Merge branch 'main' into gradio-model

2026-02-20 17:03:41 +01:00 · 2024-05-14 12:41:00 +02:00
parent d6acea1d0c e65a62c727
commit f72afdc7cb
2997 changed files with 85462 additions and 295226 deletions
--- a/docs/codeql/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code.rst
@@ -5,6 +5,8 @@
 About CodeQL for Visual Studio Code
 =================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 CodeQL for Visual Studio Code is an extension that lets you write, run, and test CodeQL queries in Visual Studio Code.

 Features
--- a/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst
@@ -5,6 +5,8 @@
 About telemetry in CodeQL for Visual Studio Code
 =================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code.

 This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days.
--- a/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst
@@ -5,6 +5,8 @@
 Analyzing your projects
 =================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can run queries on CodeQL databases and view the results in Visual Studio Code. This article explains how to get a CodeQL database and analyze it on your local machine. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."

 Choosing a database
--- a/docs/codeql/codeql-for-visual-studio-code/customizing-settings.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/customizing-settings.rst
@@ -5,6 +5,8 @@
 Customizing settings
 ====================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can edit the settings for the CodeQL extension to suit your needs.

 About CodeQL extension settings
--- a/docs/codeql/codeql-for-visual-studio-code/exploring-data-flow-with-path-queries.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/exploring-data-flow-with-path-queries.rst
@@ -5,6 +5,8 @@
 Exploring data flow with path queries
 =====================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can run CodeQL queries in VS Code to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.

 About path queries
--- a/docs/codeql/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code.rst
@@ -5,6 +5,8 @@
 Exploring the structure of your source code
 =================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can use the AST viewer to display the abstract syntax tree of a CodeQL database.

 About the abstract syntax tree
--- a/docs/codeql/codeql-for-visual-studio-code/index.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/index.rst
@@ -3,6 +3,8 @@
 CodeQL for Visual Studio Code
 =============================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 The CodeQL extension for Visual Studio Code adds rich language support for CodeQL and allows you to easily find problems in codebases.

 - :doc:`About CodeQL for Visual Studio Code
--- a/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst
@@ -5,6 +5,8 @@
 Running CodeQL queries at scale with multi-repository variant analysis
 ======================================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 .. include:: ../reusables/beta-note-mrva.rst

 About multi-repository variant analysis
--- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst
@@ -5,6 +5,8 @@
 Setting up CodeQL in Visual Studio Code
 =================================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can install and configure the CodeQL extension in Visual Studio Code.

 .. include:: ../reusables/license-note.rst
--- a/docs/codeql/codeql-for-visual-studio-code/testing-codeql-queries-in-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/testing-codeql-queries-in-visual-studio-code.rst
@@ -5,6 +5,8 @@
 Testing CodeQL queries in Visual Studio Code
 ============================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 You can run unit tests for CodeQL queries using the Visual Studio Code extension. When you are sure that your query finds the results you want to identify, you can use variant analysis to run it at scale. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."

 About testing queries in VS Code
--- a/docs/codeql/codeql-for-visual-studio-code/troubleshooting-codeql-for-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/troubleshooting-codeql-for-visual-studio-code.rst
@@ -5,6 +5,8 @@
 Troubleshooting CodeQL for Visual Studio Code
 =============================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 This article explains how to debug problems with the analysis of CodeQL databases that are stored on your local
 machine. For information on troubleshooting variant analysis, which runs on GitHub.com, see
 ":ref:`Troubleshooting variant analysis <troubleshooting-variant-analysis>`."
--- a/docs/codeql/codeql-for-visual-studio-code/troubleshooting-variant-analysis.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/troubleshooting-variant-analysis.rst
@@ -5,6 +5,8 @@
 Troubleshooting variant analysis
 ================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 .. include:: ../reusables/beta-note-mrva.rst

 This article explains how to debug problems with variant analysis, that is, analysis run using GitHub Actions
--- a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst
@@ -5,6 +5,8 @@
 Using the CodeQL model editor
 =============================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 .. include:: ../reusables/beta-note-model-pack-editor-vsc.rst

 You can view, write, and edit CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries.
--- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
@@ -5,6 +5,8 @@
 Working with CodeQL packs in Visual Studio Code
 ===============================================

+.. include:: ../reusables/vs-code-deprecation-note.rst
+
 .. include:: ../reusables/beta-note-package-management.rst

 You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. 
--- a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst
@@ -73,7 +73,7 @@ The CodeQL examples in this article are only excerpts and are not meant to repre
 Abstract syntax
 ---------------

-The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__
+The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code/>`__
 in Visual Studio Code shows the AST nodes, including the relevant CodeQL classes and predicates.

 All CodeQL AST classes inherit from the `AstNode` class, which provides the following member predicates
--- a/docs/codeql/codeql-language-guides/customizing-library-models-for-csharp.rst
+++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-csharp.rst
@@ -282,7 +282,7 @@ These are the same for both of the rows above as we are adding two summaries for
 - The second value ``Enumerable`` is the class (type) name.
 - The third value ``False`` is a flag that indicates whether or not the summary also applies to all overrides of the method.
 - The fourth value ``Select<TSource,TResult>`` is the method name, along with the type parameters for the method. The names of the generic type parameters provided in the model must match the names of the generic type parameters in the method signature in the source code.
- The fifth value ``(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>)`` is the method input type signature. The generics in the signature must match the generics in the method signature in the source code. 
+- The fifth value ``(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>)`` is the method input type signature. The generics in the signature must match the generics in the method signature in the source code.

 The sixth value should be left empty and is out of scope for this documentation.
 The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the summary definition.
@@ -309,7 +309,7 @@ That is, the first row specifies that values can flow from the elements of the q

 Example: Add a ``neutral`` method
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-This example shows how we can model a method as being neutral with respect to flow. We will also cover how to model a property by modeling the getter of the ``Now`` property of the ``DateTime`` class as neutral. 
+This example shows how we can model a method as being neutral with respect to flow. We will also cover how to model a property by modeling the getter of the ``Now`` property of the ``DateTime`` class as neutral.
 A neutral model is used to define that there is no flow through a method.

 .. code-block:: csharp
@@ -346,13 +346,4 @@ The first four values identify the callable (in this case the getter of the ``No
 Threat models
 -------------

-.. include:: ../reusables/beta-note-threat-models.rst
-
-A threat model is a named class of dataflow sources that can be enabled or disabled independently. Threat models allow you to control the set of dataflow sources that you want to consider unsafe. For example, one codebase may only consider remote HTTP requests to be tainted, whereas another may also consider data from local files to be unsafe. You can use threat models to ensure that the relevant taint sources are used in a CodeQL analysis.
-
-The ``kind`` property of ``sourceModel`` determines which threat model a source is associated with. There are two main categories:
-
- ``remote`` which represents requests and responses from the network. 
- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), and environment variables(``environment``).
- 
-When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
+.. include:: ../reusables/threat-model-description.rst
--- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst
+++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst
@@ -297,13 +297,4 @@ The first four values identify the callable (in this case a method) to be modele
 Threat models
 -------------

-.. include:: ../reusables/beta-note-threat-models.rst
-
-A threat model is a named class of dataflow sources that can be enabled or disabled independently. Threat models allow you to control the set of dataflow sources that you want to consider unsafe. For example, one codebase may only consider remote HTTP requests to be tainted, whereas another may also consider data from local files to be unsafe. You can use threat models to ensure that the relevant taint sources are used in a CodeQL analysis.
-
-The ``kind`` property of the ``sourceModel`` determines which threat model a source is associated with. There are two main categories:
-
- ``remote`` which represents requests and responses from the network. 
- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), and environment variables(``environment``).
- 
-When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
+.. include:: ../reusables/threat-model-description.rst
--- a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
+++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
@@ -478,7 +478,7 @@ The following components are supported:
 - **Element** selects an element of an array, iterator, or set object.
 - **MapValue** selects a value of a map object.
 - **Awaited** selects the value of a promise.
- **Instance** selects instances of a class.
+- **Instance** selects instances of a class, including instances of its subclasses.
 - **Fuzzy** selects all values that are derived from the current value through a combination of the other operations described in this list.
  For example, this can be used to find all values that appear to originate from a particular package. This can be useful for finding method calls
  from a known package, but where the receiver type is not known or is difficult to model.
--- a/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
+++ b/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
@@ -15,14 +15,14 @@ Sources
 -------

 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.

 .. code-block:: ql

-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
   }

--- a/docs/codeql/codeql-overview/about-codeql.rst
+++ b/docs/codeql/codeql-overview/about-codeql.rst
@@ -70,8 +70,8 @@ Query execution
 After you've created a CodeQL database, one or more queries are executed
 against it. CodeQL queries are written in a specially-designed object-oriented
 query language called QL. You can run the queries checked out from the CodeQL
-repo (or custom queries that you've written yourself) using the :ref:`CodeQL
-for VS Code extension <codeql-for-visual-studio-code>` or the `CodeQL CLI
+repo (or custom queries that you've written yourself) using the `CodeQL
+for VS Code extension <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ or the `CodeQL CLI
 <https://docs.github.com/en/code-security/codeql-cli>`__. For more information about queries, see ":ref:`About CodeQL queries <about-codeql-queries>`." 

 .. _interpret-query-results:
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst
@@ -53,8 +53,7 @@ New Features
    |link-code-paths-and-code-paths-ignore-configuration-1|_.
    
 *   In the VS Code extension, recursive calls will be marked with inlay hints. These can be disabled with the global inlay hints setting
-    (:code:`editor.inlayHints.enabled`). If you just want to disable them for
-    codeql the settings can be scoped to just codeql files (language id is :code:`ql`).
+    (:code:`editor.inlayHints.enabled`). If you just want to disable them for codeql the settings can be scoped to just codeql files (language id is :code:`ql`).
    See `Language Specific Editor Settings <https://code.visualstudio.com/docs/getstarted/settings#_language-specific-editor-settings>`__ in the VS Code documentation for more information.
    
 *   The CLI now gives a more helpful error message when asked to run queries on a database that has not been finalized.
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst
@@ -38,12 +38,11 @@ New Features
 Known Issues
 ~~~~~~~~~~~~

-*   We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with :code:`codeql  github upload-results`. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.
+*   We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with :code:`codeql github upload-results`. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.
    
    This issue occurs when uploading certain kinds of diagnostic information and causes the subcommand to fail with "A fatal error occurred: Invalid SARIF.", reporting an :code:`InvalidDefinitionException`.
    
-    Customers who wish to use CodeQL 2.12.6 or 2.13.0 can
-    work around the problem by passing :code:`--no-sarif-include-diagnostics` to any invocations of :code:`codeql database analyze` or :code:`codeql database interpret-results`.
+    Customers who wish to use CodeQL 2.12.6 or 2.13.0 can work around the problem by passing :code:`--no-sarif-include-diagnostics` to any invocations of :code:`codeql database analyze` or :code:`codeql database interpret-results`.

 Query Packs
 -----------
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst
@@ -73,7 +73,7 @@ New Features
 Known Issues
 ~~~~~~~~~~~~

-*   We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with :code:`codeql  github upload-results`. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1. For more information, see the
+*   We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with :code:`codeql github upload-results`. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1. For more information, see the
    "Known issues" section for CodeQL 2.12.6.

 Query Packs
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst
@@ -26,8 +26,7 @@ Bug Fixes
    
 *   Fixed a bug that could have caused the compiler to incorrectly infer that a class matched a type signature. The bug only affected classes with overriding member predicates that had stronger binding sets than their root definitions.
    
-*   Fixed a bug where a query could not be run from VS Code when there were packs nested within sibling directories
-    of the query.
+*   Fixed a bug where a query could not be run from VS Code when there were packs nested within sibling directories of the query.

 New Features
 ~~~~~~~~~~~~
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst
@@ -0,0 +1,25 @@
+.. _codeql-cli-2.16.6:
+
+==========================
+CodeQL 2.16.6 (2024-03-26)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.16.6 runs a total of 409 security queries when configured with the Default suite (covering 160 CWE). The Extended suite enables an additional 132 queries (covering 34 more CWE).
+
+CodeQL CLI
+----------
+
+Bug Fixes
+~~~~~~~~~
+
+*   Fixes a bug where extractor logs would be output at a lower than expected verbosity level when using the :code:`codeql database create` command.
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst
@@ -0,0 +1,220 @@
+.. _codeql-cli-2.17.0:
+
+==========================
+CodeQL 2.17.0 (2024-04-04)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.17.0 runs a total of 410 security queries when configured with the Default suite (covering 160 CWE). The Extended suite enables an additional 130 queries (covering 34 more CWE).
+
+CodeQL CLI
+----------
+
+Deprecations
+~~~~~~~~~~~~
+
+*   The :code:`--[no-]analysis-summary-v2` and :code:`--[no-]new-analysis-summary` options that were used to enable (or disable) improved summary information printed at the end of a :code:`codeql database analyze` invocation are no longer supported.
+    Improved summary information is now enabled for all invocations.
+*   Support for overwriting default CodeQL SARIF run properties using the
+    :code:`--sarif-run-property` command line option has been removed. This removes the ability to overwrite the :code:`semmle.formatSpecifier`, :code:`metricResults`, and
+    :code:`codeqlConfigSummary` properties in the SARIF run file.
+
+Improvements
+~~~~~~~~~~~~
+
+*   TRAP import (a part of :code:`codeql database create` and :code:`codeql database finalize`)
+    now performs better in low-memory situations. (Put another way, it now needs less RAM to achieve the same performance as before.)
+    
+*   The worst-case performance of transitive closure computation (using the :code:`+` or :code:`*` postfix operators or the :code:`fastTC` higher-order primitive in QL) has been greatly improved.
+
+Miscellaneous
+~~~~~~~~~~~~~
+
+*   The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.2.
+
+Query Packs
+-----------
+
+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   The :code:`Stored` variants of some queries (:code:`cs/stored-command-line-injection`, :code:`cs/web/stored-xss`, :code:`cs/stored-ldap-injection`, :code:`cs/xml/stored-xpath-injection`, :code:`cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the :code:`file` and :code:`database` threat models in your threat model configuration.
+
+Java
+""""
+
+*   The :code:`java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   The "Missing return-value check for a 'scanf'-like function" query (:code:`cpp/missing-check-scanf`) has been converted to a :code:`path-problem` query.
+*   The "Potentially uninitialized local variable" query (:code:`cpp/uninitialized-local`) has been converted to a :code:`path-problem` query.
+*   Added models for :code:`GLib` allocation and deallocation functions.
+
+C#
+""
+
+*   The alert message of :code:`cs/wrong-compareto-signature` has been changed to remove unnecessary element references.
+*   Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are :code:`cs/code-injection`, :code:`cs/resource-injection`, :code:`cs/sql-injection`, and :code:`cs/uncontrolled-format-string`.
+
+Golang
+""""""
+
+*   The query :code:`go/hardcoded-credentials` no longer discards string literals based on "weak password" heuristics.
+*   The query :code:`go/sql-injection` now recognizes more sinks in the package :code:`github.com/Masterminds/squirrel`.
+
+Java
+""""
+
+*   Variables named :code:`tokenImage` are no longer sources for  the :code:`java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
+*   Added sanitizers for relative URLs, :code:`List.contains()`, and checking the host of a URI to the :code:`java/ssrf` and :code:`java/unvalidated-url-redirection` queries.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   The call graph has been improved, leading to more alerts for data flow based queries.
+
+New Queries
+~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Added a new query, :code:`cpp/type-confusion`, to detect casts to invalid types.
+
+Golang
+""""""
+
+*   The query "Slice memory allocation with excessive size value" (:code:`go/uncontrolled-allocation-size`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally `submitted as an experimental query by @Malayke <https://github.com/github/codeql/pull/15130>`__.
+
+Java
+""""
+
+*   The query :code:`java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as :code:`java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query `by @haby0 <https://github.com/github/codeql/pull/6240>`__ and `by @luchua-bc <https://github.com/github/codeql/pull/7286>`__.
+
+Query Metadata Changes
+~~~~~~~~~~~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   :code:`@precision medium` metadata was added to the :code:`cpp/boost/tls-settings-misconfiguration` and :code:`cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The :code:`@name` metadata of these queries were also updated.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   The :code:`@precision` of the :code:`js/unsafe-external-link` has been reduced to :code:`low` to reflect the fact that modern browsers do not expose the opening window for such links. This mitigates the potential security risk of having a link with :code:`target="_blank"`.
+
+Language Libraries
+------------------
+
+Breaking Changes
+~~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   The CIL extractor has been deleted and the corresponding extractor option :code:`cil` has been removed. It is no longer possible to do CIL extraction.
+*   The QL library C# classes no longer extend their corresponding :code:`DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all :code:`DotNet` and :code:`CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.
+
+Java
+""""
+
+*   The Java extractor no longer supports the :code:`ODASA_SNAPSHOT` legacy environment variable.
+
+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   Added support for TypeScript 5.4.
+
+Swift
+"""""
+
+*   Upgraded to Swift 5.10
+*   New AST node is extracted: :code:`ThenStmt`
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Added destructors for temporary objects with extended lifetimes to the intermediate representation.
+
+C#
+""
+
+*   Added new source models for the :code:`Dapper` package. These models can be enabled by enabling the :code:`database` threat model.
+*   Additional models have been added for :code:`System.IO`. These are primarily source models with the :code:`file` threat model, and summaries related to reading from a file or stream.
+*   Support for C# 12 / .NET8.
+*   Added the :code:`windows-registry` source kind and threat model to represent values which come from the registry on Windows.
+*   The models for :code:`System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
+*   The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the :code:`commandargs` and :code:`environment` threat models.
+*   The :code:`cs/assembly-path-injection` query has been modified so that it's sources rely on :code:`ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the :code:`commandargs` threat model.
+*   The models for :code:`System.IO.TextReader` have been modified to better model the flow of tainted text from a :code:`TextReader`.
+
+Golang
+""""""
+
+*   The :code:`CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO` option, which speeds up retrieval of dependency information, is now on by default. This was originally an external contribution by @xhd2015.
+*   Added dataflow sources for the package :code:`gopkg.in/macaron.v1`.
+
+Java
+""""
+
+*   Increased the precision of some dataflow models of the class :code:`java.net.URL` by distinguishing the parts of a URL.
+*   The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
+*   Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The :code:`PatternCase` class gains the new :code:`getPatternAtIndex` and :code:`getAPattern` predicates, and deprecates :code:`getPattern`.
+*   Added a :code:`path-injection` sink for the :code:`open` methods of the :code:`android.os.ParcelFileDescriptor` class.
+
+Ruby
+""""
+
+*   Data flow is now tracked through :code:`ActiveRecord` scopes.
+*   Modeled instances of :code:`ActionDispatch::Http::UploadedFile` that can be obtained from element reads of :code:`ActionController::Parameters`, with calls to :code:`original_filename`, :code:`content_type`, and :code:`read` now propagating taint from their receiver.
+*   The second argument, :code:`subquery_name`, of the :code:`ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink.
+*   Calls to :code:`Typhoeus::Request.new` are now considered as instances of the :code:`Http::Client::Request` concept, with the response body being treated as a remote flow source.
+*   New command injection sinks have been added, including :code:`Process.spawn`, :code:`Process.exec`, :code:`Terrapin::CommandLine` and the :code:`open4` gem.
+
+New Features
+~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Added a :code:`TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
+*   Added a predicate :code:`GuardCondition.comparesEq/4` to query whether an expression is compared to a constant.
+*   Added a predicate :code:`GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
+*   Added a predicate :code:`GuardCondition.comparesLt/4` to query whether an expression is compared to a constant.
+*   Added a predicate :code:`GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
+*   Added a predicate :code:`GuardCondition.valueControls` to query whether a basic block is guarded by a particular :code:`case` of a :code:`switch` statement.
+
+Shared Libraries
+----------------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Dataflow Analysis
+"""""""""""""""""
+
+*   Path explanations now include flow that goes through callbacks passed into library functions. For example, if :code:`map` is a library function, then in :code:`result = map(xs, x => x + 1)` we will now include the step from :code:`x` to :code:`x + 1` in the path explanation, instead of going directly from :code:`xs` to :code:`result`. Note that this change does not affect actual query results, but only how path explanations are computed.
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst
@@ -0,0 +1,106 @@
+.. _codeql-cli-2.17.1:
+
+==========================
+CodeQL 2.17.1 (2024-04-24)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.17.1 runs a total of 412 security queries when configured with the Default suite (covering 160 CWE). The Extended suite enables an additional 130 queries (covering 34 more CWE). 2 security queries have been added with this release.
+
+CodeQL CLI
+----------
+
+Deprecations
+~~~~~~~~~~~~
+
+*   The :code:`--mode` option and :code:`-m` alias to :code:`codeql database create`,
+    :code:`codeql database cleanup`, and :code:`codeql dataset cleanup` has been deprecated. Instead, use the new :code:`--cache-cleanup` option, which has identical behavior.
+
+Improvements
+~~~~~~~~~~~~
+
+*   Improved the diagnostic message produced when no code is processed when creating a database. If a build mode was specified using
+    :code:`--build-mode`, the message is now tailored to your build mode.
+
+Miscellaneous
+~~~~~~~~~~~~~
+
+*   The :code:`scc` tool used by the CodeQL CLI to calculate source code baseline information has been updated to version `3.2.0 <https://github.com/boyter/scc/releases/tag/v3.2.0>`__.
+
+Query Packs
+-----------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Java
+""""
+
+*   The :code:`java/unknown-javadoc-parameter` now accepts :code:`@param` tags that apply to the parameters of a record.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   :code:`API::Node#getInstance()` now includes instances of subclasses, include transitive subclasses.
+    The same changes applies to uses of the :code:`Instance` token in data extensions.
+
+New Queries
+~~~~~~~~~~~
+
+Ruby
+""""
+
+*   Added a new query, :code:`rb/insecure-mass-assignment`, for finding instances of mass assignment operations accepting arbitrary parameters from remote user input.
+*   Added a new query, :code:`rb/csrf-protection-not-enabled`, to detect cases where Cross-Site Request Forgery protection is not enabled in Ruby on Rails controllers.
+
+Language Libraries
+------------------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C#
+""
+
+*   Extracting suppress nullable warning expressions did not work when applied directly to a method call (like :code:`System.Console.Readline()!`). This has been fixed.
+
+Golang
+""""""
+
+*   Data flow through variables declared in statements of the form :code:`x := y.(type)` at the beginning of type switches has been fixed, which may result in more alerts.
+*   Added strings.ReplaceAll, http.ParseMultipartForm sanitizers and remove path sanitizer.
+
+Java
+""""
+
+*   About 6,700 summary models and 6,800 neutral summary models for the JDK that were generated using data flow have been added. This may lead to new alerts being reported.
+
+Python
+""""""
+
+*   Improved the type-tracking capabilities (and therefore also API graphs) to allow tracking items in tuples and dictionaries.
+
+Shared Libraries
+----------------
+
+New Features
+~~~~~~~~~~~~
+
+Dataflow Analysis
+"""""""""""""""""
+
+*   The :code:`PathGraph` result of a data flow computation has been augmented with model provenance information for each of the flow steps. Any qltests that include the edges relation in their output (for example, :code:`.qlref`\ s that reference path-problem queries) will need to be have their expected output updated accordingly.
+
+Type-flow Analysis
+""""""""""""""""""
+
+*   Initial release. Adds a library to implement type-flow analysis.
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst
@@ -82,7 +82,7 @@ Bug Fixes
 Python
 """"""

-*   The `View AST functionality <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__ no longer prints detailed information about regular expressions, greatly improving performance.
+*   The `View AST functionality <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code/>`__ no longer prints detailed information about regular expressions, greatly improving performance.

 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- a/docs/codeql/codeql-overview/codeql-changelog/index.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst
@@ -11,6 +11,9 @@ A list of queries for each suite and language `is available here <https://docs.g
 .. toctree::
   :maxdepth: 1

+   codeql-cli-2.17.1
+   codeql-cli-2.17.0
+   codeql-cli-2.16.6
   codeql-cli-2.16.5
   codeql-cli-2.16.4
   codeql-cli-2.16.3
--- a/docs/codeql/codeql-overview/codeql-tools.rst
+++ b/docs/codeql/codeql-overview/codeql-tools.rst
@@ -53,5 +53,5 @@ CodeQL for Visual Studio Code

 You can analyze CodeQL databases in Visual Studio Code using the CodeQL
 extension, which provides an enhanced environment for writing and running custom
-queries and viewing the results. For more information, see ":ref:`CodeQL
-for Visual Studio Code <codeql-for-visual-studio-code>`."
+queries and viewing the results. For more information, see "`CodeQL
+for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__."
--- a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst
+++ b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst
@@ -9,7 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.

 Checking for overflow in C
 ==========================
--- a/docs/codeql/ql-training/cpp/control-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/control-flow-cpp.rst
@@ -11,7 +11,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.


 .. rst-class:: agenda
--- a/docs/codeql/ql-training/cpp/data-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/data-flow-cpp.rst
@@ -9,7 +9,7 @@ Finding string formatting vulnerabilities in C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <hhttps://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst
@@ -9,7 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst
+++ b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst
@@ -9,7 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.

 .. Include language-agnostic section here

--- a/docs/codeql/ql-training/cpp/snprintf.rst
+++ b/docs/codeql/ql-training/cpp/snprintf.rst
@@ -9,7 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.

 ``snprintf``
 ============
--- a/docs/codeql/ql-training/java/apache-struts-java.rst
+++ b/docs/codeql/ql-training/java/apache-struts-java.rst
@@ -13,7 +13,7 @@ Exercise: Apache Struts
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 Unsafe deserialization in Struts
 ================================
--- a/docs/codeql/ql-training/java/data-flow-java.rst
+++ b/docs/codeql/ql-training/java/data-flow-java.rst
@@ -9,7 +9,7 @@ Finding SPARQL injection vulnerabilities in Java
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/java/global-data-flow-java.rst
+++ b/docs/codeql/ql-training/java/global-data-flow-java.rst
@@ -9,7 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/java/intro-ql-java.rst
+++ b/docs/codeql/ql-training/java/intro-ql-java.rst
@@ -9,7 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 .. Include language-agnostic section here

--- a/docs/codeql/ql-training/java/query-injection-java.rst
+++ b/docs/codeql/ql-training/java/query-injection-java.rst
@@ -9,7 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
+For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.

 SQL injection
 =============
--- a/docs/codeql/ql-training/template.rst
+++ b/docs/codeql/ql-training/template.rst
@@ -36,7 +36,7 @@ Setup

 For this example you should download:

- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
+- `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code>`__
 - A CodeQL database

 .. note::
--- a/docs/codeql/reusables/supported-platforms.rst
+++ b/docs/codeql/reusables/supported-platforms.rst
@@ -20,7 +20,11 @@

   macOS 12 Monterey

-   macOS 13 Ventura","x86-64
+   macOS 13 Ventura
+
+   macOS 14 Sonoma","x86-64
+
+   x86-64, arm64 (Apple Silicon)

   x86-64, arm64 (Apple Silicon)

--- a/docs/codeql/reusables/supported-versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -4,11 +4,11 @@
   :stub-columns: 1

   Language,Variants,Compilers,Extensions
-   C/C++,"C89, C99, C11, C17, C++98, C++03, C++11, C++14, C++17, C++20 [1]_ [2]_","Clang (including clang-cl [3]_ and armclang) extensions (up to Clang 12.0),
+   C/C++,"C89, C99, C11, C17, C++98, C++03, C++11, C++14, C++17, C++20 [1]_ [2]_","Clang (including clang-cl [3]_ and armclang) extensions (up to Clang 17.0),

-   GNU extensions (up to GCC 11.1),
+   GNU extensions (up to GCC 13.2),

-   Microsoft extensions (up to VS 2019),
+   Microsoft extensions (up to VS 2022),

   Arm Compiler 5 [4]_","``.cpp``, ``.c++``, ``.cxx``, ``.hpp``, ``.hh``, ``.h++``, ``.hxx``, ``.c``, ``.cc``, ``.h``"
   C#,C# up to 12,"Microsoft Visual Studio up to 2019 with .NET up to 4.8,
@@ -24,12 +24,12 @@
   JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
   Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12",Not applicable,``.py``
   Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
-   Swift [11]_,"Swift 5.4-5.9.1","Swift compiler","``.swift``"
+   Swift [11]_,"Swift 5.4-5.10","Swift compiler","``.swift``"
   TypeScript [12]_,"2.6-5.4",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"

 .. container:: footnote-group

-    .. [1] C++20 support is currently in beta. Supported for GCC on Linux only. Modules are *not* supported.
+    .. [1] C++20 support is currently in beta. Modules are *not* supported.
    .. [2] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.
    .. [3] Support for the clang-cl compiler is preliminary.
    .. [4] Support for the Arm Compiler (armcc) is preliminary.
@@ -39,5 +39,5 @@
    .. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
    .. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
    .. [10] Requires glibc 2.17.
-    .. [11] Swift support is currently in beta. Support for the analysis of Swift 5.4-5.8.1 requires macOS or Linux.
+    .. [11] Swift support is currently in beta. Support for the analysis of Swift requires macOS or Linux.
    .. [12] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.
--- a/docs/codeql/reusables/threat-model-description.rst
+++ b/docs/codeql/reusables/threat-model-description.rst
@@ -0,0 +1,10 @@
+.. include:: ../reusables/beta-note-threat-models.rst
+
+A threat model is a named class of dataflow sources that can be enabled or disabled independently. Threat models allow you to control the set of dataflow sources that you want to consider unsafe. For example, one codebase may only consider remote HTTP requests to be tainted, whereas another may also consider data from local files to be unsafe. You can use threat models to ensure that the relevant taint sources are used in a CodeQL analysis.
+
+The ``kind`` property of the ``sourceModel`` determines which threat model a source is associated with. There are two main categories:
+
+- ``remote`` which represents requests and responses from the network.
+- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), and environment variables(``environment``).
+
+When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
--- a/docs/codeql/reusables/vs-code-basic-instructions/note-store-quick-query.rst
+++ b/docs/codeql/reusables/vs-code-basic-instructions/note-store-quick-query.rst
@@ -2,4 +2,4 @@

   Note

-   If you want to move your experimental query somewhere more permanent, you need to move the whole ``Quick Queries`` directory. The directory is a CodeQL pack with a ``qlpack.yml`` file that defines the content as queries for |language-text| CodeQL databases. For more information about CodeQL packs, see ":ref:`Working with CodeQL packs in Visual Studio Code <working-with-codeql-packs-in-visual-studio-code>`."
+   If you want to move your experimental query somewhere more permanent, you need to move the whole ``Quick Queries`` directory. The directory is a CodeQL pack with a ``qlpack.yml`` file that defines the content as queries for |language-text| CodeQL databases. For more information about CodeQL packs, see "`Managing CodeQL query packs and library packs <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs/>`__."
--- a/docs/codeql/reusables/vs-code-basic-instructions/setup-to-run-queries.rst
+++ b/docs/codeql/reusables/vs-code-basic-instructions/setup-to-run-queries.rst
@@ -1 +1 @@
-For information about installing the CodeQL extension for Visual Studio code, see ":ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`."
+For information about installing the CodeQL extension for Visual Studio code, see "`Installing CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code/>`__."
--- a/docs/codeql/reusables/vs-code-deprecation-note.rst
+++ b/docs/codeql/reusables/vs-code-deprecation-note.rst
@@ -0,0 +1,5 @@
+.. pull-quote::
+
+    Note
+
+    This documentation `was migrated <https://github.blog/changelog/2024-04-18-codeql-for-visual-studio-code-documentation-is-now-on-docs-github-com/>`__ to ``docs.github.com/en/code-security/codeql-for-vs-code`` on 2024/05/08, and this version is no longer maintained.
--- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst
+++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst
@@ -20,7 +20,7 @@ This topic provides information on how to structure a path query file so you can

    Note

-    The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
+    The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__.


 To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis <about-data-flow-analysis>`."
@@ -171,7 +171,7 @@ Select clauses for path queries consist of four 'columns', with the following st
    select element, source, sink, string

 The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries <about-codeql-queries>`." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query.
-Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
+Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__.

 The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization.

--- a/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst
+++ b/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst
@@ -9,7 +9,7 @@ About query results
 -------------------

 The information contained in the results of a query is controlled by the ``select`` statement. Part of the process of developing a useful query is to make the results clear and easy for other users to understand.
-When you write your own queries in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` there are no constraints on what can be selected.
+When you write your own queries in the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ there are no constraints on what can be selected.
 However, if you want to use a query to create alerts for code scanning or generate valid analysis results using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__, you'll need to make the ``select`` statement report results in the required format. 
 You must also ensure that the query has the appropriate metadata properties defined. 
 This topic explains how to write your select statement to generate helpful analysis results. 
--- a/docs/codeql/writing-codeql-queries/introduction-to-ql.rst
+++ b/docs/codeql/writing-codeql-queries/introduction-to-ql.rst
@@ -19,7 +19,7 @@ QL also supports recursion and aggregates. This allows you to write complex recu
 Running a query
 ---------------

-You can try out the following examples and exercises using :ref:`CodeQL for VS Code <codeql-for-visual-studio-code>` or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.
+You can try out the following examples and exercises using `CodeQL for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.

 Here is an example of a basic query:

@@ -114,7 +114,7 @@ The following example queries *do* use these databases and give you an idea of h
 Queries using the CodeQL libraries can find errors and uncover variants of important security vulnerabilities in codebases.
 Visit `GitHub Security Lab <https://securitylab.github.com/>`__ to read about examples of vulnerabilities that we have recently found in open source projects.

-Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Analyzing your projects <https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/#choosing-a-database>`__ in the CodeQL for VS Code documentation.
+Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Managing CodeQL databases <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases/>`__ in the CodeQL for VS Code documentation.

 To import the CodeQL library for a specific programming language, type ``import <language>`` at the start of the query.

--- a/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
+++ b/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
@@ -9,7 +9,7 @@ About query metadata
 --------------------

 Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a QLDoc comment.
-This metadata tells the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
+This metadata tells the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
 It also gives other users information about what the query results mean. For more information on query metadata, see the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__ in our `open source repository <https://github.com/github/codeql>`__ on GitHub.

 .. pull-quote::