Merge pull request #20857 from github/post-release-prep/codeql-cli-2.23.6

Post-release preparation for codeql-cli-2.23.6

actions/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.4.21
+
+No user-facing changes.
+
 ## 0.4.20
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.21.md

@@ -0,0 +1,3 @@
+## 0.4.21
+
+No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.20
+lastReleaseVersion: 0.4.21

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.21-dev
+version: 0.4.22-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.13
+
+No user-facing changes.
+
 ## 0.6.12
 
 No user-facing changes.

actions/ql/src/change-notes/released/0.6.13.md

@@ -0,0 +1,3 @@
+## 0.6.13
+
+No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.12
+lastReleaseVersion: 0.6.13

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.13-dev
+version: 0.6.14-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 6.1.0
+
+### New Features
+
+* New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files.
+
+### Bug Fixes
+
+* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.
+
 ## 6.0.1
 
 No user-facing changes.
@@ -259,8 +269,8 @@ No user-facing changes.
 
 ### Breaking Changes
 
-* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
-* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
+* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. 
+* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. 
 * Deleted the deprecated `hasQualifiedName` and `isDefined` predicates from the `Declaration` class, use `hasGlobalName` and `hasDefinition` respectively instead.
 * Deleted the `getFullSignature` predicate from the `Function` class, use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead.
 * Deleted the deprecated `freeCall` predicate from `Alloc.qll`. Use `DeallocationExpr` instead.
@@ -294,7 +304,7 @@ No user-facing changes.
 * A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
 * An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
 * A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
-* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.
+* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
 
 ### Minor Analysis Improvements
 
@@ -372,9 +382,9 @@ No user-facing changes.
 ### New Features
 
 * Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
-* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant.
+* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. 
 * Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
-* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant.
+* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. 
 * Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
 * Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
 
@@ -490,7 +500,7 @@ No user-facing changes.
 * Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
  non-returning in the IR and dataflow.
 * Treat functions that reach the end of the function as returning in the IR.
-  They used to be treated as unreachable but it is allowed in C.
+  They used to be treated as unreachable but it is allowed in C. 
 * The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
 
 ## 0.9.3
@@ -539,7 +549,7 @@ No user-facing changes.
 
 ### New Features
 
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
   Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
 
 ### Minor Analysis Improvements
@@ -733,7 +743,7 @@ No user-facing changes.
 
 ### Deprecated APIs
 
-* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### New Features
@@ -750,7 +760,7 @@ No user-facing changes.
 
 ### Deprecated APIs
 
-* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### New Features
@@ -849,7 +859,7 @@ No user-facing changes.
 
 ### Deprecated APIs
 
-* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
+* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### New Features

cpp/ql/lib/change-notes/2025-11-11-range-analysis-performance.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.

cpp/ql/lib/change-notes/released/6.1.0.md

@@ -1,4 +1,9 @@
----
-category: feature
----
+## 6.1.0
+
+### New Features
+
 * New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files.
+
+### Bug Fixes
+
+* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.0.1
+lastReleaseVersion: 6.1.0

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.0.2-dev
+version: 6.1.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.4
+
+No user-facing changes.
+
 ## 1.5.3
 
 No user-facing changes.

cpp/ql/src/change-notes/released/1.5.4.md

@@ -0,0 +1,3 @@
+## 1.5.4
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.3
+lastReleaseVersion: 1.5.4

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.4-dev
+version: 1.5.5-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.52
+
+No user-facing changes.
+
 ## 1.7.51
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.52.md

@@ -0,0 +1,3 @@
+## 1.7.52
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.51
+lastReleaseVersion: 1.7.52

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.52-dev
+version: 1.7.53-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.52
+
+No user-facing changes.
+
 ## 1.7.51
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.52.md

@@ -0,0 +1,3 @@
+## 1.7.52
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.51
+lastReleaseVersion: 1.7.52

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.52-dev
+version: 1.7.53-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,17 @@
+## 5.4.0
+
+### Deprecated APIs
+
+* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library.
+
+### New Features
+
+* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`.
+
+### Minor Analysis Improvements
+
+* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality.
+
 ## 5.3.0
 
 ### Deprecated APIs
@@ -143,7 +157,7 @@ No user-facing changes.
 * Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
   - `[SupplyParameterFromForm]`
   - `[SupplyParameterFromQuery]`
-* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`.
+* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
 * Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
 * The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
 * The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
@@ -163,7 +177,7 @@ No user-facing changes.
   - `System.Web.HttpUtility::ParseQueryString`
   - `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseQuery`
   - `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseNullableQuery`
-* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript.
+* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript. 
 
 ## 3.1.1
 
@@ -201,8 +215,8 @@ No user-facing changes.
 
 ### Breaking Changes
 
-* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
-* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
+* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. 
+* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. 
 * Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
 
 ### Minor Analysis Improvements
@@ -451,7 +465,7 @@ No user-facing changes.
 
 ### New Features
 
-* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
+* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. 
   Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
 
 ### Minor Analysis Improvements
@@ -586,7 +600,7 @@ No user-facing changes.
 
 * Attributes on methods in CIL are now extracted (Bugfix).
 * Support for `static virtual` and `static abstract` interface members.
-* Support for *operators* in interface definitions.
+* Support for *operators* in interface definitions. 
 * C# 11: Added support for the unsigned right shift `>>>` and unsigned right shift assignment `>>>=` operators.
 * Query id's have been aligned such that they are prefixed with `cs` instead of `csharp`.
 
@@ -626,13 +640,13 @@ No user-facing changes.
 ### Minor Analysis Improvements
 
 * `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries.
-* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected.
+* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. 
 
 ## 0.4.0
 
 ### Deprecated APIs
 
-* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### Bug Fixes
@@ -645,7 +659,7 @@ No user-facing changes.
 
 ### Deprecated APIs
 
-* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### Minor Analysis Improvements
@@ -692,7 +706,7 @@ No user-facing changes.
 
 ### Deprecated APIs
 
-* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
+* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.
 
 ### New Features

csharp/ql/lib/change-notes/2025-10-04-deprecate-controlsblock.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library.

csharp/ql/lib/change-notes/2025-10-30-overlay-compilation-and-extraction.md

@@ -1,5 +0,0 @@
----
-category: feature
----
-
-* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`.

csharp/ql/lib/change-notes/2025-11-03-roslyn-and-binlog.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality.

csharp/ql/lib/change-notes/released/5.3.0.md

@@ -6,7 +6,7 @@
 
 ### Major Analysis Improvements
 
-* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query.
+* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions. For example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query.
 
 ### Minor Analysis Improvements
 

csharp/ql/lib/change-notes/released/5.4.0.md

@@ -0,0 +1,13 @@
+## 5.4.0
+
+### Deprecated APIs
+
+* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library.
+
+### New Features
+
+* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`.
+
+### Minor Analysis Improvements
+
+* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.3.0
+lastReleaseVersion: 5.4.0

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.3.1-dev
+version: 5.4.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.5.0
+
+### New Queries
+
+* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack.
+
+### Minor Analysis Improvements
+
+* An improvement to the Guards library for recognizing disjunctions means improved precision for `cs/constant-condition`, `cs/inefficient-containskey`, and `cs/dereferenced-value-may-be-null`. The two former can have additional findings, and the latter will have fewer false positives.
+
 ## 1.4.3
 
 ### Minor Analysis Improvements
@@ -170,7 +180,7 @@ No user-facing changes.
 
 ### Minor Analysis Improvements
 
-* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query.
+* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. 
 
 ## 1.0.10
 
@@ -284,7 +294,7 @@ No user-facing changes.
 
 ### Minor Analysis Improvements
 
-* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.
+* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.    
 * Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
 
 ## 0.8.5

csharp/ql/src/change-notes/2025-10-24-insecure-cookie-query-promote.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack.

csharp/ql/src/change-notes/released/1.0.11.md

@@ -2,4 +2,4 @@
 
 ### Minor Analysis Improvements
 
-* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. 
+* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query.

csharp/ql/src/change-notes/released/1.4.3.md

@@ -2,4 +2,4 @@
 
 ### Minor Analysis Improvements
 
-* the `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `<location>` elements.
+* The `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `<location>` elements.

csharp/ql/src/change-notes/released/1.5.0.md

@@ -1,4 +1,9 @@
----
-category: minorAnalysis
----
+## 1.5.0
+
+### New Queries
+
+* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack.
+
+### Minor Analysis Improvements
+
 * An improvement to the Guards library for recognizing disjunctions means improved precision for `cs/constant-condition`, `cs/inefficient-containskey`, and `cs/dereferenced-value-may-be-null`. The two former can have additional findings, and the latter will have fewer false positives.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.5.0

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.4.4-dev
+version: 1.5.1-dev
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.35
+
+No user-facing changes.
+
 ## 1.0.34
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.35.md

@@ -0,0 +1,3 @@
+## 1.0.35
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.34
+lastReleaseVersion: 1.0.35

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.35-dev
+version: 1.0.36-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 5.0.2
+
+### Bug Fixes
+
+* Some fixes relating to use of path transformers when extracting a database:
+  * Fixed a problem where the path transformer would be ignored when extracting older codebases that predate the use of Go modules.
+  * The environment variable `CODEQL_PATH_TRANSFORMER` is now recognized, in addition to `SEMMLE_PATH_TRANSFORMER`.
+  * Fixed some cases where the extractor emitted paths without applying the path transformer.
+
 ## 5.0.1
 
 No user-facing changes.

go/ql/lib/change-notes/released/5.0.2.md

@@ -1,6 +1,7 @@
----
-category: fix
----
+## 5.0.2
+
+### Bug Fixes
+
 * Some fixes relating to use of path transformers when extracting a database:
   * Fixed a problem where the path transformer would be ignored when extracting older codebases that predate the use of Go modules.
   * The environment variable `CODEQL_PATH_TRANSFORMER` is now recognized, in addition to `SEMMLE_PATH_TRANSFORMER`.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.1
+lastReleaseVersion: 5.0.2

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 5.0.2-dev
+version: 5.0.3-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.4.9
+
+No user-facing changes.
+
 ## 1.4.8
 
 No user-facing changes.

go/ql/src/change-notes/released/1.4.9.md

@@ -0,0 +1,3 @@
+## 1.4.9
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.8
+lastReleaseVersion: 1.4.9

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.9-dev
+version: 1.4.10-dev
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 7.7.4
+
+No user-facing changes.
+
 ## 7.7.3
 
 No user-facing changes.

java/ql/lib/change-notes/released/7.7.4.md

@@ -0,0 +1,3 @@
+## 7.7.4
+
+No user-facing changes.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.7.3
+lastReleaseVersion: 7.7.4

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.7.4-dev
+version: 7.7.5-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 1.10.0
+
+### Query Metadata Changes
+
+* Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.
+
 ## 1.9.0
 
 ### New Queries

java/ql/src/change-notes/released/1.10.0.md

@@ -1,5 +1,6 @@
----
-category: queryMetadata
----
+## 1.10.0
+
+### Query Metadata Changes
+
 * Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
-* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.
+* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.9.0
+lastReleaseVersion: 1.10.0

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.9.1-dev
+version: 1.10.1-dev
 groups:
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 2.6.15
+
+No user-facing changes.
+
 ## 2.6.14
 
 No user-facing changes.

javascript/ql/lib/change-notes/released/2.6.15.md

@@ -0,0 +1,3 @@
+## 2.6.15
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.14
+lastReleaseVersion: 2.6.15

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.15-dev
+version: 2.6.16-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 2.2.0
+
+### Query Metadata Changes
+
+* Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries.
+* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+
 ## 2.1.3
 
 No user-facing changes.

javascript/ql/src/change-notes/released/2.2.0.md

@@ -1,5 +1,6 @@
----
-category: queryMetadata
----
+## 2.2.0
+
+### Query Metadata Changes
+
 * Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries.
-* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.1.3
+lastReleaseVersion: 2.2.0

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.1.4-dev
+version: 2.2.1-dev
 groups:
   - javascript
   - queries

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.35
+
+No user-facing changes.
+
 ## 1.0.34
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/1.0.35.md

@@ -0,0 +1,3 @@
+## 1.0.35
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.34
+lastReleaseVersion: 1.0.35

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.35-dev
+version: 1.0.36-dev
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 5.0.0
+
+### Breaking Changes
+
+- The classes `ControlFlowNode`, `Expr`, and `Module` no longer expose predicates that invoke the points-to analysis. To access these predicates, import the module `LegacyPointsTo` and follow the instructions given therein.
+
 ## 4.1.0
 
 ### New Features

python/ql/lib/change-notes/released/5.0.0.md

@@ -1,5 +1,5 @@
----
-category: breaking
----
+## 5.0.0
+
+### Breaking Changes
 
 - The classes `ControlFlowNode`, `Expr`, and `Module` no longer expose predicates that invoke the points-to analysis. To access these predicates, import the module `LegacyPointsTo` and follow the instructions given therein.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 5.0.0

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.1.1-dev
+version: 5.0.1-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.7.0
+
+### Query Metadata Changes
+
+* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+
 ## 1.6.8
 
 ### Minor Analysis Improvements

python/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -1,4 +0,0 @@
----
-category: queryMetadata
----
-* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.

python/ql/src/change-notes/released/1.7.0.md

@@ -0,0 +1,5 @@
+## 1.7.0
+
+### Query Metadata Changes
+
+* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.8
+lastReleaseVersion: 1.7.0

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.6.9-dev
+version: 1.7.1-dev
 groups:
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 5.1.3
+
+No user-facing changes.
+
 ## 5.1.2
 
 No user-facing changes.

ruby/ql/lib/change-notes/released/5.1.3.md

@@ -0,0 +1,3 @@
+## 5.1.3
+
+No user-facing changes.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.2
+lastReleaseVersion: 5.1.3

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 5.1.3-dev
+version: 5.1.4-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.5.0
+
+### Query Metadata Changes
+
+* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. 
+
 ## 1.4.8
 
 No user-facing changes.

ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -1,4 +0,0 @@
----
-category: queryMetadata
----
-* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. 

ruby/ql/src/change-notes/released/1.5.0.md

@@ -0,0 +1,5 @@
+## 1.5.0
+
+### Query Metadata Changes
+
+* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. 

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.8
+lastReleaseVersion: 1.5.0

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.4.9-dev
+version: 1.5.1-dev
 groups:
   - ruby
   - queries

rust/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.1.20
+
+### Minor Analysis Improvements
+
+* Added models for cookie methods in the `poem` crate.
+
 ## 0.1.19
 
 ### Major Analysis Improvements

rust/ql/lib/change-notes/released/0.1.20.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.1.20
+
+### Minor Analysis Improvements
+
 * Added models for cookie methods in the `poem` crate.

rust/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.19
+lastReleaseVersion: 0.1.20

rust/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.1.20-dev
+version: 0.1.21-dev
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme

rust/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.1.20
+
+### Minor Analysis Improvements
+
+* Taint flow barriers have been added to the `rust/regex-injection`, `rust/sql-injection` and `rust/log-injection`, reducing the frequency of false positive results for these queries.
+
 ## 0.1.19
 
 ### Minor Analysis Improvements

rust/ql/src/change-notes/released/0.1.20.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.1.20
+
+### Minor Analysis Improvements
+
 * Taint flow barriers have been added to the `rust/regex-injection`, `rust/sql-injection` and `rust/log-injection`, reducing the frequency of false positive results for these queries.

rust/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.19
+lastReleaseVersion: 0.1.20

rust/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-queries
-version: 0.1.20-dev
+version: 0.1.21-dev
 groups:
   - rust
   - queries

shared/concepts/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.9
+
+No user-facing changes.
+
 ## 0.0.8
 
 No user-facing changes.

shared/concepts/change-notes/released/0.0.9.md

@@ -0,0 +1,3 @@
+## 0.0.9
+
+No user-facing changes.