Commit Graph

88452 Commits

Author SHA1 Message Date
dependabot[bot]
279df532f9 Bump the maven group across 30 directories with 11 updates
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-executable-war directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-existing-settings-xml directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-mirrorof directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 2 updates in the /java/ql/integration-tests/java/buildless-maven-multimodule directory: [junit:junit](https://github.com/junit-team/junit4) and org.apache.commons:commons-lang3.
Bumps the maven group with 2 updates in the /java/ql/integration-tests/java/buildless-maven-multimodule/submod2 directory: [junit:junit](https://github.com/junit-team/junit4) and org.apache.commons:commons-lang3.
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-timeout directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-proxy-maven directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-sibling-projects/maven-project-1 directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-sibling-projects/maven-project-2 directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/compilation-error directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/multiple-candidate-builds/maven-project-1 directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/multiple-candidate-builds/maven-project-2 directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-download-failure directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer-multiple-versions directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer-single-version directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-extract-properties directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-large-xml-files directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-small-xml-files directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-all directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-all-gbk-encoding directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-byname directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-disabled directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-smart directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper-script-only directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper-source-only directory: [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 9 updates in the /java/ql/test/utils/flowtestcasegenerator directory:

| Package | From | To |
| --- | --- | --- |
| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |
| [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) | `2.3.5.RELEASE` | `2.4.4` |
| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `5.3.18` | `6.1.21` |
| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `5.3.18` | `6.1.20` |
| [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework) | `5.3.18` | `6.2.18` |
| [org.apache.shiro:shiro-core](https://github.com/apache/shiro) | `1.8.0` | `2.2.1` |
| [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) | `2.2.3.1` | `2.6.0.0` |
| org.thymeleaf:thymeleaf | `3.0.15.RELEASE` | `3.1.5.RELEASE` |
| [com.hubspot.jinjava:jinjava](https://github.com/HubSpot/jinjava) | `2.6.0` | `2.7.6` |



Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `org.apache.commons:commons-lang3` from 3.14.0 to 3.18.0

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `org.apache.commons:commons-lang3` from 3.14.0 to 3.18.0

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1)

Updates `org.apache.logging.log4j:log4j-core` from 2.14.1 to 2.25.4

Updates `org.springframework.ldap:spring-ldap-core` from 2.3.5.RELEASE to 2.4.4
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/2.3.5.RELEASE...2.4.4)

Updates `org.springframework:spring-web` from 5.3.18 to 6.1.21
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.1.21)

Updates `org.springframework:spring-context` from 5.3.18 to 6.1.20
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.1.20)

Updates `org.springframework:spring-webmvc` from 5.3.18 to 6.2.18
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.2.18)

Updates `org.apache.shiro:shiro-core` from 1.8.0 to 2.2.1
- [Release notes](https://github.com/apache/shiro/releases)
- [Changelog](https://github.com/apache/shiro/blob/main/RELEASE-NOTES)
- [Commits](https://github.com/apache/shiro/compare/shiro-root-1.8.0...shiro-root-2.2.1)

Updates `org.owasp.esapi:esapi` from 2.2.3.1 to 2.6.0.0
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases)
- [Commits](https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.2.3.1...esapi-2.6.0.0)

Updates `org.thymeleaf:thymeleaf` from 3.0.15.RELEASE to 3.1.5.RELEASE

Updates `com.hubspot.jinjava:jinjava` from 2.6.0 to 2.7.6
- [Release notes](https://github.com/HubSpot/jinjava/releases)
- [Changelog](https://github.com/HubSpot/jinjava/blob/master/CHANGES.md)
- [Commits](https://github.com/HubSpot/jinjava/compare/jinjava-2.6.0...jinjava-2.7.6)

---
updated-dependencies:
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: org.apache.commons:commons-lang3
  dependency-version: 3.18.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: org.apache.commons:commons-lang3
  dependency-version: 3.18.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.4
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 2.4.4
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.springframework:spring-web
  dependency-version: 6.1.21
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.springframework:spring-context
  dependency-version: 6.1.20
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.springframework:spring-webmvc
  dependency-version: 6.2.18
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.shiro:shiro-core
  dependency-version: 2.2.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.owasp.esapi:esapi
  dependency-version: 2.6.0.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.thymeleaf:thymeleaf
  dependency-version: 3.1.5.RELEASE
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.hubspot.jinjava:jinjava
  dependency-version: 2.7.6
  dependency-type: direct:production
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-04 05:23:55 +00:00
Owen Mansel-Chan
c3a0b65c0c Merge pull request #22115 from owen-mc/java/update-mad-docs
Java: Add section in models docs about specifying java types
2026-07-03 09:16:29 +01:00
Owen Mansel-Chan
268e9eadac Add section on specifying java types 2026-07-02 22:09:51 +01:00
Geoffrey White
ab1bc853fc Merge pull request #22053 from geoffw0/arith
Rust: Fix FPs in rust/hard-coded-cryptographic-value
2026-07-02 17:37:38 +01:00
Michael B. Gale
f4d8358454 Merge pull request #22110 from github/post-release-prep/codeql-cli-2.26.0
Post-release preparation for codeql-cli-2.26.0
2026-07-02 15:32:22 +01:00
Nora Dimitrijević
0a02b16c43 Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
Remove [[ link syntax from C# XSS sink
2026-07-02 15:45:30 +02:00
Owen Mansel-Chan
4aef485d3c Merge pull request #22106 from github/workflow/coverage/update
Update CSV framework coverage reports
2026-07-02 14:08:20 +01:00
github-actions[bot]
5e50fc8471 Post-release preparation for codeql-cli-2.26.0 2026-07-02 12:26:43 +00:00
Michael B. Gale
e4a7b4ff51 Merge pull request #22109 from github/release-prep/2.26.0
Release preparation for version 2.26.0
2026-07-02 13:02:15 +01:00
Michael B. Gale
66ddf3b4c6 Remove unnecessary changenote for the hotfix 2026-07-02 12:58:05 +01:00
github-actions[bot]
1af9609eed Release preparation for version 2.26.0 2026-07-02 11:43:30 +00:00
Mathias Vorreiter Pedersen
4f4cdf434b Merge pull request #22061 from MathiasVP/mad-write-through-model
Shared: Support flow summaries from `ReturnValue`s
2026-07-02 12:38:44 +01:00
Michael B. Gale
79eeaa2028 Merge pull request #22108 from hvitved/python-hot-fix
Python: release hotfix
2026-07-02 12:31:20 +01:00
Geoffrey White
1f4ae86a84 Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2026-07-02 11:26:26 +01:00
Tom Hvitved
797f58b5d5 Merge pull request #22052 from hvitved/rust/type-constraint-base-type-match-gen
Type inference: Generalize `typeConstraintBaseTypeMatch`
2026-07-02 11:57:28 +02:00
Tom Hvitved
2308981665 Python: Update inline test expectations 2026-07-02 11:54:36 +02:00
Tom Hvitved
32181cd7e8 Python: Improve some flow summaries 2026-07-02 11:54:28 +02:00
Geoffrey White
9aaf3f15eb Merge pull request #22105 from geoffw0/rubyinline3
Ruby: Address testFailures in inline expectations tests (part 3)
2026-07-02 08:29:39 +01:00
github-actions[bot]
d8b89d2581 Add changed framework coverage reports 2026-07-02 00:54:34 +00:00
Michael B. Gale
f4d6f582c8 Merge pull request #22096 from github/revert-22059-release-prep/2.26.0
Revert "Release preparation for version 2.26.0"
2026-07-01 22:11:34 +01:00
Tom Hvitved
6c3c5ea8af Merge pull request #22101 from hvitved/python/flow-summaries-improvements
Python: Improve some flow summaries
2026-07-01 19:36:13 +02:00
Geoffrey White
226efb3ad7 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-01 16:52:38 +01:00
Geoffrey White
73ec4b8d02 Ruby: Fix one last inline expectations testFailure. 2026-07-01 16:44:12 +01:00
Owen Mansel-Chan
cb4a1d0929 Merge pull request #22103 from owen-mc/java/fix-mad-file-names
Java: Fix misnamed MaD models files
2026-07-01 14:04:44 +01:00
Jeroen Ketema
d664d17a11 Merge pull request #22087 from jketema/subst
Add Windows integration tests showing that `subst` is handled inconsistently
2026-07-01 14:48:22 +02:00
Owen Mansel-Chan
7263c00b00 Fix misnamed MaD models files 2026-07-01 13:13:01 +01:00
Geoffrey White
e9766086cd Merge pull request #22079 from geoffw0/kotlininline
Kotlin: Address inline expectations testFailures.
2026-07-01 12:39:11 +01:00
Jeroen Ketema
d551ab3afb Fix expected file 2026-07-01 13:24:05 +02:00
Tom Hvitved
2bf6031c0f Python: Update inline test expectations 2026-07-01 13:10:41 +02:00
Jeroen Ketema
daf97f7139 Add Windows integration tests showing that subst is handled inconsistently 2026-07-01 12:51:05 +02:00
Tom Hvitved
a5444b573a Python: Improve some flow summaries 2026-07-01 12:05:53 +02:00
Mathias Vorreiter Pedersen
3410f39b3c Merge pull request #22089 from MathiasVP/remove-mad-support-for-variables
C++: Remove support for global variables as sources and sinks in MaD
2026-07-01 10:31:59 +01:00
Owen Mansel-Chan
cf51664d69 Merge pull request #22099 from github/workflow/coverage/update
Update CSV framework coverage reports
2026-07-01 10:03:46 +01:00
github-actions[bot]
3cbb8ba87e Add changed framework coverage reports 2026-07-01 00:58:10 +00:00
Taus
b12c67f231 Merge pull request #22092 from github/tausbn/python-hotfix-disable-instance-field-step
Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
2026-06-30 21:53:06 +02:00
Mario Campos
41f2e7b6f6 Revert "Release preparation for version 2.26.0" 2026-06-30 13:21:27 -05:00
Asger F
11e75c12a8 Merge pull request #22090 from asgerf/unified/inline-test-expectations
unified: Add inline expectation test library
2026-06-30 19:55:15 +02:00
Mathias Vorreiter Pedersen
dbbcc1741c C++: Delete now-unsupported MaD rows. 2026-06-30 17:48:31 +01:00
Mathias Vorreiter Pedersen
f37b3e77ff Merge branch 'main' into remove-mad-support-for-variables 2026-06-30 17:38:37 +01:00
Geoffrey White
b5ec9c25c0 Update rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
Co-authored-by: Tom Hvitved <hvitved@github.com>
2026-06-30 16:16:45 +01:00
Geoffrey White
9e37ae02fd Rust: Repair results for const accesses with no definition in the database. 2026-06-30 15:55:28 +01:00
Geoffrey White
c81d31f2e3 Rust: Flag const sources at the definition, not the use (clearer source). 2026-06-30 15:46:12 +01:00
Taus
f251a572e1 Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
The `instanceFieldStep` disjunct of `TypeTrackingInput::levelStepCall`
that was added in 7.2.0 uses `classInstanceTracker(cls)` -- which is
itself a type-tracker -- inside `levelStepCall`. That creates a
structural mutual recursion between the main type-tracker fixpoint and
`classInstanceTracker`, causing the type-tracker delta to blow up to
~100M tuples per iteration on some OOP-heavy Python codebases.
Verified on the python/mypy database: SSRF query wall time goes from
~12s before the offending commit to >40 minutes after it.

This hotfix temporarily drops the `instanceFieldStep` disjunct and
keeps only `inheritedFieldStep`, which does not pull on the call
graph and is well-behaved (verified at ~12s on mypy). The
`instanceFieldStep` helper predicate itself is kept in place, and
the `levelStepCall` body has a commented-out call to it so the
change is trivial to re-enable once the recursion issue is properly
addressed.
2026-06-30 14:41:12 +00:00
Nora Dimitrijević
43cfa2f8bd C#: Remove [[ style links from XSS sink explanation
Remove the makeUrl predicate and the [[""|""]]] link syntax from
AspxCodeSink.explanation(), replacing with plain text.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 16:14:12 +02:00
Geoffrey White
ca4f751f9b Rust: Add more tests for constants. 2026-06-30 15:13:10 +01:00
Mathias Vorreiter Pedersen
b7b731bab7 Merge branch 'main' into mad-write-through-model 2026-06-30 15:12:02 +01:00
Mathias Vorreiter Pedersen
c045da01a1 Merge pull request #22088 from MathiasVP/cpp-support-fully-qualified-field-names-in-mad
C++: Support fully qualified field names in MaD
2026-06-30 15:02:16 +01:00
Asger F
a9617f18a1 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-30 15:48:15 +02:00
Asger F
8a46f03308 Merge pull request #22083 from asgerf/unified/suites
Unified: add default_queries and standard qls files and a dummy query
2026-06-30 15:37:53 +02:00
Asger F
fc94d1c035 unified: Add a dummy query
This is just to test DCA
2026-06-30 15:26:22 +02:00