Post-release preparation for codeql-cli-2.13.2

Merge pull request #13162 from github/release-prep/2.13.2
Release preparation for version 2.13.2
2026-05-16 04:09:27 +02:00 · 2023-05-15 17:28:52 +00:00 · 2023-05-15 13:28:56 +01:00 · 2023-05-15 10:59:27 +00:00
109 changed files with 323 additions and 123 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,18 @@
+## 0.7.2
+
+### New Features
+
+* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
+* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
+
+### Major Analysis Improvements
+
+* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
+
+### Minor Analysis Improvements
+
+* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
+
 ## 0.7.1

 No user-facing changes.
--- a/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md
+++ b/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
--- a/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md
+++ b/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
--- a/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md
+++ b/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
--- a/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md
+++ b/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
--- a/cpp/ql/lib/change-notes/released/0.7.2.md
+++ b/cpp/ql/lib/change-notes/released/0.7.2.md
@@ -0,0 +1,14 @@
+## 0.7.2
+
+### New Features
+
+* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
+* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
+
+### Major Analysis Improvements
+
+* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
+
+### Minor Analysis Improvements
+
+* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.7.2-dev
+version: 0.7.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.2
+
+No user-facing changes.
+
 ## 0.6.1

 ### New Queries
--- a/cpp/ql/src/change-notes/released/0.6.2.md
+++ b/cpp/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,3 @@
+## 0.6.2
+
+No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.5.2
+
+No user-facing changes.
+
 ## 1.5.1

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md
@@ -0,0 +1,3 @@
+## 1.5.2
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.1
+lastReleaseVersion: 1.5.2
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.5.2-dev
+version: 1.5.3-dev
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.5.2
+
+No user-facing changes.
+
 ## 1.5.1

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md
@@ -0,0 +1,3 @@
+## 1.5.2
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.1
+lastReleaseVersion: 1.5.2
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.5.2-dev
+version: 1.5.3-dev
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.6.2
+
+### Minor Analysis Improvements
+
+* Updated the `neutralModel` extensible predicate to include a `kind` column.
+
 ## 0.6.1

 No user-facing changes.
--- a/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md
+++ b/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* Updated the `neutralModel` extensible predicate to include a `kind` column.
+## 0.6.2
+
+### Minor Analysis Improvements
+
+* Updated the `neutralModel` extensible predicate to include a `kind` column.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.2
+
+No user-facing changes.
+
 ## 0.6.1

 ### Minor Analysis Improvements
--- a/csharp/ql/src/change-notes/released/0.6.2.md
+++ b/csharp/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,3 @@
+## 0.6.2
+
+No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: 
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.5.2
+
+### Minor Analysis Improvements
+
+* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given.
+
 ## 0.5.1

 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md
+++ b/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given.
+## 0.5.2
+
+### Minor Analysis Improvements
+
+* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.1
+lastReleaseVersion: 0.5.2
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.5.2-dev
+version: 0.5.3-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.2
+
+No user-facing changes.
+
 ## 0.5.1

 No user-facing changes.
--- a/go/ql/src/change-notes/released/0.5.2.md
+++ b/go/ql/src/change-notes/released/0.5.2.md
@@ -0,0 +1,3 @@
+## 0.5.2
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.1
+lastReleaseVersion: 0.5.2
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.5.2-dev
+version: 0.5.3-dev
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,40 @@
+## 0.6.2
+
+### Minor Analysis Improvements
+
+* Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations.
+* Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input.
+* Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input.
+* Added the `ArithmeticUncontrolledQuery.qll` library to provide the `ArithmeticUncontrolledOverflowFlow`  and `ArithmeticUncontrolledUnderflowFlow` taint-tracking modules to reason about arithmetic with uncontrolled user input.
+* Added the `ArithmeticWithExtremeValuesQuery.qll` library to provide the `MaxValueFlow` and `MinValueFlow` dataflow modules to reason about arithmetic with extreme values.
+* Added the `BrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities.
+* Added the `ExecTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToExecFlow` taint-tracking module to reason about command injection vulnerabilities caused by local data flow.
+* Added the `ExternallyControlledFormatStringLocalQuery.qll` library to provide the `ExternallyControlledFormatStringLocalFlow` taint-tracking module to reason about format string vulnerabilities caused by local data flow.
+* Added the `ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` dataflow module to reason about improper validation of code-specified sizes used for array construction.
+* Added the `ImproperValidationOfArrayConstructionLocalQuery.qll` library to provide the `ImproperValidationOfArrayConstructionLocalFlow` taint-tracking module to reason about improper validation of local user-provided sizes used for array construction caused by local data flow.
+* Added the `ImproperValidationOfArrayConstructionQuery.qll` library to provide the `ImproperValidationOfArrayConstructionFlow` taint-tracking module to reason about improper validation of user-provided size used for array construction.
+* Added the `ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` data flow module to reason about about improper validation of code-specified array index.
+* Added the `ImproperValidationOfArrayIndexLocalQuery.qll` library to provide the `ImproperValidationOfArrayIndexLocalFlow` taint-tracking module to reason about improper validation of a local user-provided array index.
+* Added the `ImproperValidationOfArrayIndexQuery.qll` library to provide the `ImproperValidationOfArrayIndexFlow` taint-tracking module to reason about improper validation of user-provided array index.
+* Added the `InsecureCookieQuery.qll` library to provide the `SecureCookieFlow` taint-tracking module to reason about insecure cookie vulnerabilities.
+* Added the `MaybeBrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities.
+* Added the `NumericCastTaintedQuery.qll` library to provide the `NumericCastTaintedFlow` taint-tracking module to reason about numeric cast vulnerabilities.
+* Added the `ResponseSplittingLocalQuery.qll` library to provide the `ResponseSplittingLocalFlow` taint-tracking module to reason about response splitting vulnerabilities caused by local data flow.
+* Added the `SqlConcatenatedQuery.qll` library to provide the `UncontrolledStringBuilderSourceFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by concatenating untrusted strings.
+* Added the `SqlTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToSqlFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by local data flow.
+* Added the `StackTraceExposureQuery.qll` library to provide the `printsStackExternally`, `stringifiedStackFlowsExternally`, and `getMessageFlowsExternally` predicates to reason about stack trace exposure vulnerabilities.
+* Added the `TaintedPermissionQuery.qll` library to provide the `TaintedPermissionFlow` taint-tracking module to reason about tainted permission vulnerabilities.
+* Added the `TempDirLocalInformationDisclosureQuery.qll` library to provide the `TempDirSystemGetPropertyToCreate` taint-tracking module to reason about local information disclosure vulnerabilities caused by local data flow.
+* Added the `UnsafeHostnameVerificationQuery.qll` library to provide the `TrustAllHostnameVerifierFlow` taint-tracking module to reason about insecure hostname verification vulnerabilities.
+* Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow.
+* Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities.
+* Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities.
+* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow.
+* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
+* Added models for the Apache Commons Net library.
+* Updated the `neutralModel` extensible predicate to include a `kind` column.
+* Added models for the `io.jsonwebtoken` library.
+
 ## 0.6.1

 ### Deprecated APIs
--- a/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md
+++ b/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added models for the `io.jsonwebtoken` library.
-
--- a/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md
+++ b/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Updated the `neutralModel` extensible predicate to include a `kind` column.
--- a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md
+++ b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added models for the Apache Commons Net library.
--- a/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md
+++ b/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
--- a/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md
+++ b/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md
@@ -1,6 +1,7 @@
---
-category: minorAnalysis
---
+## 0.6.2
+
+### Minor Analysis Improvements
+
 * Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations.
 * Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input.
 * Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input.
@@ -28,4 +29,8 @@ category: minorAnalysis
 * Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow.
 * Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities.
 * Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities.
-* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow.
+* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow.
+* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
+* Added models for the Apache Commons Net library.
+* Updated the `neutralModel` extensible predicate to include a `kind` column.
+* Added models for the `io.jsonwebtoken` library.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.2
+
+No user-facing changes.
+
 ## 0.6.1

 No user-facing changes.
--- a/java/ql/src/change-notes/released/0.6.2.md
+++ b/java/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,3 @@
+## 0.6.2
+
+No user-facing changes.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.2
+
+No user-facing changes.
+
 ## 0.6.1

 ### Major Analysis Improvements
--- a/javascript/ql/lib/change-notes/released/0.6.2.md
+++ b/javascript/ql/lib/change-notes/released/0.6.2.md
@@ -0,0 +1,3 @@
+## 0.6.2
+
+No user-facing changes.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,22 @@
+## 0.6.2
+
+### Major Analysis Improvements
+
+* Added taint sources from the `@actions/core` and `@actions/github` packages.
+* Added command-injection sinks from the `@actions/exec` package.
+
+### Minor Analysis Improvements
+
+* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
+  when it is used with an unsafe schema.
+* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
+  SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
+
+### Bug Fixes
+
+* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
+  Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
+
 ## 0.6.1

 ### Minor Analysis Improvements
--- a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md
+++ b/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
-  SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
--- a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md
+++ b/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
-  when it is used with an unsafe schema.
--- a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md
+++ b/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md
@@ -1,5 +0,0 @@
---
-category: fix
---
-* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
-  Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
--- a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md
+++ b/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md
@@ -1,5 +0,0 @@
---
-category: majorAnalysis
---
-* Added taint sources from the `@actions/core` and `@actions/github` packages.
-* Added command-injection sinks from the `@actions/exec` package.
--- a/javascript/ql/src/change-notes/released/0.6.2.md
+++ b/javascript/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,18 @@
+## 0.6.2
+
+### Major Analysis Improvements
+
+* Added taint sources from the `@actions/core` and `@actions/github` packages.
+* Added command-injection sinks from the `@actions/exec` package.
+
+### Minor Analysis Improvements
+
+* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
+  when it is used with an unsafe schema.
+* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
+  SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
+
+### Bug Fixes
+
+* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
+  Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: 
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.2
+
+No user-facing changes.
+
 ## 0.5.1

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.5.2.md
+++ b/misc/suite-helpers/change-notes/released/0.5.2.md
@@ -0,0 +1,3 @@
+## 0.5.2
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.1
+lastReleaseVersion: 0.5.2
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.5.2-dev
+version: 0.5.3-dev
 groups: shared
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.9.2
+
+### Minor Analysis Improvements
+
+* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
+* Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`.
+
 ## 0.9.1

 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md
+++ b/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
--- a/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md
+++ b/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.9.2
+
+### Minor Analysis Improvements
+
+* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
 * Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.1
+lastReleaseVersion: 0.9.2
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.9.2-dev
+version: 0.9.3-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.7.2
+
+No user-facing changes.
+
 ## 0.7.1

 No user-facing changes.
--- a/python/ql/src/change-notes/released/0.7.2.md
+++ b/python/ql/src/change-notes/released/0.7.2.md
@@ -0,0 +1,3 @@
+## 0.7.2
+
+No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.7.2-dev
+version: 0.7.3-dev
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.6.2
+
+### Minor Analysis Improvements
+
+* Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized.
+
 ## 0.6.1

 No user-facing changes.
--- a/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md
+++ b/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.6.2
+
+### Minor Analysis Improvements
+
 * Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.2
+
+No user-facing changes.
+
 ## 0.6.1

 No user-facing changes.
--- a/ruby/ql/src/change-notes/released/0.6.2.md
+++ b/ruby/ql/src/change-notes/released/0.6.2.md
@@ -0,0 +1,3 @@
+## 0.6.2
+
+No user-facing changes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 groups: 
  - ruby
  - queries
--- a/shared/regex/CHANGELOG.md
+++ b/shared/regex/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.13
+
+No user-facing changes.
+
 ## 0.0.12

 No user-facing changes.
--- a/shared/regex/change-notes/released/0.0.13.md
+++ b/shared/regex/change-notes/released/0.0.13.md
@@ -0,0 +1,3 @@
+## 0.0.13
+
+No user-facing changes.
--- a/shared/regex/codeql-pack.release.yml
+++ b/shared/regex/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.12
+lastReleaseVersion: 0.0.13
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.13-dev
+version: 0.0.14-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.17
+
+No user-facing changes.
+
 ## 0.0.16

 No user-facing changes.
--- a/shared/ssa/change-notes/released/0.0.17.md
+++ b/shared/ssa/change-notes/released/0.0.17.md
@@ -0,0 +1,3 @@
+## 0.0.17
+
+No user-facing changes.
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.16
+lastReleaseVersion: 0.0.17
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/ssa
-version: 0.0.17-dev
+version: 0.0.18-dev
 groups: shared
 library: true
--- a/shared/tutorial/CHANGELOG.md
+++ b/shared/tutorial/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.10
+
+No user-facing changes.
+
 ## 0.0.9

 No user-facing changes.
--- a/shared/tutorial/change-notes/released/0.0.10.md
+++ b/shared/tutorial/change-notes/released/0.0.10.md
@@ -0,0 +1,3 @@
+## 0.0.10
+
+No user-facing changes.
--- a/shared/tutorial/codeql-pack.release.yml
+++ b/shared/tutorial/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/shared/tutorial/qlpack.yml
+++ b/shared/tutorial/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries.
-version: 0.0.10-dev
+version: 0.0.11-dev
 groups: shared
 library: true
--- a/shared/typetracking/CHANGELOG.md
+++ b/shared/typetracking/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.10
+
+No user-facing changes.
+
 ## 0.0.9

 No user-facing changes.
--- a/shared/typetracking/change-notes/released/0.0.10.md
+++ b/shared/typetracking/change-notes/released/0.0.10.md
@@ -0,0 +1,3 @@
+## 0.0.10
+
+No user-facing changes.
--- a/shared/typetracking/codeql-pack.release.yml
+++ b/shared/typetracking/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/shared/typetracking/qlpack.yml
+++ b/shared/typetracking/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 0.0.10-dev
+version: 0.0.11-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/typos/CHANGELOG.md
+++ b/shared/typos/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.17
+
+No user-facing changes.
+
 ## 0.0.16

 No user-facing changes.
--- a/shared/typos/change-notes/released/0.0.17.md
+++ b/shared/typos/change-notes/released/0.0.17.md
@@ -0,0 +1,3 @@
+## 0.0.17
+
+No user-facing changes.
--- a/shared/typos/codeql-pack.release.yml
+++ b/shared/typos/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.16
+lastReleaseVersion: 0.0.17
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
github-actions[bot]	c47e996f48	Post-release preparation for codeql-cli-2.13.2	2023-05-15 17:28:52 +00:00
Ian Lynagh	da8a002f22	Merge pull request #13162 from github/release-prep/2.13.2 Release preparation for version 2.13.2	2023-05-15 13:28:56 +01:00
github-actions[bot]	994c6f5f44	Release preparation for version 2.13.2	2023-05-15 10:59:27 +00:00