Release preparation for version 2.11.0

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* Some unused predicates in `SsaDefinitions.qll`, `TObject.qll`, `protocols.qll`, and the `pointsto/` folder have been deprecated.
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### Minor Analysis Improvements
+
+* Changed `CallNode.getArgByName` such that it has results for keyword arguments given after a dictionary unpacking argument, as the `bar=2` argument in `func(foo=1, **kwargs, bar=2)`.
+* `getStarArg` member-predicate on `Call` and `CallNode` has been changed for calls that have multiple `*args` arguments (for example `func(42, *my_args, *other_args)`): Instead of producing no results, it will always have a result for the _first_ such `*args` argument.
+* Reads of global/non-local variables (without annotations) inside functions defined on classes now works properly in the case where the class had an attribute defined with the same name as the non-local variable.
+
+### Bug Fixes
+
+* Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.
+
 ## 0.5.5
 
 ## 0.5.4

python/ql/lib/change-notes/2022-08-25-variable-fix.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Reads of global/non-local variables (without annotations) inside functions defined on classes now works properly in the case where the class had an attribute defined with the same name as the non-local variable.

python/ql/lib/change-notes/2022-09-08-implicit-read-flowstates.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.

python/ql/lib/change-notes/2022-09-12-CallNode-getArgByName.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Changed `CallNode.getArgByName` such that it has results for keyword arguments given after a dictionary unpacking argument, as the `bar=2` argument in `func(foo=1, **kwargs, bar=2)`.

python/ql/lib/change-notes/2022-09-12-deprecate-pointsto.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* Some unused predicates in `SsaDefinitions.qll`, `TObject.qll`, `protocols.qll`, and the `pointsto/` folder have been deprecated.

python/ql/lib/change-notes/2022-09-12-getStarArg-first.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* `getStarArg` member-predicate on `Call` and `CallNode` has been changed for calls that have multiple `*args` arguments (for example `func(42, *my_args, *other_args)`): Instead of producing no results, it will always have a result for the _first_ such `*args` argument.

python/ql/lib/change-notes/2022-09-12-uppercase.md

@@ -1,5 +0,0 @@
----
-category: deprecated
----
-* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
-  The old name still exists as a deprecated alias.

python/ql/lib/change-notes/released/0.6.0.md

@@ -0,0 +1,17 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* Some unused predicates in `SsaDefinitions.qll`, `TObject.qll`, `protocols.qll`, and the `pointsto/` folder have been deprecated.
+* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.
+
+### Minor Analysis Improvements
+
+* Changed `CallNode.getArgByName` such that it has results for keyword arguments given after a dictionary unpacking argument, as the `bar=2` argument in `func(foo=1, **kwargs, bar=2)`.
+* `getStarArg` member-predicate on `Call` and `CallNode` has been changed for calls that have multiple `*args` arguments (for example `func(42, *my_args, *other_args)`): Instead of producing no results, it will always have a result for the _first_ such `*args` argument.
+* Reads of global/non-local variables (without annotations) inside functions defined on classes now works properly in the case where the class had an attribute defined with the same name as the non-local variable.
+
+### Bug Fixes
+
+* Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.5
+lastReleaseVersion: 0.6.0

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.6.0-dev
+version: 0.6.0
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.5.0
+
+### Query Metadata Changes
+
+* Added the `security-severity` tag the `py/redos`, `py/polynomial-redos`, and `py/regex-injection` queries.
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to make the message consistent with other languages.
+
 ## 0.4.3
 
 ## 0.4.2

python/ql/src/change-notes/2022-08-23-alert-messages.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The alert message of many queries have been changed to make the message consistent with other languages.

python/ql/src/change-notes/2022-08-29-missing-security-severity.md

@@ -1,4 +0,0 @@
----
-category: queryMetadata
----
-* Added the `security-severity` tag the `py/redos`, `py/polynomial-redos`, and `py/regex-injection` queries.

python/ql/src/change-notes/released/0.5.0.md

@@ -0,0 +1,9 @@
+## 0.5.0
+
+### Query Metadata Changes
+
+* Added the `security-severity` tag the `py/redos`, `py/polynomial-redos`, and `py/regex-injection` queries.
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to make the message consistent with other languages.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.5.0

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.0-dev
+version: 0.5.0
 groups: 
   - python
   - queries