dependabot[bot]
279df532f9
Bump the maven group across 30 directories with 11 updates
...
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-executable-war directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-existing-settings-xml directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-mirrorof directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 2 updates in the /java/ql/integration-tests/java/buildless-maven-multimodule directory: [junit:junit](https://github.com/junit-team/junit4 ) and org.apache.commons:commons-lang3.
Bumps the maven group with 2 updates in the /java/ql/integration-tests/java/buildless-maven-multimodule/submod2 directory: [junit:junit](https://github.com/junit-team/junit4 ) and org.apache.commons:commons-lang3.
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-maven-timeout directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-proxy-maven directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-sibling-projects/maven-project-1 directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/buildless-sibling-projects/maven-project-2 directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/compilation-error directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/multiple-candidate-builds/maven-project-1 directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/diagnostics/multiple-candidate-builds/maven-project-2 directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-download-failure directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer-multiple-versions directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-enforcer-single-version directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-extract-properties directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-large-xml-files directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-small-xml-files directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-all directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-all-gbk-encoding directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-byname directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-disabled directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-sample-xml-mode-smart directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper-script-only directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 1 update in the /java/ql/integration-tests/java/maven-wrapper-source-only directory: [junit:junit](https://github.com/junit-team/junit4 ).
Bumps the maven group with 9 updates in the /java/ql/test/utils/flowtestcasegenerator directory:
| Package | From | To |
| --- | --- | --- |
| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |
| [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) | `2.3.5.RELEASE` | `2.4.4` |
| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework ) | `5.3.18` | `6.1.21` |
| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework ) | `5.3.18` | `6.1.20` |
| [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework ) | `5.3.18` | `6.2.18` |
| [org.apache.shiro:shiro-core](https://github.com/apache/shiro ) | `1.8.0` | `2.2.1` |
| [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy ) | `2.2.3.1` | `2.6.0.0` |
| org.thymeleaf:thymeleaf | `3.0.15.RELEASE` | `3.1.5.RELEASE` |
| [com.hubspot.jinjava:jinjava](https://github.com/HubSpot/jinjava ) | `2.6.0` | `2.7.6` |
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `org.apache.commons:commons-lang3` from 3.14.0 to 3.18.0
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `org.apache.commons:commons-lang3` from 3.14.0 to 3.18.0
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `junit:junit` from 4.11 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.11.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.11...r4.13.1 )
Updates `org.apache.logging.log4j:log4j-core` from 2.14.1 to 2.25.4
Updates `org.springframework.ldap:spring-ldap-core` from 2.3.5.RELEASE to 2.4.4
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/2.3.5.RELEASE...2.4.4 )
Updates `org.springframework:spring-web` from 5.3.18 to 6.1.21
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.1.21 )
Updates `org.springframework:spring-context` from 5.3.18 to 6.1.20
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.1.20 )
Updates `org.springframework:spring-webmvc` from 5.3.18 to 6.2.18
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.18...v6.2.18 )
Updates `org.apache.shiro:shiro-core` from 1.8.0 to 2.2.1
- [Release notes](https://github.com/apache/shiro/releases )
- [Changelog](https://github.com/apache/shiro/blob/main/RELEASE-NOTES )
- [Commits](https://github.com/apache/shiro/compare/shiro-root-1.8.0...shiro-root-2.2.1 )
Updates `org.owasp.esapi:esapi` from 2.2.3.1 to 2.6.0.0
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases )
- [Commits](https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.2.3.1...esapi-2.6.0.0 )
Updates `org.thymeleaf:thymeleaf` from 3.0.15.RELEASE to 3.1.5.RELEASE
Updates `com.hubspot.jinjava:jinjava` from 2.6.0 to 2.7.6
- [Release notes](https://github.com/HubSpot/jinjava/releases )
- [Changelog](https://github.com/HubSpot/jinjava/blob/master/CHANGES.md )
- [Commits](https://github.com/HubSpot/jinjava/compare/jinjava-2.6.0...jinjava-2.7.6 )
---
updated-dependencies:
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: org.apache.commons:commons-lang3
dependency-version: 3.18.0
dependency-type: direct:production
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: org.apache.commons:commons-lang3
dependency-version: 3.18.0
dependency-type: direct:production
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: junit:junit
dependency-version: 4.13.1
dependency-type: direct:development
dependency-group: maven
- dependency-name: org.apache.logging.log4j:log4j-core
dependency-version: 2.25.4
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 2.4.4
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.springframework:spring-web
dependency-version: 6.1.21
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.springframework:spring-context
dependency-version: 6.1.20
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.springframework:spring-webmvc
dependency-version: 6.2.18
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.apache.shiro:shiro-core
dependency-version: 2.2.1
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.owasp.esapi:esapi
dependency-version: 2.6.0.0
dependency-type: direct:production
dependency-group: maven
- dependency-name: org.thymeleaf:thymeleaf
dependency-version: 3.1.5.RELEASE
dependency-type: direct:production
dependency-group: maven
- dependency-name: com.hubspot.jinjava:jinjava
dependency-version: 2.7.6
dependency-type: direct:production
dependency-group: maven
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-07-04 05:23:55 +00:00
Owen Mansel-Chan
c3a0b65c0c
Merge pull request #22115 from owen-mc/java/update-mad-docs
...
Java: Add section in models docs about specifying java types
2026-07-03 09:16:29 +01:00
Owen Mansel-Chan
268e9eadac
Add section on specifying java types
2026-07-02 22:09:51 +01:00
Geoffrey White
ab1bc853fc
Merge pull request #22053 from geoffw0/arith
...
Rust: Fix FPs in rust/hard-coded-cryptographic-value
2026-07-02 17:37:38 +01:00
Michael B. Gale
f4d8358454
Merge pull request #22110 from github/post-release-prep/codeql-cli-2.26.0
...
Post-release preparation for codeql-cli-2.26.0
2026-07-02 15:32:22 +01:00
Nora Dimitrijević
0a02b16c43
Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
...
Remove [[ link syntax from C# XSS sink
2026-07-02 15:45:30 +02:00
Owen Mansel-Chan
4aef485d3c
Merge pull request #22106 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2026-07-02 14:08:20 +01:00
github-actions[bot]
5e50fc8471
Post-release preparation for codeql-cli-2.26.0
2026-07-02 12:26:43 +00:00
Michael B. Gale
e4a7b4ff51
Merge pull request #22109 from github/release-prep/2.26.0
...
Release preparation for version 2.26.0
2026-07-02 13:02:15 +01:00
Michael B. Gale
66ddf3b4c6
Remove unnecessary changenote for the hotfix
2026-07-02 12:58:05 +01:00
github-actions[bot]
1af9609eed
Release preparation for version 2.26.0
2026-07-02 11:43:30 +00:00
Mathias Vorreiter Pedersen
4f4cdf434b
Merge pull request #22061 from MathiasVP/mad-write-through-model
...
Shared: Support flow summaries from `ReturnValue`s
2026-07-02 12:38:44 +01:00
Michael B. Gale
79eeaa2028
Merge pull request #22108 from hvitved/python-hot-fix
...
Python: release hotfix
2026-07-02 12:31:20 +01:00
Geoffrey White
1f4ae86a84
Apply suggestions from code review
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2026-07-02 11:26:26 +01:00
Tom Hvitved
797f58b5d5
Merge pull request #22052 from hvitved/rust/type-constraint-base-type-match-gen
...
Type inference: Generalize `typeConstraintBaseTypeMatch`
2026-07-02 11:57:28 +02:00
Tom Hvitved
2308981665
Python: Update inline test expectations
2026-07-02 11:54:36 +02:00
Tom Hvitved
32181cd7e8
Python: Improve some flow summaries
2026-07-02 11:54:28 +02:00
Geoffrey White
9aaf3f15eb
Merge pull request #22105 from geoffw0/rubyinline3
...
Ruby: Address testFailures in inline expectations tests (part 3)
2026-07-02 08:29:39 +01:00
github-actions[bot]
d8b89d2581
Add changed framework coverage reports
2026-07-02 00:54:34 +00:00
Michael B. Gale
f4d6f582c8
Merge pull request #22096 from github/revert-22059-release-prep/2.26.0
...
Revert "Release preparation for version 2.26.0"
2026-07-01 22:11:34 +01:00
Tom Hvitved
6c3c5ea8af
Merge pull request #22101 from hvitved/python/flow-summaries-improvements
...
Python: Improve some flow summaries
2026-07-01 19:36:13 +02:00
Geoffrey White
226efb3ad7
Potential fix for pull request finding
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-07-01 16:52:38 +01:00
Geoffrey White
73ec4b8d02
Ruby: Fix one last inline expectations testFailure.
2026-07-01 16:44:12 +01:00
Owen Mansel-Chan
cb4a1d0929
Merge pull request #22103 from owen-mc/java/fix-mad-file-names
...
Java: Fix misnamed MaD models files
2026-07-01 14:04:44 +01:00
Jeroen Ketema
d664d17a11
Merge pull request #22087 from jketema/subst
...
Add Windows integration tests showing that `subst` is handled inconsistently
2026-07-01 14:48:22 +02:00
Owen Mansel-Chan
7263c00b00
Fix misnamed MaD models files
2026-07-01 13:13:01 +01:00
Geoffrey White
e9766086cd
Merge pull request #22079 from geoffw0/kotlininline
...
Kotlin: Address inline expectations testFailures.
2026-07-01 12:39:11 +01:00
Jeroen Ketema
d551ab3afb
Fix expected file
2026-07-01 13:24:05 +02:00
Tom Hvitved
2bf6031c0f
Python: Update inline test expectations
2026-07-01 13:10:41 +02:00
Jeroen Ketema
daf97f7139
Add Windows integration tests showing that subst is handled inconsistently
2026-07-01 12:51:05 +02:00
Tom Hvitved
a5444b573a
Python: Improve some flow summaries
2026-07-01 12:05:53 +02:00
Mathias Vorreiter Pedersen
3410f39b3c
Merge pull request #22089 from MathiasVP/remove-mad-support-for-variables
...
C++: Remove support for global variables as sources and sinks in MaD
2026-07-01 10:31:59 +01:00
Owen Mansel-Chan
cf51664d69
Merge pull request #22099 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2026-07-01 10:03:46 +01:00
github-actions[bot]
3cbb8ba87e
Add changed framework coverage reports
2026-07-01 00:58:10 +00:00
Taus
b12c67f231
Merge pull request #22092 from github/tausbn/python-hotfix-disable-instance-field-step
...
Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
2026-06-30 21:53:06 +02:00
Mario Campos
41f2e7b6f6
Revert "Release preparation for version 2.26.0"
2026-06-30 13:21:27 -05:00
Asger F
11e75c12a8
Merge pull request #22090 from asgerf/unified/inline-test-expectations
...
unified: Add inline expectation test library
2026-06-30 19:55:15 +02:00
Mathias Vorreiter Pedersen
dbbcc1741c
C++: Delete now-unsupported MaD rows.
2026-06-30 17:48:31 +01:00
Mathias Vorreiter Pedersen
f37b3e77ff
Merge branch 'main' into remove-mad-support-for-variables
2026-06-30 17:38:37 +01:00
Geoffrey White
b5ec9c25c0
Update rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
...
Co-authored-by: Tom Hvitved <hvitved@github.com >
2026-06-30 16:16:45 +01:00
Geoffrey White
9e37ae02fd
Rust: Repair results for const accesses with no definition in the database.
2026-06-30 15:55:28 +01:00
Geoffrey White
c81d31f2e3
Rust: Flag const sources at the definition, not the use (clearer source).
2026-06-30 15:46:12 +01:00
Taus
f251a572e1
Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
...
The `instanceFieldStep` disjunct of `TypeTrackingInput::levelStepCall`
that was added in 7.2.0 uses `classInstanceTracker(cls)` -- which is
itself a type-tracker -- inside `levelStepCall`. That creates a
structural mutual recursion between the main type-tracker fixpoint and
`classInstanceTracker`, causing the type-tracker delta to blow up to
~100M tuples per iteration on some OOP-heavy Python codebases.
Verified on the python/mypy database: SSRF query wall time goes from
~12s before the offending commit to >40 minutes after it.
This hotfix temporarily drops the `instanceFieldStep` disjunct and
keeps only `inheritedFieldStep`, which does not pull on the call
graph and is well-behaved (verified at ~12s on mypy). The
`instanceFieldStep` helper predicate itself is kept in place, and
the `levelStepCall` body has a commented-out call to it so the
change is trivial to re-enable once the recursion issue is properly
addressed.
2026-06-30 14:41:12 +00:00
Nora Dimitrijević
43cfa2f8bd
C#: Remove [[ style links from XSS sink explanation
...
Remove the makeUrl predicate and the [[""|""]]] link syntax from
AspxCodeSink.explanation(), replacing with plain text.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-06-30 16:14:12 +02:00
Geoffrey White
ca4f751f9b
Rust: Add more tests for constants.
2026-06-30 15:13:10 +01:00
Mathias Vorreiter Pedersen
b7b731bab7
Merge branch 'main' into mad-write-through-model
2026-06-30 15:12:02 +01:00
Mathias Vorreiter Pedersen
c045da01a1
Merge pull request #22088 from MathiasVP/cpp-support-fully-qualified-field-names-in-mad
...
C++: Support fully qualified field names in MaD
2026-06-30 15:02:16 +01:00
Asger F
a9617f18a1
Potential fix for pull request finding
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-30 15:48:15 +02:00
Asger F
8a46f03308
Merge pull request #22083 from asgerf/unified/suites
...
Unified: add default_queries and standard qls files and a dummy query
2026-06-30 15:37:53 +02:00
Asger F
fc94d1c035
unified: Add a dummy query
...
This is just to test DCA
2026-06-30 15:26:22 +02:00