Bump golang.org/x/tools

Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.46.0 to 0.47.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.38
+version: 0.4.39-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.30
+version: 0.6.31-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 11.0.0
+version: 11.0.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.69
+version: 1.7.70-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.69
+version: 1.7.70-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 7.0.0
+version: 7.0.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.7.5
+version: 1.7.6-dev
 groups:
   - csharp
   - queries

go/extractor/go.mod

@@ -10,7 +10,7 @@ toolchain go1.26.4
 //    bazel mod tidy
 require (
 	golang.org/x/mod v0.37.0
-	golang.org/x/tools v0.46.0
+	golang.org/x/tools v0.47.0
 )
 
 require github.com/stretchr/testify v1.11.1

go/extractor/go.sum

@@ -10,8 +10,8 @@ golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
 golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
 golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
 golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/tools v0.46.0 h1:7jTurBkPZu4moS/Uy4OQT1M+QBlsj3wejyZwsT8Z7rk=
-golang.org/x/tools v0.46.0/go.mod h1:FrD85F8l+NWL+9XWBSyVSHO6Ne4jutsfIFba7AWQ5Ys=
+golang.org/x/tools v0.47.0 h1:7Kn5x/d1svx/PzryTsqeoZN4TZwqeH5pGWjefhLi/1Q=
+golang.org/x/tools v0.47.0/go.mod h1:dFHnyTvFWY212G+h7ZY4Vsp/K3U4/7W9TyVaAul8uCA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.52
+version: 1.0.53-dev
 groups:
   - go
   - queries

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.2.0
+version: 7.2.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
   - go
   - queries

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 9.2.0
+version: 9.2.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.11.5
+version: 1.11.6-dev
 groups:
   - java
   - queries

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.8.0
+version: 2.8.1-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.4.0
+version: 2.4.1-dev
 groups:
   - javascript
   - queries

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/change-notes/2026-05-19-flask-subclasses.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `Flask::FlaskApp::instance()` will now also return instances of subclasses defined in the source tree. Previously, these were filtered out. `Flask::FlaskApp::classRef()` has been deprecated in favor of `Flask::FlaskApp::subclassRef()` since it already returned some subclasses.

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 7.2.0
+version: 7.2.1-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -71,14 +71,21 @@ module Flask {
    * See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Flask.
    */
   module FlaskApp {
-    /** Gets a reference to the `flask.Flask` class. */
-    API::Node classRef() {
-      result = API::moduleImport("flask").getMember("Flask") or
+    /**
+     * Gets a reference to the `flask.Flask` class or any subclass.
+     *
+     * Deprecated: Use `subclassRef()` instead, this predicate always returned some subclasses.
+     */
+    deprecated API::Node classRef() { result = subclassRef() }
+
+    /** Gets a reference to the `flask.Flask` class or any subclass. */
+    API::Node subclassRef() {
+      result = API::moduleImport("flask").getMember("Flask").getASubclass*() or
       result = ModelOutput::getATypeNode("flask.Flask~Subclass").getASubclass*()
     }
 
     /** Gets a reference to an instance of `flask.Flask` (a flask application). */
-    API::Node instance() { result = classRef().getReturn() }
+    API::Node instance() { result = subclassRef().getReturn() }
   }
 
   /**
@@ -132,7 +139,7 @@ module Flask {
     API::Node classRef() {
       result = API::moduleImport("flask").getMember("Response")
       or
-      result = [FlaskApp::classRef(), FlaskApp::instance()].getMember("response_class")
+      result = [FlaskApp::subclassRef(), FlaskApp::instance()].getMember("response_class")
       or
       result = ModelOutput::getATypeNode("flask.Response~Subclass").getASubclass*()
     }

python/ql/src/meta/ClassHierarchy/Find.ql

@@ -351,7 +351,7 @@ class DjangoHttpRequest extends FindSubclassesSpec {
 class FlaskClass extends FindSubclassesSpec {
   FlaskClass() { this = "flask.Flask~Subclass" }
 
-  override API::Node getAlreadyModeledClass() { result = Flask::FlaskApp::classRef() }
+  override API::Node getAlreadyModeledClass() { result = Flask::FlaskApp::subclassRef() }
 }
 
 class FlaskBlueprint extends FindSubclassesSpec {

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.8.5
+version: 1.8.6-dev
 groups:
   - python
   - queries

python/ql/test/experimental/meta/InlineInstanceTest.qll

@@ -0,0 +1,29 @@
+/**
+ * Defines an InlineExpectationsTest for class instances, that is,
+ * for any API::Node that is an instance of a class (e.g. `Flask`).
+ */
+
+import python
+import semmle.python.ApiGraphs
+import utils.test.InlineExpectationsTest
+private import semmle.python.dataflow.new.internal.PrintNode
+
+signature API::Node getInstanceSig();
+
+module MakeInlineInstanceTest<getInstanceSig/0 getInstance> {
+  private module InlineInstanceTest implements TestSig {
+    string getARelevantTag() { result = "instance" }
+
+    predicate hasActualResult(Location location, string element, string tag, string value) {
+      exists(location.getFile().getRelativePath()) and
+      exists(API::Node instance | instance = getInstance() |
+        location = instance.getLocation() and
+        element = prettyNode(instance.asSource()) and
+        value = "" and
+        tag = "instance"
+      )
+    }
+  }
+
+  import MakeTest<InlineInstanceTest>
+}

python/ql/test/library-tests/frameworks/flask/InlineInstanceTest.ql

@@ -0,0 +1,8 @@
+import python
+import semmle.python.frameworks.Flask
+import semmle.python.ApiGraphs
+import experimental.meta.InlineInstanceTest
+
+API::Node getInstance() { result = Flask::FlaskApp::instance() }
+
+import MakeInlineInstanceTest<getInstance/0>

python/ql/test/library-tests/frameworks/flask/flask_subclass.py

@@ -0,0 +1,14 @@
+from flask import Flask
+
+
+class Sub(Flask):
+    def __init__(self, *args, **kwargs):
+        Flask.__init__(self, *args, **kwargs)
+
+
+app = Sub(__name__) # $ instance
+
+
+@app.route("/") # $ routeSetup="/"
+def hello(): # $ requestHandler
+    return "world" # $ HttpResponse

python/ql/test/library-tests/frameworks/flask/old_test.py

@@ -1,7 +1,7 @@
 import flask
 
 from flask import Flask, request, make_response
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 @app.route("/")  # $ routeSetup="/"
 def hello_world():  # $ requestHandler

python/ql/test/library-tests/frameworks/flask/response_test.py

@@ -3,7 +3,7 @@ import json
 from flask import Flask, make_response, jsonify, Response, request, redirect
 from werkzeug.datastructures import Headers
 
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 
 @app.route("/html1")  # $ routeSetup="/html1"

python/ql/test/library-tests/frameworks/flask/routing_test.py

@@ -1,7 +1,7 @@
 import flask
 
 from flask import Flask, make_response
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 
 SOME_ROUTE = "/some/route"

python/ql/test/library-tests/frameworks/flask/save_uploaded_file.py

@@ -1,5 +1,5 @@
 from flask import Flask, request
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 @app.route("/save-uploaded-file")  # $ routeSetup="/save-uploaded-file"
 def test_taint():  # $ requestHandler

python/ql/test/library-tests/frameworks/flask/taint_test.py

@@ -1,5 +1,5 @@
 from flask import Flask, request, render_template_string, stream_template_string
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 @app.route("/test_taint/<name>/<int:number>")  # $ routeSetup="/test_taint/<name>/<int:number>"
 def test_taint(name = "World!", number="0", foo="foo"):  # $ requestHandler routedParameter=name routedParameter=number

python/ql/test/library-tests/frameworks/flask/template_test.py

@@ -1,5 +1,5 @@
 from flask import Flask, Response, stream_with_context, render_template_string, stream_template_string
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 
 @app.route("/a")  # $ routeSetup="/a"
 def a():  # $ requestHandler

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 6.0.0
+version: 6.0.1-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
   - ruby
   - queries

rust/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.2.16
+version: 0.2.17-dev
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme

rust/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rust-queries
-version: 0.1.37
+version: 0.1.38-dev
 groups:
   - rust
   - queries

shared/concepts/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/concepts
-version: 0.0.26
+version: 0.0.27-dev
 groups: shared
 library: true
 dependencies:

shared/controlflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 2.0.36
+version: 2.0.37-dev
 groups: shared
 library: true
 dependencies:

shared/dataflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/dataflow
-version: 2.1.8
+version: 2.1.9-dev
 groups: shared
 library: true
 dependencies:

shared/mad/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:

shared/namebinding/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/namebinding
-version: 0.0.1
+version: 0.0.2-dev
 groups: shared
 library: true
 dependencies:

shared/quantum/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/quantum
-version: 0.0.30
+version: 0.0.31-dev
 groups: shared
 library: true
 dependencies:

shared/rangeanalysis/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rangeanalysis
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:

shared/regex/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:

shared/ssa/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ssa
-version: 2.0.28
+version: 2.0.29-dev
 groups: shared
 library: true
 dependencies:

shared/threat-models/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/threat-models
-version: 1.0.52
+version: 1.0.53-dev
 library: true
 groups: shared
 dataExtensions:

shared/tutorial/qlpack.yml

@@ -1,7 +1,7 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to
   write CodeQL queries.
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/typeflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typeflow
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:

shared/typeinference/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typeinference
-version: 0.0.33
+version: 0.0.34-dev
 groups: shared
 library: true
 dependencies:

shared/typetracking/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 2.0.36
+version: 2.0.37-dev
 groups: shared
 library: true
 dependencies:

shared/typos/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typos
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/util/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/util
-version: 2.0.39
+version: 2.0.40-dev
 groups: shared
 library: true
 dependencies: null

shared/xml/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/xml
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:

shared/yaml/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/yaml
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true

swift/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/swift-all
-version: 6.7.1
+version: 6.7.2-dev
 groups: swift
 extractor: swift
 dbscheme: swift.dbscheme

swift/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/swift-queries
-version: 1.3.5
+version: 1.3.6-dev
 groups:
   - swift
   - queries