From 35e3e3d2a156f419339a113a54519e04aab326df Mon Sep 17 00:00:00 2001
From: Taus Brock-Nannestad <taus@semmle.com>
Date: Tue, 26 Nov 2019 13:58:22 +0100
Subject: [PATCH 1/3] Python: Update change note for 1.23.

---
 change-notes/1.23/analysis-python.md | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/change-notes/1.23/analysis-python.md b/change-notes/1.23/analysis-python.md
index 6cea1745284..4a2b4ecbbfd 100644
--- a/change-notes/1.23/analysis-python.md
+++ b/change-notes/1.23/analysis-python.md
@@ -3,7 +3,19 @@
 
 ## General improvements
 
+### Python 3.8 support
 
+Python 3.8 syntax is now supported. In particular, the following constructs are parsed correctly:
+
+- Assignment expressions using the "walrus" operator, such as `while chunk := file.read(1024): ...`.
+- The positional argument separator `/`, such as in `def foo(a, /, b, *, c): ...`.
+- Self-documenting expressions in f-strings, such as `f"{var=}"`.
+
+### General query improvements
+
+In an effort to deprecate the `Object` API (e.g. `ClassObject`) in favour of the
+`Value` API (e.g. `ClassValue`), many of the standard queries have been updated
+to use the `Value` API. This should result in more precise results.
 
 ## New queries
 
@@ -20,8 +32,21 @@
 |----------------------------|------------------------|------------|
 | Unreachable code | Fewer false positives | Analysis now accounts for uses of `contextlib.suppress` to suppress exceptions. |
 | `__iter__` method returns a non-iterator | Better alert message | Alert now highlights which class is expected to be an iterator. |
-
+| Explicit return in __init__ method | Fewer false positives | Instances where the `__init__` method returns the value of a call to a procedure are no longer flagged. |
+| Non-iterable used in for loop | Fewer false positives | `__aiter__` is now recognized as an iterator method. |
+| Unused import | Fewer false positives | Instances where a module is used in a forward-referenced type annotation, or only during type checking are no longer flagged. |
+| Module-level cyclic import | Fewer false positives | Instances where one of the links in an import cycle is never actually executed are no longer flagged. |
+| Undefined export | Fewer false positives | Instances where an exported value may be defined in a module that lacks points-to information are no longer flagged. |
+| Unreachable code | Fewer false positives | Unreachable `else` branches that do nothing but `assert` their non-reachability are no longer flagged. |
 
 ## Changes to QL libraries
 
 * Django library now recognizes positional arguments from a `django.conf.urls.url` regex (Django version 1.x)
+* Instances of the `Value` class now support the `isAbsent` method, indicating
+  whether the `Value` in question is missing points-to information, but has been
+  inferred to likely exist anyway. For instance, if a file contains `import
+  django`, but `django` was not extracted properly, there will be a
+  `ModuleValue` corresponding to this "unknown" module, and the `isAbsent`
+  method will hold for this `ModuleValue`.
+* The `Expr` class now has a nullary method `pointsTo` that returns the possible
+  instances of `Value` that this expression may have.

From 8372039205e2c56a80eae389f8bcab38a6b5212b Mon Sep 17 00:00:00 2001
From: Taus <tausbn@github.com>
Date: Wed, 27 Nov 2019 11:40:35 +0100
Subject: [PATCH 2/3] Apply suggestions from documentation review

Co-Authored-By: Felicity Chapman <felicitymay@github.com>
---
 change-notes/1.23/analysis-python.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/change-notes/1.23/analysis-python.md b/change-notes/1.23/analysis-python.md
index 4a2b4ecbbfd..a7362e17f77 100644
--- a/change-notes/1.23/analysis-python.md
+++ b/change-notes/1.23/analysis-python.md
@@ -13,8 +13,8 @@ Python 3.8 syntax is now supported. In particular, the following constructs are
 
 ### General query improvements
 
-In an effort to deprecate the `Object` API (e.g. `ClassObject`) in favour of the
-`Value` API (e.g. `ClassValue`), many of the standard queries have been updated
+Following the replacement of the `Object` API (for example, `ClassObject`) in favor of the
+`Value` API (for example, `ClassValue`) in the 1.21 release, many of the standard queries have been updated
 to use the `Value` API. This should result in more precise results.
 
 ## New queries
@@ -43,8 +43,8 @@ to use the `Value` API. This should result in more precise results.
 
 * Django library now recognizes positional arguments from a `django.conf.urls.url` regex (Django version 1.x)
 * Instances of the `Value` class now support the `isAbsent` method, indicating
-  whether the `Value` in question is missing points-to information, but has been
-  inferred to likely exist anyway. For instance, if a file contains `import
+  whether that `Value` lacks points-to information, but inference
+  suggests that it exists. For instance, if a file contains `import
   django`, but `django` was not extracted properly, there will be a
   `ModuleValue` corresponding to this "unknown" module, and the `isAbsent`
   method will hold for this `ModuleValue`.

From b503cdb9d4265e92d6434af78e4a3f2e928b4990 Mon Sep 17 00:00:00 2001
From: Taus Brock-Nannestad <tausbn@github.com>
Date: Wed, 27 Nov 2019 12:10:28 +0100
Subject: [PATCH 3/3] Python: Final change note fixes.

- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
---
 change-notes/1.23/analysis-python.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/change-notes/1.23/analysis-python.md b/change-notes/1.23/analysis-python.md
index a7362e17f77..5320567af85 100644
--- a/change-notes/1.23/analysis-python.md
+++ b/change-notes/1.23/analysis-python.md
@@ -30,14 +30,14 @@ to use the `Value` API. This should result in more precise results.
 
 | **Query**                  | **Expected impact**    | **Change** |
 |----------------------------|------------------------|------------|
-| Unreachable code | Fewer false positives | Analysis now accounts for uses of `contextlib.suppress` to suppress exceptions. |
-| `__iter__` method returns a non-iterator | Better alert message | Alert now highlights which class is expected to be an iterator. |
-| Explicit return in __init__ method | Fewer false positives | Instances where the `__init__` method returns the value of a call to a procedure are no longer flagged. |
-| Non-iterable used in for loop | Fewer false positives | `__aiter__` is now recognized as an iterator method. |
-| Unused import | Fewer false positives | Instances where a module is used in a forward-referenced type annotation, or only during type checking are no longer flagged. |
-| Module-level cyclic import | Fewer false positives | Instances where one of the links in an import cycle is never actually executed are no longer flagged. |
-| Undefined export | Fewer false positives | Instances where an exported value may be defined in a module that lacks points-to information are no longer flagged. |
-| Unreachable code | Fewer false positives | Unreachable `else` branches that do nothing but `assert` their non-reachability are no longer flagged. |
+| Explicit export is undefined (`py/undefined-export`) | Fewer false positive results | Instances where an exported value may be defined in a module that lacks points-to information are no longer flagged. |
+| Module-level cyclic import (`py/unsafe-cyclic-import`) | Fewer false positive results | Instances where one of the links in an import cycle is never actually executed are no longer flagged. |
+| Non-iterable used in for loop (`py/non-iterable-in-for-loop`) | Fewer false positive results | `__aiter__` is now recognized as an iterator method. |
+| Unreachable code (`py/unreachable-statement`) | Fewer false positive results | Analysis now accounts for uses of `contextlib.suppress` to suppress exceptions. |
+| Unreachable code (`py/unreachable-statement`) | Fewer false positive results | Unreachable `else` branches that do nothing but `assert` their non-reachability are no longer flagged. |
+| Unused import (`py/unused-import`) | Fewer false positive results | Instances where a module is used in a forward-referenced type annotation, or only during type checking are no longer flagged. |
+| `__iter__` method returns a non-iterator (`py/iter-returns-non-iterator`) | Better alert message | Alert now highlights which class is expected to be an iterator. |
+| `__init__` method returns a value (`py/explicit-return-in-init`) | Fewer false positive results | Instances where the `__init__` method returns the value of a call to a procedure are no longer flagged. |
 
 ## Changes to QL libraries