mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Release preparation for version 2.9.2
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,5 @@
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
1
cpp/ql/lib/change-notes/released/0.2.1.md
Normal file
1
cpp/ql/lib/change-notes/released/0.2.1.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.1
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.0
|
||||
lastReleaseVersion: 0.2.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.2.1-dev
|
||||
version: 0.2.1
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query has been extended to support a broader selection of XML libraries and interfaces.
|
||||
|
||||
## 0.1.1
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query has been extended to support a broader selection of XML libraries and interfaces.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
## 1.1.0
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.2
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.2
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
## 1.1.0
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.2
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.2
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
1
csharp/ql/lib/change-notes/released/0.2.1.md
Normal file
1
csharp/ql/lib/change-notes/released/0.2.1.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.1
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.0
|
||||
lastReleaseVersion: 0.2.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.2.1-dev
|
||||
version: 0.2.1
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
## 0.1.0
|
||||
|
||||
1
csharp/ql/src/change-notes/released/0.1.2.md
Normal file
1
csharp/ql/src/change-notes/released/0.1.2.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.2
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,85 @@
|
||||
## 0.2.1
|
||||
|
||||
### New Features
|
||||
|
||||
* A number of new classes and methods related to the upcoming Kotlin
|
||||
support have been added. These are not yet stable, as Kotlin support
|
||||
is still under development.
|
||||
* `File::isSourceFile`
|
||||
* `File::isJavaSourceFile`
|
||||
* `File::isKotlinSourceFile`
|
||||
* `Member::getKotlinType`
|
||||
* `Element::isCompilerGenerated`
|
||||
* `Expr::getKotlinType`
|
||||
* `LambdaExpr::isKotlinFunctionN`
|
||||
* `Callable::getReturnKotlinType`
|
||||
* `Callable::getParameterKotlinType`
|
||||
* `Method::isLocal`
|
||||
* `Method::getKotlinName`
|
||||
* `Field::getKotlinType`
|
||||
* `Modifiable::isSealedKotlin`
|
||||
* `Modifiable::isInternal`
|
||||
* `Variable::getKotlinType`
|
||||
* `LocalVariableDecl::getKotlinType`
|
||||
* `Parameter::getKotlinType`
|
||||
* `Parameter::isExtensionParameter`
|
||||
* `Compilation` class
|
||||
* `Diagnostic` class
|
||||
* `KtInitializerAssignExpr` class
|
||||
* `ValueEQExpr` class
|
||||
* `ValueNEExpr` class
|
||||
* `ValueOrReferenceEqualsExpr` class
|
||||
* `ValueOrReferenceNotEqualsExpr` class
|
||||
* `ReferenceEqualityTest` class
|
||||
* `CastingExpr` class
|
||||
* `SafeCastExpr` class
|
||||
* `ImplicitCastExpr` class
|
||||
* `ImplicitNotNullExpr` class
|
||||
* `ImplicitCoercionToUnitExpr` class
|
||||
* `UnsafeCoerceExpr` class
|
||||
* `PropertyRefExpr` class
|
||||
* `NotInstanceOfExpr` class
|
||||
* `ExtensionReceiverAccess` class
|
||||
* `WhenExpr` class
|
||||
* `WhenBranch` class
|
||||
* `ClassExpr` class
|
||||
* `StmtExpr` class
|
||||
* `StringTemplateExpr` class
|
||||
* `NotNullExpr` class
|
||||
* `TypeNullPointerException` class
|
||||
* `KtComment` class
|
||||
* `KtCommentSection` class
|
||||
* `KotlinType` class
|
||||
* `KotlinNullableType` class
|
||||
* `KotlinNotnullType` class
|
||||
* `KotlinTypeAlias` class
|
||||
* `Property` class
|
||||
* `DelegatedProperty` class
|
||||
* `ExtensionMethod` class
|
||||
* `KtInitializerNode` class
|
||||
* `KtLoopStmt` class
|
||||
* `KtBreakContinueStmt` class
|
||||
* `KtBreakStmt` class
|
||||
* `KtContinueStmt` class
|
||||
* `ClassObject` class
|
||||
* `CompanionObject` class
|
||||
* `LiveLiteral` class
|
||||
* `LiveLiteralMethod` class
|
||||
* `CastConversionContext` renamed to `CastingConversionContext`
|
||||
* The QL class `ValueDiscardingExpr` has been added, representing expressions for which the value of the expression as a whole is discarded.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the libraries OkHttp and Retrofit.
|
||||
* Add taint models for the following `File` methods:
|
||||
* `File::getAbsoluteFile`
|
||||
* `File::getCanonicalFile`
|
||||
* `File::getAbsolutePath`
|
||||
* `File::getCanonicalPath`
|
||||
Added a flow step for `toString` calls on tainted `android.text.Editable` objects.
|
||||
Added a data flow step for tainted Android intents that are sent to other activities and accessed there via `getIntent()`.
|
||||
* Added modeling of MyBatis (`org.apache.ibatis`) Providers, resulting in additional sinks for the queries `java/ognl-injection`, `java/sql-injection`, `java/sql-injection-local` and `java/concatenated-sql-query`.
|
||||
|
||||
## 0.2.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added modeling of MyBatis (`org.apache.ibatis`) Providers, resulting in additional sinks for the queries `java/ognl-injection`, `java/sql-injection`, `java/sql-injection-local` and `java/concatenated-sql-query`.
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Add taint models for the following `File` methods:
|
||||
* `File::getAbsoluteFile`
|
||||
* `File::getCanonicalFile`
|
||||
* `File::getAbsolutePath`
|
||||
* `File::getCanonicalPath`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Added a flow step for `toString` calls on tainted `android.text.Editable` objects.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Added a data flow step for tainted Android intents that are sent to other activities and accessed there via `getIntent()`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the libraries OkHttp and Retrofit.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* The QL class `ValueDiscardingExpr` has been added, representing expressions for which the value of the expression as a whole is discarded.
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
## 0.2.1
|
||||
|
||||
### New Features
|
||||
|
||||
* A number of new classes and methods related to the upcoming Kotlin
|
||||
support have been added. These are not yet stable, as Kotlin support
|
||||
is still under development.
|
||||
@@ -65,3 +66,16 @@ category: feature
|
||||
* `LiveLiteral` class
|
||||
* `LiveLiteralMethod` class
|
||||
* `CastConversionContext` renamed to `CastingConversionContext`
|
||||
* The QL class `ValueDiscardingExpr` has been added, representing expressions for which the value of the expression as a whole is discarded.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the libraries OkHttp and Retrofit.
|
||||
* Add taint models for the following `File` methods:
|
||||
* `File::getAbsoluteFile`
|
||||
* `File::getCanonicalFile`
|
||||
* `File::getAbsolutePath`
|
||||
* `File::getCanonicalPath`
|
||||
Added a flow step for `toString` calls on tainted `android.text.Editable` objects.
|
||||
Added a data flow step for tainted Android intents that are sent to other activities and accessed there via `getIntent()`.
|
||||
* Added modeling of MyBatis (`org.apache.ibatis`) Providers, resulting in additional sinks for the queries `java/ognl-injection`, `java/sql-injection`, `java/sql-injection-local` and `java/concatenated-sql-query`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.0
|
||||
lastReleaseVersion: 0.2.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.2.1-dev
|
||||
version: 0.2.1
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 0.1.2
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Query `java/predictable-seed` now has a tag for CWE-337.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/insecure-cookie` now tolerates setting a cookie's secure flag to `request.isSecure()`. This means servlets that intentionally accept unencrypted connections will no longer raise an alert.
|
||||
* The query `java/non-https-urls` has been simplified
|
||||
and no longer requires its sinks to be `MethodAccess`es.
|
||||
* The logic to detect `WebView`s with JavaScript (and optionally file access) enabled in the query `java/android/unsafe-android-webview-fetch` has been improved.
|
||||
|
||||
## 0.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
@@ -26,7 +39,7 @@ this respect.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
|
||||
## 0.0.11
|
||||
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The logic to detect `WebView`s with JavaScript (and optionally file access) enabled in the query `java/android/unsafe-android-webview-fetch` has been improved.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `java/non-https-urls` has been simplified
|
||||
and no longer requires its sinks to be `MethodAccess`es.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* Query `java/predictable-seed` now has a tag for CWE-337.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Query `java/insecure-cookie` now tolerates setting a cookie's secure flag to `request.isSecure()`. This means servlets that intentionally accept unencrypted connections will no longer raise an alert.
|
||||
12
java/ql/src/change-notes/released/0.1.2.md
Normal file
12
java/ql/src/change-notes/released/0.1.2.md
Normal file
@@ -0,0 +1,12 @@
|
||||
## 0.1.2
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Query `java/predictable-seed` now has a tag for CWE-337.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/insecure-cookie` now tolerates setting a cookie's secure flag to `request.isSecure()`. This means servlets that intentionally accept unencrypted connections will no longer raise an alert.
|
||||
* The query `java/non-https-urls` has been simplified
|
||||
and no longer requires its sinks to be `MethodAccess`es.
|
||||
* The logic to detect `WebView`s with JavaScript (and optionally file access) enabled in the query `java/android/unsafe-android-webview-fetch` has been improved.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
## 0.1.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
|
||||
Use the `Customizations.qll` file belonging to the query instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
|
||||
Sinks and sources from cash should now be handled by all XSS queries.
|
||||
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.
|
||||
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
|
||||
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
|
||||
|
||||
## 0.1.1
|
||||
|
||||
## 0.1.0
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
|
||||
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
|
||||
Use the `Customizations.qll` file belonging to the query instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
|
||||
Sinks and sources from cash should now be handled by all XSS queries.
|
||||
14
javascript/ql/lib/change-notes/released/0.1.2.md
Normal file
14
javascript/ql/lib/change-notes/released/0.1.2.md
Normal file
@@ -0,0 +1,14 @@
|
||||
## 0.1.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `ReflectedXss`, `StoredXss`, `XssThroughDom`, and `ExceptionXss` modules from `Xss.qll` have been deprecated.
|
||||
Use the `Customizations.qll` file belonging to the query instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The [cash](https://github.com/fabiospampinato/cash) library is now modelled as an alias for JQuery.
|
||||
Sinks and sources from cash should now be handled by all XSS queries.
|
||||
* Added the `Selection` api as a DOM text source in the `js/xss-through-dom` query.
|
||||
* The security queries now recognize drag and drop data as a source, enabling the queries to flag additional alerts.
|
||||
* The security queries now recognize ClipboardEvent function parameters as a source, enabling the queries to flag additional alerts.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/missing-origin-check` query has been added. It highlights "message" event handlers that do not check the origin of the event.
|
||||
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.
|
||||
|
||||
## 0.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/missing-origin-check` query has been added. It highlights "message" event handlers that do not check the origin of the event.
|
||||
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.
|
||||
The query previously existed as the experimental `js/missing-postmessageorigin-verification` query.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,15 @@
|
||||
## 0.3.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
The modeling of `request.files` in Flask has been fixed, so we now properly handle
|
||||
assignments to local variables (such as `files = request.files; files['key'].filename`).
|
||||
* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
|
||||
## 0.2.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
The modeling of `request.files` in Flask has been fixed, so we now properly handle
|
||||
assignments to local variables (such as `files = request.files; files['key'].filename`).
|
||||
11
python/ql/lib/change-notes/released/0.3.0.md
Normal file
11
python/ql/lib/change-notes/released/0.3.0.md
Normal file
@@ -0,0 +1,11 @@
|
||||
## 0.3.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The imports made available from `import python` are no longer exposed under `DataFlow::` after doing `import semmle.python.dataflow.new.DataFlow`, for example using `DataFlow::Add` will now cause a compile error.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
The modeling of `request.files` in Flask has been fixed, so we now properly handle
|
||||
assignments to local variables (such as `files = request.files; files['key'].filename`).
|
||||
* Added taint propagation for `io.StringIO` and `io.BytesIO`. This addition was originally [submitted as part of an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.0
|
||||
lastReleaseVersion: 0.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 0.2.1-dev
|
||||
version: 0.3.0
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* "XML external entity expansion" (`py/xxe`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
* "XML internal entity expansion" (`py/xml-bomb`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
|
||||
|
||||
## 0.1.1
|
||||
|
||||
## 0.1.0
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
|
||||
@@ -1,5 +1,7 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* "XML external entity expansion" (`py/xxe`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
* "XML internal entity expansion" (`py/xml-bomb`). Results will appear by default. This query was based on [an experimental query by @jorgectf](https://github.com/github/codeql/pull/6112).
|
||||
* The query "CSRF protection weakened or disabled" (`py/csrf-protection-disabled`) has been implemented. Its results will now appear by default.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.2.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
The Tree-sitter Ruby grammar has been updated; this fixes several issues where Ruby code was parsed incorrectly.
|
||||
|
||||
## 0.2.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
## 0.2.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
The Tree-sitter Ruby grammar has been updated; this fixes several issues where Ruby code was parsed incorrectly.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.0
|
||||
lastReleaseVersion: 0.2.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 0.2.1-dev
|
||||
version: 0.2.1
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
### New Queries
|
||||
|
||||
1
ruby/ql/src/change-notes/released/0.1.2.md
Normal file
1
ruby/ql/src/change-notes/released/0.1.2.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.2
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.1
|
||||
lastReleaseVersion: 0.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 0.1.2-dev
|
||||
version: 0.1.2
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
Reference in New Issue
Block a user