Merge branch 'main' into atorralba/java/command-injection-mad-sinks

java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`.

java/ql/lib/change-notes/2023-06-01-new-models.md

@@ -0,0 +1,7 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * java.lang
+  * java.nio.file

java/ql/lib/change-notes/2023-06-02-delete-deps.md

@@ -0,0 +1,6 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead.
+* Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead.
+* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.

java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`.

java/ql/lib/change-notes/2023-06-06-new-models.md

@@ -0,0 +1,15 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.alibaba.druid.sql
+  * com.fasterxml.jackson.databind
+  * com.jcraft.jsch
+  * io.netty.handler.ssl
+  * okhttp3
+  * org.antlr.runtime
+  * org.fusesource.leveldbjni
+  * org.influxdb
+  * org.springframework.core.io
+  * org.yaml.snakeyaml

java/ql/lib/change-notes/2023-06-08-type-strengthening.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.