** DEPRECATED. An argument of a delegate or function pointer call. */
 deprecated class DelegateLikeCallArgumentCallContext extends ArgumentCallContext {
  DelegateLikeCall dc;
  int arg;
  DelegateLikeCallArgumentCallContext() {
    this = TArgDelegateCallContext(dc, arg) or this = TArgFunctionPointerCallContext(dc, arg)
  }
  override predicate isArgument(Expr call, int i) {
    call = dc and
    i = arg
  }
  override string toString() { result = dc.getArgument(arg).toString() }
  override Location getLocation() { result = dc.getArgument(arg).getLocation() }
 }
 /** DEPRECATED. An argument of a delegate call. */
 deprecated class DelegateCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
  TArgDelegateCallContext { }
 /** DEPRECATED. An argument of a function pointer call. */
 deprecated class FunctionPointerCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
  TArgFunctionPointerCallContext { }
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DelegateDataFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DelegateDataFlow.qll
@@ -1,285 +0,0 @@
 /**
 * DEPRECATED.
 *
 * INTERNAL: Do not use.
 *
 * Provides classes for resolving delegate calls.
 */
 import csharp
 private import dotnet
 private import semmle.code.csharp.dataflow.CallContext
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
 private import semmle.code.csharp.dataflow.internal.DataFlowPublic
 private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.frameworks.system.linq.Expressions
 /** A source of flow for a delegate or function pointer expression. */
 abstract private class DelegateLikeFlowSource extends DataFlow::ExprNode {
  /** Gets the callable that is referenced in this delegate or function pointer flow source. */
  abstract Callable getCallable();
 }
 /** A source of flow for a delegate expression. */
 private class DelegateFlowSource extends DelegateLikeFlowSource {
  Callable c;
  DelegateFlowSource() {
    this.getExpr() =
      any(Expr e |
        c = e.(AnonymousFunctionExpr) or
        c = e.(CallableAccess).getTarget().getUnboundDeclaration()
      )
  }
  /** Gets the callable that is referenced in this delegate flow source. */
  override Callable getCallable() { result = c }
 }
 /** A source of flow for a function pointer expression. */
 private class FunctionPointerFlowSource extends DelegateLikeFlowSource {
  Callable c;
  FunctionPointerFlowSource() {
    c =
      this.getExpr()
          .(AddressOfExpr)
          .getOperand()
          .(CallableAccess)
          .getTarget()
          .getUnboundDeclaration()
  }
  /** Gets the callable that is referenced in this function pointer flow source. */
  override Callable getCallable() { result = c }
 }
 /** A sink of flow for a delegate or function pointer expression. */
 abstract private class DelegateLikeFlowSink extends DataFlow::Node {
  /**
   * Gets an actual run-time target of this delegate call in the given call
   * context, if any. The call context records the *last* call required to
   * resolve the target, if any. Example:
   *
   * ```csharp
   * public int M(Func<string, int> f, string x) {
   *   return f(x);
   * }
   *
   * void M2() {
   *   M(x => x.Length, y);
   *
   *   M(_ => 42, z);
   *
   *   Func<int, bool> isZero = x => x == 0;
   *   isZero(10);
   * }
   * ```
   *
   * - The call on line 2 can be resolved to either `x => x.Length` (line 6)
   *   or `_ => 42` (line 8) in the call contexts from lines 7 and 8,
   *   respectively.
   * - The call on line 11 can be resolved to `x => x == 0` (line 10) in an
   *   empty call context (the call is locally resolvable).
   *
   * Note that only the *last* call required is taken into account, hence if
   * `M` above is redefined as follows:
   *
   * ```csharp
   * public int M(Func<string, int> f, string x) {
   *   return M2(f, x);
   * }
   *
   * public int M2(Func<string, int> f, string x) {
   *   return f(x);
   * }
   *
   * void M2() {
   *   M(x => x.Length, y);
   *
   *   M(_ => 42, z);
   *
   *   Func<int, bool> isZero = x => x == 0;
   *   isZero(10);
   * }
   * ```
   *
   * then the call context from line 2 is the call context for all
   * possible delegates resolved on line 6.
   */
  cached
  deprecated Callable getARuntimeTarget(CallContext context) {
    exists(DelegateLikeFlowSource dfs |
      flowsFrom(this, dfs, _, context) and
      result = dfs.getCallable()
    )
  }
 }
 /** A delegate or function pointer call expression. */
 deprecated class DelegateLikeCallExpr extends DelegateLikeFlowSink, DataFlow::ExprNode {
  DelegateLikeCall dc;
  DelegateLikeCallExpr() { this.getExpr() = dc.getExpr() }
  /** Gets the delegate or function pointer call that this expression belongs to. */
  DelegateLikeCall getCall() { result = dc }
 }
 /** A delegate expression that is added to an event. */
 deprecated class AddEventSource extends DelegateLikeFlowSink, DataFlow::ExprNode {
  AddEventExpr ae;
  AddEventSource() { this.getExpr() = ae.getRValue() }
  /** Gets the event that this delegate is added to. */
  Event getEvent() { result = ae.getTarget() }
 }
 /** A non-delegate call. */
 private class NonDelegateCall extends Expr {
  private DispatchCall dc;
  NonDelegateCall() { this = dc.getCall() }
  /**
   * Gets a run-time target of this call. A target is always a source
   * declaration, and if the callable has both CIL and source code, only
   * the source code version is returned.
   */
  Callable getARuntimeTarget() { result = getCallableForDataFlow(dc.getADynamicTarget()) }
  /** Gets the `i`th argument of this call. */
  Expr getArgument(int i) { result = dc.getArgument(i) }
 }
 private class NormalReturnNode extends Node {
  NormalReturnNode() { this.(ReturnNode).getKind() instanceof NormalReturnKind }
 }
 /**
 * Holds if data can flow (inter-procedurally) to delegate `sink` from
 * `node`. This predicate searches backwards from `sink` to `node`.
 *
 * The parameter `isReturned` indicates whether the path from `sink` to
 * `node` goes through a returned expression. The call context `lastCall`
 * records the last call on the path from `node` to `sink`, if any.
 */
 deprecated private predicate flowsFrom(
  DelegateLikeFlowSink sink, DataFlow::Node node, boolean isReturned, CallContext lastCall
 ) {
  // Base case
  sink = node and
  isReturned = false and
  lastCall instanceof EmptyCallContext
  or
  // Local flow
  exists(DataFlow::Node mid | flowsFrom(sink, mid, isReturned, lastCall) |
    LocalFlow::localFlowStepCommon(node, mid)
    or
    exists(Ssa::Definition def |
      LocalFlow::localSsaFlowStep(def, node, mid) and
      LocalFlow::usesInstanceField(def)
    )
    or
    node.asExpr() = mid.asExpr().(DelegateCreation).getArgument()
  )
  or
  // Flow through static field or property
  exists(DataFlow::Node mid |
    flowsFrom(sink, mid, _, _) and
    jumpStep(node, mid) and
    isReturned = false and
    lastCall instanceof EmptyCallContext
  )
  or
  // Flow into a callable (non-delegate call)
  exists(ParameterNode mid, CallContext prevLastCall, NonDelegateCall call, Parameter p |
    flowsFrom(sink, mid, isReturned, prevLastCall) and
    isReturned = false and
    p = mid.getParameter() and
    flowIntoNonDelegateCall(call, node.asExpr(), p) and
    lastCall = getLastCall(prevLastCall, call, p.getPosition())
  )
  or
  // Flow into a callable (delegate call)
  exists(
    ParameterNode mid, CallContext prevLastCall, DelegateLikeCall call, Callable c, Parameter p,
    int i
  |
    flowsFrom(sink, mid, isReturned, prevLastCall) and
    isReturned = false and
    flowIntoDelegateCall(call, c, node.asExpr(), i) and
    c.getParameter(i) = p and
    p = mid.getParameter() and
    lastCall = getLastCall(prevLastCall, call, i)
  )
  or
  // Flow out of a callable (non-delegate call).
  exists(DataFlow::ExprNode mid |
    flowsFrom(sink, mid, _, lastCall) and
    isReturned = true and
    flowOutOfNonDelegateCall(mid.getExpr(), node)
  )
  or
  // Flow out of a callable (delegate call).
  exists(DataFlow::ExprNode mid |
    flowsFrom(sink, mid, _, _) and
    isReturned = true and
    flowOutOfDelegateCall(mid.getExpr(), node, lastCall)
  )
 }
 /**
 * Gets the last call when tracking flow into `call`. The context
 * `prevLastCall` is the previous last call, so the result is the
 * previous call if it exists, otherwise `call` is the last call.
 */
 bindingset[call, i]
 deprecated private CallContext getLastCall(CallContext prevLastCall, Expr call, int i) {
  prevLastCall instanceof EmptyCallContext and
  result.(ArgumentCallContext).isArgument(call, i)
  or
  prevLastCall instanceof ArgumentCallContext and
  result = prevLastCall
 }
 pragma[noinline]
 private predicate flowIntoNonDelegateCall(NonDelegateCall call, Expr arg, DotNet::Parameter p) {
  exists(DotNet::Callable callable, int i |
    callable = call.getARuntimeTarget() and
    p = callable.getAParameter() and
    arg = call.getArgument(i) and
    i = p.getPosition()
  )
 }
 pragma[noinline]
 deprecated private predicate flowIntoDelegateCall(DelegateLikeCall call, Callable c, Expr arg, int i) {
  exists(DelegateLikeFlowSource dfs, DelegateLikeCallExpr dce |
    // the call context is irrelevant because the delegate call
    // itself will be the context
    flowsFrom(dce, dfs, _, _) and
    arg = call.getArgument(i) and
    c = dfs.getCallable() and
    call = dce.getCall()
  )
 }
 pragma[noinline]
 private predicate flowOutOfNonDelegateCall(NonDelegateCall call, NormalReturnNode ret) {
  call.getARuntimeTarget() = ret.getEnclosingCallable()
 }
 pragma[noinline]
 deprecated private predicate flowOutOfDelegateCall(
  DelegateLikeCall dc, NormalReturnNode ret, CallContext lastCall
 ) {
  exists(DelegateLikeFlowSource dfs, DelegateLikeCallExpr dce, Callable c |
    flowsFrom(dce, dfs, _, lastCall) and
    ret.getEnclosingCallable() = c and
    c = dfs.getCallable() and
    dc = dce.getCall()
  )
 }
--- a/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll
+++ b/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll
@@ -5,8 +5,6 @@
 */
 import Expr
 import semmle.code.csharp.dataflow.CallContext as CallContext
 private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
 private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
 private import semmle.code.csharp.dispatch.Dispatch
@@ -536,19 +534,6 @@ private class DelegateLikeCall_ = @delegate_invocation_expr or @function_pointer
 class DelegateLikeCall extends Call, DelegateLikeCall_ {
  override Callable getTarget() { none() }
  /**
   * DEPRECATED: Use `getARuntimeTarget/0` instead.
   *
   * Gets a potential run-time target of this delegate or function pointer call in the given
   * call context `cc`.
   */
  deprecated Callable getARuntimeTarget(CallContext::CallContext cc) {
    exists(DelegateLikeCallExpr call |
      this = call.getCall() and
      result = call.getARuntimeTarget(cc)
    )
  }
  /**
   * Gets the delegate or function pointer expression of this call. For example, the
   * delegate expression of `X()` on line 5 is the access to the field `X` in
@@ -589,48 +574,6 @@ class DelegateLikeCall extends Call, DelegateLikeCall_ {
 * ```
 */
 class DelegateCall extends DelegateLikeCall, @delegate_invocation_expr {
  /**
   * DEPRECATED: Use `getARuntimeTarget/0` instead.
   *
   * Gets a potential run-time target of this delegate call in the given
   * call context `cc`.
   */
  deprecated override Callable getARuntimeTarget(CallContext::CallContext cc) {
    result = DelegateLikeCall.super.getARuntimeTarget(cc)
    or
    exists(AddEventSource aes, CallContext::CallContext cc2 |
      aes = this.getAnAddEventSource(_) and
      result = aes.getARuntimeTarget(cc2)
    |
      aes = this.getAnAddEventSourceSameEnclosingCallable() and
      cc = cc2
      or
      // The event is added in another callable, so the call context is not relevant
      aes = this.getAnAddEventSourceDifferentEnclosingCallable() and
      cc instanceof CallContext::EmptyCallContext
    )
  }
  deprecated private AddEventSource getAnAddEventSource(Callable enclosingCallable) {
    this.getExpr().(EventAccess).getTarget() = result.getEvent() and
    enclosingCallable = result.getExpr().getEnclosingCallable()
  }
  deprecated private AddEventSource getAnAddEventSourceSameEnclosingCallable() {
    result = this.getAnAddEventSource(this.getEnclosingCallable())
  }
  deprecated private AddEventSource getAnAddEventSourceDifferentEnclosingCallable() {
    exists(Callable c | result = this.getAnAddEventSource(c) | c != this.getEnclosingCallable())
  }
  /**
   * DEPRECATED: use `getExpr` instead.
   *
   * Gets the delegate expression of this call.
   */
  deprecated Expr getDelegateExpr() { result = this.getExpr() }
  override string toString() { result = "delegate call" }
  override string getAPrimaryQlClass() { result = "DelegateCall" }
--- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
+++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
@@ -1036,9 +1036,6 @@ class TupleExpr extends Expr, @tuple_expr {
  /** Gets an argument of this tuple. */
  Expr getAnArgument() { result = this.getArgument(_) }
  /** Holds if this tuple is a read access. */
  deprecated predicate isReadAccess() { not this = getAnAssignOrForeachChild() }
  /** Holds if this expression is a tuple construction. */
  predicate isConstruction() {
    not this = getAnAssignOrForeachChild() and
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll
@@ -56,16 +56,6 @@ module AliasModels {
     */
    predicate isParameterDeref(ParameterIndex index) { none() }
    /**
     * Holds if this is the input value pointed to by a pointer parameter to a function, or the input
     * value referred to by a reference parameter to a function, where the parameter has index
     * `index`.
     * DEPRECATED: Use `isParameterDeref(index)` instead.
     */
    deprecated final predicate isInParameterPointer(ParameterIndex index) {
      this.isParameterDeref(index)
    }
    /**
     * Holds if this is the input value pointed to by the `this` pointer of an instance member
     * function.
@@ -175,17 +165,7 @@ module AliasModels {
     * - There is no `FunctionOutput` for which `isParameterDeref(0)` holds, because `n` is neither a
     *   pointer nor a reference.
     */
-    predicate isParameterDeref(ParameterIndex i) { none() }
+    predicate isParameterDeref(ParameterIndex index) { none() }
    /**
     * Holds if this is the output value pointed to by a pointer parameter to a function, or the
     * output value referred to by a reference parameter to a function, where the parameter has
     * index `index`.
     * DEPRECATED: Use `isParameterDeref(index)` instead.
     */
    deprecated final predicate isOutParameterPointer(ParameterIndex index) {
      this.isParameterDeref(index)
    }
    /**
     * Holds if this is the output value pointed to by the `this` pointer of an instance member
--- a/go/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/go/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * Most deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -158,8 +158,6 @@ predicate elementStep(DataFlow::Node pred, DataFlow::Node succ) {
  )
 }
 deprecated predicate arrayStep = elementStep/2;
 /** Holds if taint flows from `pred` to `succ` via an extract tuple operation. */
 predicate tupleStep(DataFlow::Node pred, DataFlow::Node succ) {
  succ = DataFlow::extractTupleElement(pred, _)
--- a/javascript/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/javascript/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * Most deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/javascript/ql/lib/semmle/javascript/Collections.qll
+++ b/javascript/ql/lib/semmle/javascript/Collections.qll
@@ -9,118 +9,6 @@ private import semmle.javascript.dataflow.internal.StepSummary
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
 private import DataFlow::PseudoProperties
 /**
 * DEPRECATED. Exists only to support other deprecated elements.
 *
 * Type-tracking now automatically determines the set of pseudo-properties to include
 * ased on which properties are contributed by `SharedTaintStep`s.
 */
 deprecated private class PseudoProperty extends string {
  PseudoProperty() {
    this = [arrayLikeElement(), "1"] or // the "1" is required for the `ForOfStep`.
    this =
      [
        mapValue(any(DataFlow::CallNode c | c.getCalleeName() = "set").getArgument(0)),
        mapValueAll()
      ]
  }
 }
 /**
 * DEPRECATED. Use `SharedFlowStep` or `SharedTaintTrackingStep` instead.
 */
 abstract deprecated class CollectionFlowStep extends DataFlow::AdditionalFlowStep {
  final override predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
  final override predicate step(
    DataFlow::Node p, DataFlow::Node s, DataFlow::FlowLabel pl, DataFlow::FlowLabel sl
  ) {
    none()
  }
  /**
   * Holds if the property `prop` of the object `pred` should be loaded into `succ`.
   */
  predicate load(DataFlow::Node pred, DataFlow::Node succ, PseudoProperty prop) { none() }
  final override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
    this.load(pred, succ, prop)
  }
  /**
   * Holds if `pred` should be stored in the object `succ` under the property `prop`.
   */
  predicate store(DataFlow::Node pred, DataFlow::SourceNode succ, PseudoProperty prop) { none() }
  final override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
    this.store(pred, succ, prop)
  }
  /**
   * Holds if the property `prop` should be copied from the object `pred` to the object `succ`.
   */
  predicate loadStore(DataFlow::Node pred, DataFlow::Node succ, PseudoProperty prop) { none() }
  final override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
    this.loadStore(pred, succ, prop, prop)
  }
  /**
   * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`.
   */
  predicate loadStore(
    DataFlow::Node pred, DataFlow::Node succ, PseudoProperty loadProp, PseudoProperty storeProp
  ) {
    none()
  }
  final override predicate loadStoreStep(
    DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp
  ) {
    this.loadStore(pred, succ, loadProp, storeProp)
  }
 }
 /**
 * DEPRECATED. These steps are now included in the default type tracking steps,
 * in most cases one can simply use those instead.
 */
 deprecated module CollectionsTypeTracking {
  /**
   * Gets the result from a single step through a collection, from `pred` to `result` summarized by `summary`.
   */
  pragma[inline]
  DataFlow::SourceNode collectionStep(DataFlow::Node pred, StepSummary summary) {
    exists(PseudoProperty field |
      summary = LoadStep(field) and
      DataFlow::SharedTypeTrackingStep::loadStep(pred, result, field) and
      not field = mapValueUnknownKey() // prune unknown reads in type-tracking
      or
      summary = StoreStep(field) and
      DataFlow::SharedTypeTrackingStep::storeStep(pred, result, field)
      or
      summary = CopyStep(field) and
      DataFlow::SharedTypeTrackingStep::loadStoreStep(pred, result, field)
      or
      exists(PseudoProperty toField | summary = LoadStoreStep(field, toField) |
        DataFlow::SharedTypeTrackingStep::loadStoreStep(pred, result, field, toField)
      )
    )
  }
  /**
   * Gets the result from a single step through a collection, from `pred` with tracker `t2` to `result` with tracker `t`.
   */
  pragma[inline]
  DataFlow::SourceNode collectionStep(
    DataFlow::SourceNode pred, DataFlow::TypeTracker t, DataFlow::TypeTracker t2
  ) {
    exists(DataFlow::Node mid, StepSummary summary | pred.flowsTo(mid) and t = t2.append(summary) |
      result = collectionStep(mid, summary)
    )
  }
 }
 /**
 * A module for data-flow steps related standard library collection implementations.
 */
--- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
@@ -523,74 +523,6 @@ abstract class LabeledBarrierGuardNode extends BarrierGuardNode {
  override predicate blocks(boolean outcome, Expr e) { none() }
 }
 /**
 * DEPRECATED. Subclasses should extend `SharedFlowStep` instead, unless the subclass
 * is part of a query, in which case it should be moved into the `isAdditionalFlowStep` predicate
 * of the relevant data-flow configuration.
 * Other uses of the predicate in this class should instead reference the predicates in the
 * `SharedFlowStep::` module, such as `SharedFlowStep::step`.
 *
 * A data flow edge that should be added to all data flow configurations in
 * addition to standard data flow edges.
 *
 * Note: For performance reasons, all subclasses of this class should be part
 * of the standard library. Override `Configuration::isAdditionalFlowStep`
 * for analysis-specific flow steps.
 */
 deprecated class AdditionalFlowStep = LegacyAdditionalFlowStep;
 // Internal version of AdditionalFlowStep that we can reference without deprecation warnings.
 abstract private class LegacyAdditionalFlowStep extends DataFlow::Node {
  /**
   * Holds if `pred` &rarr; `succ` should be considered a data flow edge.
   */
  predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
  /**
   * Holds if `pred` &rarr; `succ` should be considered a data flow edge
   * transforming values with label `predlbl` to have label `succlbl`.
   */
  predicate step(
    DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
    DataFlow::FlowLabel succlbl
  ) {
    none()
  }
  /**
   * EXPERIMENTAL. This API may change in the future.
   *
   * Holds if `pred` should be stored in the object `succ` under the property `prop`.
   * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored.
   */
  predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() }
  /**
   * EXPERIMENTAL. This API may change in the future.
   *
   * Holds if the property `prop` of the object `pred` should be loaded into `succ`.
   */
  predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() }
  /**
   * EXPERIMENTAL. This API may change in the future.
   *
   * Holds if the property `prop` should be copied from the object `pred` to the object `succ`.
   */
  predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() }
  /**
   * EXPERIMENTAL. This API may change in the future.
   *
   * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`.
   */
  predicate loadStoreStep(
    DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp
  ) {
    none()
  }
 }
 /**
 * A data flow edge that should be added to all data flow configurations in
 * addition to standard data flow edges.
@@ -713,40 +645,6 @@ module SharedFlowStep {
  }
 }
 /**
 * Contributes subclasses of `AdditionalFlowStep` to `SharedFlowStep`.
 */
 private class AdditionalFlowStepAsSharedStep extends SharedFlowStep {
  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
    any(LegacyAdditionalFlowStep s).step(pred, succ)
  }
  override predicate step(
    DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
    DataFlow::FlowLabel succlbl
  ) {
    any(LegacyAdditionalFlowStep s).step(pred, succ, predlbl, succlbl)
  }
  override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
    any(LegacyAdditionalFlowStep s).storeStep(pred, succ, prop)
  }
  override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
    any(LegacyAdditionalFlowStep s).loadStep(pred, succ, prop)
  }
  override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
    any(LegacyAdditionalFlowStep s).loadStoreStep(pred, succ, prop)
  }
  override predicate loadStoreStep(
    DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp
  ) {
    any(LegacyAdditionalFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp)
  }
 }
 /**
 * A collection of pseudo-properties that are used in multiple files.
 *
--- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
@@ -320,14 +320,6 @@ module TaintTracking {
      any(SharedTaintStep step).heuristicStep(pred, succ)
    }
    /**
     * Holds if `pred -> succ` is an edge contributed by an `AdditionalTaintStep` instance.
     */
    cached
    predicate legacyAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
      any(InternalAdditionalTaintStep step).step(pred, succ)
    }
    /**
     * Public taint step relations.
     */
@@ -441,7 +433,6 @@ module TaintTracking {
   * Holds if `pred -> succ` is an edge used by all taint-tracking configurations.
   */
  predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
    Cached::legacyAdditionalTaintStep(pred, succ) or
    Cached::genericStep(pred, succ) or
    Cached::heuristicStep(pred, succ) or
    uriStep(pred, succ) or
@@ -456,31 +447,6 @@ module TaintTracking {
    promiseStep(pred, succ)
  }
  /**
   * DEPRECATED. Subclasses should extend `SharedTaintStep` instead, unless the subclass
   * is part of a query, in which case it should be moved into the `isAdditionalTaintStep` predicate
   * of the relevant taint-tracking configuration.
   * Other uses of the `step` relation in this class should instead use the `TaintTracking::sharedTaintStep`
   * predicate.
   *
   * A taint-propagating data flow edge that should be added to all taint tracking
   * configurations in addition to standard data flow edges.
   *
   * Note: For performance reasons, all subclasses of this class should be part
   * of the standard library. Override `Configuration::isAdditionalTaintStep`
   * for analysis-specific taint steps.
   */
  deprecated class AdditionalTaintStep = InternalAdditionalTaintStep;
  /** Internal version of `AdditionalTaintStep` that won't trigger deprecation warnings. */
  abstract private class InternalAdditionalTaintStep extends DataFlow::Node {
    /**
     * Holds if `pred` &rarr; `succ` should be considered a taint-propagating
     * data flow edge.
     */
    abstract predicate step(DataFlow::Node pred, DataFlow::Node succ);
  }
  /** Gets a data flow node referring to the client side URL. */
  private DataFlow::SourceNode clientSideUrlRef(DataFlow::TypeTracker t) {
    t.start() and
--- a/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll
@@ -449,58 +449,3 @@ module SharedTypeTrackingStep {
    any(SharedTypeTrackingStep s).withoutPropStep(pred, succ, props)
  }
 }
 /**
 * DEPRECATED. Use `SharedTypeTrackingStep` instead.
 *
 * A data flow edge that should be followed by type tracking.
 *
 * Unlike `AdditionalFlowStep`, this type of edge does not affect
 * the local data flow graph, and is not used by data-flow configurations.
 *
 * Note: For performance reasons, all subclasses of this class should be part
 * of the standard library. For query-specific steps, consider including the
 * custom steps in the type-tracking predicate itself.
 */
 deprecated class AdditionalTypeTrackingStep = LegacyTypeTrackingStep;
 // Internal version of AdditionalTypeTrackingStep that we can reference without deprecation warnings.
 abstract private class LegacyTypeTrackingStep extends DataFlow::Node {
  /**
   * Holds if type-tracking should step from `pred` to `succ`.
   */
  predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
  /**
   * Holds if type-tracking should step from `pred` into the `prop` property of `succ`.
   */
  predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() }
  /**
   * Holds if type-tracking should step from the `prop` property of `pred` to `succ`.
   */
  predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() }
  /**
   * Holds if type-tracking should step from the `prop` property of `pred` to the same property in `succ`.
   */
  predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() }
 }
 private class LegacyStepAsSharedTypeTrackingStep extends SharedTypeTrackingStep {
  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
    any(LegacyTypeTrackingStep s).step(pred, succ)
  }
  override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
    any(LegacyTypeTrackingStep s).storeStep(pred, succ, prop)
  }
  override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
    any(LegacyTypeTrackingStep s).loadStep(pred, succ, prop)
  }
  override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
    any(LegacyTypeTrackingStep s).loadStoreStep(pred, succ, prop)
  }
 }
--- a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
@@ -4,16 +4,6 @@
 import javascript
 /**
 * DEPRECATED. Use `TaintTracking::SharedTaintStep` or `TaintTracking::uriStep` instead.
 *
 * A taint propagating data flow edge arising from an operation in a URI library.
 */
 abstract deprecated class UriLibraryStep extends DataFlow::ValueNode {
  /** Holds if `pred -> succ` is a step through a URI library function. */
  predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
 }
 /** DEPRECATED: Alias for `Urijs` */
 deprecated module urijs = Urijs;
--- a/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll
+++ b/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll
@@ -25,24 +25,6 @@ abstract class SensitiveExpr extends Expr {
  abstract SensitiveDataClassification getClassification();
 }
 /** DEPRECATED: Use `SensitiveDataClassification` and helpers instead. */
 deprecated module SensitiveExpr {
  /** DEPRECATED: Use `SensitiveDataClassification` instead. */
  deprecated class Classification = SensitiveDataClassification;
  /** DEPRECATED: Use `SensitiveDataClassification::secret` instead. */
  deprecated predicate secret = SensitiveDataClassification::secret/0;
  /** DEPRECATED: Use `SensitiveDataClassification::id` instead. */
  deprecated predicate id = SensitiveDataClassification::id/0;
  /** DEPRECATED: Use `SensitiveDataClassification::password` instead. */
  deprecated predicate password = SensitiveDataClassification::password/0;
  /** DEPRECATED: Use `SensitiveDataClassification::certificate` instead. */
  deprecated predicate certificate = SensitiveDataClassification::certificate/0;
 }
 /** A function call that might produce sensitive data. */
 class SensitiveCall extends SensitiveExpr, InvokeExpr {
  SensitiveDataClassification classification;
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -52,13 +52,6 @@ module ClientSideUrlRedirect {
    }
  }
  /**
   * DEPRECATED. Can usually be replaced with `untrustedUrlSubstring`.
   * Query accesses via `location.hash` or `location.search` are now independent
   * `RemoteFlowSource` instances, and only substrings of `location` need to be handled via steps.
   */
  deprecated predicate queryAccess = untrustedUrlSubstring/2;
  /**
   * Holds if `substring` refers to a substring of `base` which is considered untrusted
   * when `base` is the current URL.
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
@@ -52,20 +52,6 @@ deprecated predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
 /** DEPRECATED: Alias for isDocumentUrl */
 deprecated predicate isDocumentURL = isDocumentUrl/1;
 /**
 * DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as
 * taint tracking no longer step through the properties of the location object by default.
 *
 * Holds if `pacc` accesses a part of `document.location` that is
 * not considered user-controlled, that is, anything except
 * `href`, `hash` and `search`.
 */
 deprecated predicate isSafeLocationProperty(PropAccess pacc) {
  exists(string prop | pacc = DOM::locationRef().getAPropertyRead(prop).asExpr() |
    prop != "href" and prop != "hash" and prop != "search"
  )
 }
 /**
 * A call to a DOM method.
 */
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
@@ -118,15 +118,6 @@ deprecated class RouteHandlerExpressionWithRateLimiter extends Expr {
  }
 }
 /**
 * DEPRECATED. Use `RateLimitingMiddleware` instead.
 *
 * A middleware that acts as a rate limiter.
 */
 deprecated class RateLimiter extends Express::RouteHandlerExpr {
  RateLimiter() { any(RateLimitingMiddleware m).ref().flowsToExpr(this) }
 }
 /**
 * The creation of a middleware function that acts as a rate limiter.
 */
--- a/javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll
+++ b/javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll
@@ -106,16 +106,6 @@ module HeuristicNames {
      "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|code)|certain|concert|secretar|accountant|accountab).*"
  }
  /**
   * DEPRECATED: Use `maybeSensitiveRegexp` instead.
   */
  deprecated predicate maybeSensitive = maybeSensitiveRegexp/1;
  /**
   * DEPRECATED: Use `notSensitiveRegexp` instead.
   */
  deprecated predicate notSensitive = notSensitiveRegexp/0;
  /**
   * Holds if `name` may indicate the presence of sensitive data, and
   * `name` does not indicate that the data is in fact non-sensitive (for example since
--- a/javascript/ql/test/library-tests/TypeTracking/CustomStep.qll
+++ b/javascript/ql/test/library-tests/TypeTracking/CustomStep.qll
@@ -11,9 +11,6 @@ predicate configStep(Node pred, Node succ) {
  )
 }
-class CustomStep extends AdditionalTypeTrackingStep, Node {
+class CustomStep extends SharedTypeTrackingStep {
-  override predicate step(Node pred, Node succ) {
+  override predicate step(Node pred, Node succ) { configStep(pred, succ) }
    pred = this and
    configStep(pred, succ)
  }
 }
--- a/python/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/python/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * Most deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/python/ql/lib/semmle/python/frameworks/PEP249.qll
+++ b/python/ql/lib/semmle/python/frameworks/PEP249.qll
@@ -10,13 +10,6 @@ private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
 import semmle.python.frameworks.internal.PEP249Impl
 /**
 * A module implementing PEP 249. Extend this class for implementations.
 *
 * DEPRECATED: Extend `PEP249::PEP249ModuleApiNode` instead.
 */
 abstract deprecated class PEP249Module extends DataFlow::Node { }
 /**
 * DEPRECATED: Use `PEP249::PEP249ModuleApiNode` instead.
 */
--- a/python/ql/lib/semmle/python/frameworks/Werkzeug.qll
+++ b/python/ql/lib/semmle/python/frameworks/Werkzeug.qll
@@ -259,11 +259,6 @@ private module WerkzeugOld {
       * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.MultiDict.
       */
      deprecated module MultiDict {
        /**
         * DEPRECATED. Use `Werkzeug::MultiDict::InstanceSource` instead.
         */
        abstract deprecated class InstanceSource extends DataFlow::Node { }
        /**
         * DEPRECATED. Use `Werkzeug::MultiDict::InstanceSource` instead.
         *
@@ -312,11 +307,6 @@ private module WerkzeugOld {
       * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.FileStorage.
       */
      deprecated module FileStorage {
        /**
         * DEPRECATED. Use `Werkzeug::FileStorage::InstanceSource` instead.
         */
        abstract deprecated class InstanceSource extends DataFlow::Node { }
        /**
         * DEPRECATED. Use `Werkzeug::FileStorage::InstanceSource` instead.
         *
--- a/python/ql/lib/semmle/python/regex.qll
+++ b/python/ql/lib/semmle/python/regex.qll
@@ -1,5 +1,4 @@
 import python
 deprecated import semmle.python.objects.ObjectInternal as OI
 private import semmle.python.ApiGraphs
 // Need to import since frameworks can extend the abstract `RegexString`
 private import semmle.python.Frameworks
@@ -98,19 +97,6 @@ private DataFlow::Node re_flag_tracker(string flag_name) {
 /** Gets a regular expression mode flag associated with the given data flow node. */
 string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) }
 /**
 * DEPRECATED 2021-02-24 -- use `mode_from_node` instead.
 *
 * Gets a regular expression mode flag associated with the given value.
 */
 deprecated string mode_from_mode_object(Value obj) {
  result in ["DEBUG", "IGNORECASE", "LOCALE", "MULTILINE", "DOTALL", "UNICODE", "VERBOSE"] and
  exists(int flag |
    flag = Value::named("sre_constants.SRE_FLAG_" + result).(OI::ObjectInternal).intValue() and
    obj.(OI::ObjectInternal).intValue().bitAnd(flag) = flag
  )
 }
 /** A StrConst used as a regular expression */
 abstract class RegexString extends Expr {
  RegexString() { (this instanceof Bytes or this instanceof Unicode) }
--- a/python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll
+++ b/python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll
@@ -106,16 +106,6 @@ module HeuristicNames {
      "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|code)|certain|concert|secretar|accountant|accountab).*"
  }
  /**
   * DEPRECATED: Use `maybeSensitiveRegexp` instead.
   */
  deprecated predicate maybeSensitive = maybeSensitiveRegexp/1;
  /**
   * DEPRECATED: Use `notSensitiveRegexp` instead.
   */
  deprecated predicate notSensitive = notSensitiveRegexp/0;
  /**
   * Holds if `name` may indicate the presence of sensitive data, and
   * `name` does not indicate that the data is in fact non-sensitive (for example since
--- a/ruby/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
+++ b/ruby/ql/lib/change-notes/2022-08-17-deleted-deprecations.md
@@ -0,0 +1,6 @@
 ---
 category: minorAnalysis
 ---
 * Most deprecated predicates/classes/modules that have been deprecated for over a year have been 
 deleted.
--- a/ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll
+++ b/ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll
@@ -106,16 +106,6 @@ module HeuristicNames {
      "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|code)|certain|concert|secretar|accountant|accountab).*"
  }
  /**
   * DEPRECATED: Use `maybeSensitiveRegexp` instead.
   */
  deprecated predicate maybeSensitive = maybeSensitiveRegexp/1;
  /**
   * DEPRECATED: Use `notSensitiveRegexp` instead.
   */
  deprecated predicate notSensitive = notSensitiveRegexp/0;
  /**
   * Holds if `name` may indicate the presence of sensitive data, and
   * `name` does not indicate that the data is in fact non-sensitive (for example since