mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Release preparation for version 2.20.6
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,7 @@
|
||||
## 0.4.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.3
|
||||
|
||||
### New Features
|
||||
|
||||
3
actions/ql/lib/change-notes/released/0.4.4.md
Normal file
3
actions/ql/lib/change-notes/released/0.4.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.4.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.3
|
||||
lastReleaseVersion: 0.4.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.4-dev
|
||||
version: 0.4.4
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,12 @@
|
||||
## 0.5.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
|
||||
Immutable Actions feature is not yet available for customer use. The query remains in the
|
||||
default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
|
||||
available, the query will be updated to report alerts again.
|
||||
|
||||
## 0.5.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
## 0.5.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
|
||||
Immutable Actions feature is not yet available for customer use. The query remains in the
|
||||
default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.5.0
|
||||
lastReleaseVersion: 0.5.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.5.1-dev
|
||||
version: 0.5.1
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 4.0.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
|
||||
* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
|
||||
|
||||
## 4.0.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
|
||||
6
cpp/ql/lib/change-notes/released/4.0.2.md
Normal file
6
cpp/ql/lib/change-notes/released/4.0.2.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 4.0.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
|
||||
* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.0.1
|
||||
lastReleaseVersion: 4.0.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 4.0.2-dev
|
||||
version: 4.0.2
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 1.3.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
|
||||
* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
|
||||
|
||||
## 1.3.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
|
||||
6
cpp/ql/src/change-notes/released/1.3.5.md
Normal file
6
cpp/ql/src/change-notes/released/1.3.5.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 1.3.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
|
||||
* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.3.4
|
||||
lastReleaseVersion: 1.3.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.3.5-dev
|
||||
version: 1.3.5
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.35
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.34
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.35
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.34
|
||||
lastReleaseVersion: 1.7.35
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.35-dev
|
||||
version: 1.7.35
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.35
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.34
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.35
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.34
|
||||
lastReleaseVersion: 1.7.35
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.35-dev
|
||||
version: 1.7.35
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 5.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 5.1.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
3
csharp/ql/lib/change-notes/released/5.1.1.md
Normal file
3
csharp/ql/lib/change-notes/released/5.1.1.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 5.1.1
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.1.0
|
||||
lastReleaseVersion: 5.1.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.1.1-dev
|
||||
version: 5.1.1
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.0.18
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
|
||||
|
||||
## 1.0.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.0.18
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.17
|
||||
lastReleaseVersion: 1.0.18
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.0.18-dev
|
||||
version: 1.0.18
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.18
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.18
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.17
|
||||
lastReleaseVersion: 1.0.18
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.18-dev
|
||||
version: 1.0.18
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 4.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
|
||||
* Added `database` source models for the `github.com/rqlite/gorqlite` package.
|
||||
* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
|
||||
|
||||
## 4.1.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `database` source models for the `github.com/rqlite/gorqlite` package.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
|
||||
15
go/ql/lib/change-notes/released/4.2.0.md
Normal file
15
go/ql/lib/change-notes/released/4.2.0.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## 4.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
|
||||
* Added `database` source models for the `github.com/rqlite/gorqlite` package.
|
||||
* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.1.0
|
||||
lastReleaseVersion: 4.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 4.1.1-dev
|
||||
version: 4.2.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
go/ql/src/change-notes/released/1.1.9.md
Normal file
3
go/ql/src/change-notes/released/1.1.9.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.1.9
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.8
|
||||
lastReleaseVersion: 1.1.9
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.1.9-dev
|
||||
version: 1.1.9
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 24.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
|
||||
|
||||
## 7.0.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* The Java extractor and QL libraries now support Java 24.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 24.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.0.1
|
||||
lastReleaseVersion: 7.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.0.2-dev
|
||||
version: 7.1.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
|
||||
|
||||
## 1.2.0
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 1.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.2.0
|
||||
lastReleaseVersion: 1.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.2.1-dev
|
||||
version: 1.3.0
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,15 @@
|
||||
## 2.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
---
|
||||
* Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
|
||||
* Added support for the `useQuery` hook from `@tanstack/react-query`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
|
||||
|
||||
## 2.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
|
||||
@@ -1,6 +1,11 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 2.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
---
|
||||
* Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
|
||||
* Added support for the `useQuery` hook from `@tanstack/react-query`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.4.1
|
||||
lastReleaseVersion: 2.5.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.4.2-dev
|
||||
version: 2.5.0
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 1.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Improved precision of data flow through arrays, fixing some spurious flows
|
||||
that would sometimes cause the `length` property of an array to be seen as tainted.
|
||||
* Improved call resolution logic to better handle calls resolving "downwards", targeting
|
||||
a method declared in a subclass of the enclosing class. Data flow analysis
|
||||
has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
|
||||
|
||||
## 1.4.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Improved precision of data flow through arrays, fixing some spurious flows
|
||||
that would sometimes cause the `length` property of an array to be seen as tainted.
|
||||
@@ -1,6 +1,9 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 1.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Improved precision of data flow through arrays, fixing some spurious flows
|
||||
that would sometimes cause the `length` property of an array to be seen as tainted.
|
||||
* Improved call resolution logic to better handle calls resolving "downwards", targeting
|
||||
a method declared in a subclass of the enclosing class. Data flow analysis
|
||||
has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.1
|
||||
lastReleaseVersion: 1.5.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 1.4.2-dev
|
||||
version: 1.5.0
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.18
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.18.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.18.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.18
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.17
|
||||
lastReleaseVersion: 1.0.18
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.18-dev
|
||||
version: 1.0.18
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 4.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 4.0.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
3
python/ql/lib/change-notes/released/4.0.2.md
Normal file
3
python/ql/lib/change-notes/released/4.0.2.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 4.0.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.0.1
|
||||
lastReleaseVersion: 4.0.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 4.0.2-dev
|
||||
version: 4.0.2
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.4.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.4.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
python/ql/src/change-notes/released/1.4.4.md
Normal file
3
python/ql/src/change-notes/released/1.4.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.4.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.3
|
||||
lastReleaseVersion: 1.4.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 1.4.4-dev
|
||||
version: 1.4.4
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 4.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 4.1.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
3
ruby/ql/lib/change-notes/released/4.1.1.md
Normal file
3
ruby/ql/lib/change-notes/released/4.1.1.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 4.1.1
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.1.0
|
||||
lastReleaseVersion: 4.1.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 4.1.1-dev
|
||||
version: 4.1.1
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
ruby/ql/src/change-notes/released/1.1.13.md
Normal file
3
ruby/ql/src/change-notes/released/1.1.13.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.1.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.12
|
||||
lastReleaseVersion: 1.1.13
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 1.1.13-dev
|
||||
version: 1.1.13
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
rust/ql/lib/change-notes/released/0.1.3.md
Normal file
3
rust/ql/lib/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.1.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/rust-all
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups: rust
|
||||
extractor: rust
|
||||
dbscheme: rust.dbscheme
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
rust/ql/src/change-notes/released/0.1.3.md
Normal file
3
rust/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.1.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/rust-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.3
|
||||
groups:
|
||||
- rust
|
||||
- queries
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user