Merge branch 'rc/3.17' into changedocs-2.20.6

Apply suggestions from code review
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
2026-05-27 09:31:30 +02:00 · 2025-03-06 16:51:25 -06:00 · 2025-03-06 16:46:57 -06:00 · 2025-03-06 15:32:48 -06:00 · 2025-03-06 15:10:42 -06:00 · 2025-03-06 15:10:11 -06:00
196 changed files with 1017 additions and 1241 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.4
+
+No user-facing changes.
+
 ## 0.4.3

 ### New Features
--- a/actions/ql/lib/change-notes/released/0.4.4.md
+++ b/actions/ql/lib/change-notes/released/0.4.4.md
@@ -0,0 +1,3 @@
+## 0.4.4
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.4
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.4-dev
+version: 0.4.5-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 0.5.1
+
+### Bug Fixes
+
+* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
+  Immutable Actions feature is not yet available for customer use. The query remains in the
+  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
+  available, the query will be updated to report alerts again.
+
 ## 0.5.0

 ### Breaking Changes
--- a/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md
+++ b/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md
@@ -1,6 +1,7 @@
---
-category: fix
---
+## 0.5.1
+
+### Bug Fixes
+
 * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
  Immutable Actions feature is not yet available for customer use. The query remains in the
  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.5.1-dev
+version: 0.5.2-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 4.0.2
+
+### Minor Analysis Improvements
+
+* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
+* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
+
 ## 4.0.1

 No user-facing changes.
--- a/cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md
+++ b/cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
--- a/cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md
+++ b/cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
--- a/cpp/ql/lib/change-notes/released/4.0.2.md
+++ b/cpp/ql/lib/change-notes/released/4.0.2.md
@@ -0,0 +1,6 @@
+## 4.0.2
+
+### Minor Analysis Improvements
+
+* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
+* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.1
+lastReleaseVersion: 4.0.2
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.0.2-dev
+version: 4.0.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.3.5
+
+### Minor Analysis Improvements
+
+* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
+* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
+
 ## 1.3.4

 No user-facing changes.
--- a/cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md
+++ b/cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
--- a/cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md
+++ b/cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
--- a/cpp/ql/src/change-notes/released/1.3.5.md
+++ b/cpp/ql/src/change-notes/released/1.3.5.md
@@ -0,0 +1,6 @@
+## 1.3.5
+
+### Minor Analysis Improvements
+
+* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
+* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.4
+lastReleaseVersion: 1.3.5
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.5-dev
+version: 1.3.6-dev
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.35
+
+No user-facing changes.
+
 ## 1.7.34

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.35.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.35.md
@@ -0,0 +1,3 @@
+## 1.7.35
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.34
+lastReleaseVersion: 1.7.35
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.35-dev
+version: 1.7.36-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.35
+
+No user-facing changes.
+
 ## 1.7.34

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.35.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.35.md
@@ -0,0 +1,3 @@
+## 1.7.35
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.34
+lastReleaseVersion: 1.7.35
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.35-dev
+version: 1.7.36-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 5.1.1
+
+No user-facing changes.
+
 ## 5.1.0

 ### Deprecated APIs
--- a/csharp/ql/lib/change-notes/released/5.1.1.md
+++ b/csharp/ql/lib/change-notes/released/5.1.1.md
@@ -0,0 +1,3 @@
+## 5.1.1
+
+No user-facing changes.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.0
+lastReleaseVersion: 5.1.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.1-dev
+version: 5.1.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/Practices/PathCombine.qhelp
+++ b/Practices/PathCombine.qhelp
@@ -1,18 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<overview>
-<p><code>Path.Combine</code> may silently drop its earlier arguments if its later arguments are absolute paths. E.g. <code>Path.Combine("C:\\Users\\Me\\Documents", "C:\\Program Files\\") == "C:\\Program Files"</code>.</p>
-
-</overview>
-<recommendation>
-<p>Use <code>Path.Join</code> instead.</p>
-</recommendation>
-<references>
-
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.combine?view=net-9.0">Path.Combine</a>.</li>
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.join?view=net-9.0">Path.Join</a>.</li>
-
-</references>
-</qhelp>
--- a/Practices/PathCombine.ql
+++ b/Practices/PathCombine.ql
@@ -1,16 +0,0 @@
-/**
- * @name Call to System.IO.Path.Combine
- * @description Finds calls to System.IO.Path's Combine method
- * @kind problem
- * @problem.severity recommendation
- * @precision very-high
- * @id cs/path-combine
- * @tags reliability
- */
-
-import csharp
-import semmle.code.csharp.frameworks.System
-
-from MethodCall call
-where call.getTarget().hasFullyQualifiedName("System.IO", "Path", "Combine")
-select call, "Call to 'System.IO.Path.Combine'."
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.0.18
+
+### Minor Analysis Improvements
+
+* C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
+
 ## 1.0.17

 No user-facing changes.
--- a/csharp/ql/src/change-notes/2025-02-26-path-combine.md
+++ b/csharp/ql/src/change-notes/2025-02-26-path-combine.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `csharp/path-combine`, to recommend against the `Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted.
--- a/csharp/ql/src/change-notes/2025-02-24-object-tostring.md
+++ b/csharp/ql/src/change-notes/2025-02-24-object-tostring.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 1.0.18
+
+### Minor Analysis Improvements
+
 * C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.18-dev
+version: 1.0.19-dev
 groups:
  - csharp
  - queries
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1,14 +0,0 @@
-using System.IO;
-
-class PathCombine
-{
-    void bad()
-    {
-        Path.Combine(@"C:\Users", @"C:\Program Files");
-    }
-
-    void good()
-    {
-        Path.Join(@"C:\Users", @"C:\Program Files");
-    }
-}
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1 +0,0 @@
-| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine'. |
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1 +0,0 @@
-Bad Practices/PathCombine.ql
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1,2 +0,0 @@
-semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst
@@ -117,8 +117,8 @@ Java/Kotlin
 *   Deleted the deprecated :code:`isLValue` and :code:`isRValue` predicates from the :code:`VarAccess` class, use :code:`isVarWrite` and :code:`isVarRead` respectively instead.
 *   Deleted the deprecated :code:`getRhs` predicate from the :code:`VarWrite` class, use :code:`getASource` instead.
 *   Deleted the deprecated :code:`LValue` and :code:`RValue` classes, use :code:`VarWrite` and :code:`VarRead` respectively instead.
-*   Deleted a lot of deprecated classes ending in ``*Access``, use the corresponding ``*Call`` classes instead.
-*   Deleted a lot of deprecated predicates ending in ``*Access``, use the corresponding ``*Call`` predicates instead.
+*   Deleted a lot of deprecated classes ending in :code:`*Access`, use the corresponding :code:`*Call` classes instead.
+*   Deleted a lot of deprecated predicates ending in :code:`*Access`, use the corresponding :code:`*Call` predicates instead.
 *   Deleted the deprecated :code:`EnvInput` and :code:`DatabaseInput` classes from :code:`FlowSources.qll`, use the threat models feature instead.
 *   Deleted some deprecated API predicates from :code:`SensitiveApi.qll`, use the Sink classes from that file instead.

@@ -144,7 +144,7 @@ Ruby
 *   Deleted the deprecated :code:`ModelClass` and :code:`ModelInstance` classes from :code:`ActiveResource.qll`, use :code:`ModelClassNode` and :code:`ModelClassNode.getAnInstanceReference()` instead.
 *   Deleted the deprecated :code:`Collection` class from :code:`ActiveResource.qll`, use :code:`CollectionSource` instead.
 *   Deleted the deprecated :code:`ServiceInstantiation` and :code:`ClientInstantiation` classes from :code:`Twirp.qll`.
-*   Deleted a lot of deprecated dataflow modules from ``*Query.qll`` files.
+*   Deleted a lot of deprecated dataflow modules from :code:`*Query.qll` files.
 *   Deleted the old deprecated TypeTracking library.

 Swift
--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst
@@ -109,6 +109,14 @@ Python
 *   Fixed a bug in the extractor where a comment inside a subscript could sometimes cause the AST to be missing nodes.
 *   Using the :code:`break` and :code:`continue` keywords outside of a loop, which is a syntax error but is accepted by our parser, would cause the control-flow construction to fail. This is now no longer the case.

+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Golang
+""""""
+
+*   Go 1.24 is now supported. This includes the new language feature of generic type aliases.
+
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst
@@ -0,0 +1,120 @@
+.. _codeql-cli-2.20.6:
+
+==========================
+CodeQL 2.20.6 (2025-03-06)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.20.6 runs a total of 450 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 137 queries (covering 35 more CWE). 1 security query has been added with this release.
+
+CodeQL CLI
+----------
+
+Miscellaneous
+~~~~~~~~~~~~~
+
+*   The CodeQL XML extractor is now able to parse documents in a wider array of character sets.
+    
+*   The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.6.
+
+Query Packs
+-----------
+
+Bug Fixes
+~~~~~~~~~
+
+GitHub Actions
+""""""""""""""
+
+*   The :code:`actions/unversioned-immutable-action` query will no longer report any alerts, since the Immutable Actions feature is not yet available for customer use. The query remains in the default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is available, the query will be updated to report alerts again.
+
+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Java/Kotlin
+"""""""""""
+
+*   Fixed false positive alerts in the java query "Cross-site scripting" (:code:`java/xss`) when :code:`javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   Improved precision of data flow through arrays, fixing some spurious flows that would sometimes cause the :code:`length` property of an array to be seen as tainted.
+*   Improved call resolution logic to better handle calls resolving "downwards", targeting a method declared in a subclass of the enclosing class. Data flow analysis has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Due to changes in libraries the query "Static array access may cause overflow" (:code:`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single :code:`memset` or similar operation.
+*   The query "Call to memory access function may overflow buffer" (:code:`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
+
+C#
+""
+
+*   C#: Improve precision of the query :code:`cs/call-to-object-tostring` for value tuples.
+
+Language Libraries
+------------------
+
+Major Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   Added support for the :code:`response` threat model kind, which can enabled with `advanced setup <https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__. When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
+*   Added support for the :code:`useQuery` hook from :code:`@tanstack/react-query`.
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Modified the :code:`getBufferSize` predicate in :code:`commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
+*   Fixed an issue where the :code:`getBufferSize` predicate in :code:`commons/Buffer.qll` was returning results for references inside :code:`offsetof` expressions, which are not accesses to a buffer.
+
+Golang
+""""""
+
+*   The location info for the following classes has been changed slightly to match a location that is in the database: :code:`BasicBlock`, :code:`ControlFlow::EntryNode`, :code:`ControlFlow::ExitNode`, :code:`ControlFlow::ConditionGuardNode`, :code:`IR::ImplicitLiteralElementIndexInstruction`, :code:`IR::EvalImplicitTrueInstruction`, :code:`SsaImplicitDefinition`, :code:`SsaPhiNode`.
+*   Added :code:`database` source models for the :code:`github.com/rqlite/gorqlite` package.
+*   Added :code:`database` source models for database methods from the :code:`go.mongodb.org/mongo-driver/mongo` package.
+
+Java/Kotlin
+"""""""""""
+
+*   Added a path injection sanitizer for the :code:`child` argument of a :code:`java.io.File` constructor if that argument does not contain path traversal sequences.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   The :code:`response.download()` function in :code:`express` is now recognized as a sink for path traversal attacks.
+
+Deprecated APIs
+~~~~~~~~~~~~~~~
+
+Golang
+""""""
+
+*   The member predicate :code:`hasLocationInfo` has been deprecated on the following classes: :code:`BasicBlock`, :code:`Callable`, :code:`Content`, :code:`ContentSet`, :code:`ControlFlow::Node`, :code:`DataFlowCallable`, :code:`DataFlow::Node`, :code:`Entity`, :code:`GVN`, :code:`HtmlTemplate::TemplateStmt`, :code:`IR:WriteTarget`, :code:`SourceSinkInterpretationInput::SourceOrSinkElement`, :code:`SourceSinkInterpretationInput::InterpretNode`, :code:`SsaVariable`, :code:`SsaDefinition`, :code:`SsaWithFields`, :code:`StringOps::ConcatenationElement`, :code:`Type`, and :code:`VariableWithFields`. Use :code:`getLocation()` instead.
+
+New Features
+~~~~~~~~~~~~
+
+Java/Kotlin
+"""""""""""
+
+*   The Java extractor and QL libraries now support Java 24.
--- a/docs/codeql/codeql-overview/codeql-changelog/index.rst
+++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst
@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
 .. toctree::
   :maxdepth: 1

+   codeql-cli-2.20.6
   codeql-cli-2.20.5
   codeql-cli-2.20.4
   codeql-cli-2.20.3
--- a/go/extractor/util/util.go
+++ b/go/extractor/util/util.go
@@ -307,5 +307,8 @@ func fileExists(path string) bool {
 // and contains a `modules.txt` file.
 func IsGolangVendorDirectory(dirPath string) bool {
 	return filepath.Base(dirPath) == "vendor" &&
-		(fileExists(filepath.Join(dirPath, "modules.txt")) || fileExists(filepath.Join(dirPath, "../glide.yaml")))
+		(fileExists(filepath.Join(dirPath, "modules.txt")) ||
+			fileExists(filepath.Join(dirPath, "../glide.yaml")) ||
+			fileExists(filepath.Join(dirPath, "../Gopkg.lock")) ||
+			fileExists(filepath.Join(dirPath, "../vendor.conf")))
 }
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.18
+
+No user-facing changes.
+
 ## 1.0.17

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.18.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.18.md
@@ -0,0 +1,3 @@
+## 1.0.18
+
+No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.18-dev
+version: 1.0.19-dev
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 4.2.0
+
+### Deprecated APIs
+
+* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
+
+### Major Analysis Improvements
+
+* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
+
+### Minor Analysis Improvements
+
+* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
+* Added `database` source models for the `github.com/rqlite/gorqlite` package.
+* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
+
 ## 4.1.0

 ### Deprecated APIs
--- a/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
+++ b/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
-
--- a/go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md
+++ b/go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added `database` source models for the `github.com/rqlite/gorqlite` package.
--- a/go/ql/lib/change-notes/2025-02-26-location-info-changed.md
+++ b/go/ql/lib/change-notes/2025-02-26-location-info-changed.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
--- a/go/ql/lib/change-notes/2025-02-27-go-version-1-24.md
+++ b/go/ql/lib/change-notes/2025-02-27-go-version-1-24.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
--- a/go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md
+++ b/go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
--- a/go/ql/lib/change-notes/released/4.2.0.md
+++ b/go/ql/lib/change-notes/released/4.2.0.md
@@ -0,0 +1,15 @@
+## 4.2.0
+
+### Deprecated APIs
+
+* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
+
+### Major Analysis Improvements
+
+* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
+
+### Minor Analysis Improvements
+
+* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
+* Added `database` source models for the `github.com/rqlite/gorqlite` package.
+* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.2.0
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.1.1-dev
+version: 4.2.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.1.9
+
+No user-facing changes.
+
 ## 1.1.8

 ### Minor Analysis Improvements
--- a/go/ql/src/change-notes/released/1.1.9.md
+++ b/go/ql/src/change-notes/released/1.1.9.md
@@ -0,0 +1,3 @@
+## 1.1.9
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.8
+lastReleaseVersion: 1.1.9
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.9-dev
+version: 1.1.10-dev
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
+* Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
+
 ## 7.0.1

 No user-facing changes.
--- a/java/ql/lib/change-notes/2025-02-27-jdk-24.md
+++ b/java/ql/lib/change-notes/2025-02-27-jdk-24.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* The Java extractor and QL libraries now support Java 24.
--- a/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
+++ b/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
@@ -1,4 +1,9 @@
---
-category: minorAnalysis
---
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
 * Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.0.1
+lastReleaseVersion: 7.1.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.0.2-dev
+version: 7.1.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.3.0
+
+### Major Analysis Improvements
+
+* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
+
 ## 1.2.0

 ### New Queries
--- a/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
+++ b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
@@ -1,4 +1,5 @@
---
-category: majorAnalysis
---
+## 1.3.0
+
+### Major Analysis Improvements
+
 * Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.3.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.2.1-dev
+version: 1.3.1-dev
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 2.5.0
+
+### Major Analysis Improvements
+
+* Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
+* Added support for the `useQuery` hook from `@tanstack/react-query`.
+
+### Minor Analysis Improvements
+
+* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
+
 ## 2.4.1

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-02-12-express-download.md
+++ b/javascript/ql/lib/change-notes/2025-02-12-express-download.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
--- a/javascript/ql/lib/change-notes/2025-02-21-tanstack.md
+++ b/javascript/ql/lib/change-notes/2025-02-21-tanstack.md
@@ -1,6 +1,10 @@
---
-category: majorAnalysis
---
---
+## 2.5.0
+
+### Major Analysis Improvements
+
 * Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
 * Added support for the `useQuery` hook from `@tanstack/react-query`.
+
+### Minor Analysis Improvements
+
+* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.4.1
+lastReleaseVersion: 2.5.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.4.2-dev
+version: 2.5.1-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 1.5.0
+
+### Major Analysis Improvements
+
+* Improved precision of data flow through arrays, fixing some spurious flows
+  that would sometimes cause the `length` property of an array to be seen as tainted.
+* Improved call resolution logic to better handle calls resolving "downwards", targeting
+  a method declared in a subclass of the enclosing class. Data flow analysis
+  has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
+
 ## 1.4.1

 ### Bug Fixes
--- a/javascript/ql/src/change-notes/2025-02-18-no-implicit-array-taint.md
+++ b/javascript/ql/src/change-notes/2025-02-18-no-implicit-array-taint.md
@@ -1,5 +0,0 @@
---
-category: majorAnalysis
---
-* Improved precision of data flow through arrays, fixing some spurious flows
-  that would sometimes cause the `length` property of an array to be seen as tainted.
--- a/javascript/ql/src/change-notes/2025-02-17-downward-calls.md
+++ b/javascript/ql/src/change-notes/2025-02-17-downward-calls.md
@@ -1,6 +1,9 @@
---
-category: majorAnalysis
---
+## 1.5.0
+
+### Major Analysis Improvements
+
+* Improved precision of data flow through arrays, fixing some spurious flows
+  that would sometimes cause the `length` property of an array to be seen as tainted.
 * Improved call resolution logic to better handle calls resolving "downwards", targeting
  a method declared in a subclass of the enclosing class. Data flow analysis
  has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.1
+lastReleaseVersion: 1.5.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.4.2-dev
+version: 1.5.1-dev
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.18
+
+No user-facing changes.
+
 ## 1.0.17

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.18.md
+++ b/misc/suite-helpers/change-notes/released/1.0.18.md
@@ -0,0 +1,3 @@
+## 1.0.18
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.18-dev
+version: 1.0.19-dev
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.0.2
+
+No user-facing changes.
+
 ## 4.0.1

 ### Bug Fixes
--- a/python/ql/lib/change-notes/released/4.0.2.md
+++ b/python/ql/lib/change-notes/released/4.0.2.md
@@ -0,0 +1,3 @@
+## 4.0.2
+
+No user-facing changes.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.1
+lastReleaseVersion: 4.0.2
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.2-dev
+version: 4.0.3-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.4
+
+No user-facing changes.
+
 ## 1.4.3

 No user-facing changes.
--- a/python/ql/src/change-notes/released/1.4.4.md
+++ b/python/ql/src/change-notes/released/1.4.4.md
@@ -0,0 +1,3 @@
+## 1.4.4
+
+No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.4.4-dev
+version: 1.4.5-dev
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.1.1
+
+No user-facing changes.
+
 ## 4.1.0

 ### Deprecated APIs
--- a/ruby/ql/lib/change-notes/released/4.1.1.md
+++ b/ruby/ql/lib/change-notes/released/4.1.1.md
@@ -0,0 +1,3 @@
+## 4.1.1
+
+No user-facing changes.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.1.1
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 4.1.1-dev
+version: 4.1.2-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jon Janego	b742ed21db	Merge branch 'rc/3.17' into changedocs-2.20.6	2025-03-06 16:51:25 -06:00
Jon Janego	65d5e527c0	Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-03-06 16:46:57 -06:00
Jon Janego	da7b9b7c20	rearranging golang 1.24 support	2025-03-06 15:32:48 -06:00
Jon Janego	3652a45a97	Update codeql-cli-2.20.4.rst	2025-03-06 15:10:42 -06:00
Jon Janego	1385de223f	Update codeql-cli-2.20.4.rst	2025-03-06 15:10:11 -06:00
Jon Janego	2b818e3a4f	Update codeql-cli-2.19.4.rst	2025-03-06 15:04:55 -06:00
Jon Janego	fc6794f6df	adding 2.20.6 sitedocs	2025-03-06 14:12:54 -06:00
Michael B. Gale	16e84d0ad0	Merge pull request #18929 from github/mbg/go/filter-more-vendor-dirs Go: Support more dependency managers in `IsGolangVendorDirectory`	2025-03-06 16:10:18 +00:00
Michael B. Gale	b872c60e1c	Go: Support more dependency managers in `IsGolangVendorDirectory`	2025-03-06 15:40:44 +00:00
Chuan-kai Lin	c7dc8a364c	Merge pull request #18925 from github/mergeback-2.20.6 Mergeback codeql-cli-2.20.6 to rc/3.17	2025-03-04 08:36:09 -08:00
Chuan-kai Lin	dbffe91a20	Merge pull request #18917 from github/smowton/admin/jdk-24-2.20.6 Update supported Java version	2025-03-04 07:10:10 -08:00
Chris Smowton	fba47877c7	Update supported Java version	2025-03-04 10:06:20 +00:00
Chuan-kai Lin	df42ff6253	Merge pull request #18912 from github/post-release-prep/codeql-cli-2.20.6 Post-release preparation for codeql-cli-2.20.6	2025-03-03 12:45:35 -08:00
github-actions[bot]	58f355ae5a	Post-release preparation for codeql-cli-2.20.6	2025-03-03 18:18:15 +00:00
Chuan-kai Lin	c1dca1038a	Merge pull request #18911 from github/release-prep/2.20.6 Release preparation for version 2.20.6	2025-03-03 09:22:19 -08:00
Chuan-kai Lin	17acb31f65	JS: Fix changelog formatting	2025-03-03 09:19:01 -08:00
github-actions[bot]	fa850cccb1	Release preparation for version 2.20.6	2025-03-03 17:13:19 +00:00
				`@@ -1 +0,0 @@`
				`\| PathCombine.cs:7:9:7:54 \| call to method Combine \| Call to 'System.IO.Path.Combine'. \|`