github · smowton · Oct 31, 2023 · Oct 30, 2023 · Oct 30, 2023 · Oct 30, 2023
@@ -1,3 +1,18 @@
+## 0.11.0
+
+### Breaking Changes
+
+* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead.
+
+### New Features
+
+* Added a new class `AdditionalCallTarget` for specifying additional call targets.
+
+### Minor Analysis Improvements
+
+* More field accesses are identified as `ImplicitThisFieldAccess`.
+* Added support for new floating-point types in C23 and C++23.
+
 ## 0.10.1
 
 ### Minor Analysis Improvements

@@ -0,0 +1,14 @@
+## 0.11.0
+
+### Breaking Changes
+
+* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead.
+
+### New Features
+
+* Added a new class `AdditionalCallTarget` for specifying additional call targets.
+
+### Minor Analysis Improvements
+
+* More field accesses are identified as `ImplicitThisFieldAccess`.
+* Added support for new floating-point types in C23 and C++23.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.10.1
+lastReleaseVersion: 0.11.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.10.2-dev
+version: 0.11.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,7 @@
+## 0.8.2
+
+No user-facing changes.
+
 ## 0.8.1
 
 ### New Queries

@@ -0,0 +1,3 @@
+## 0.8.2
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.2
+
+No user-facing changes.
+
 ## 1.7.1
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.2
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.1
+lastReleaseVersion: 1.7.2
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.2-dev
+version: 1.7.3-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.2
+
+No user-facing changes.
+
 ## 1.7.1
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.2
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.1
+lastReleaseVersion: 1.7.2
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.2-dev
+version: 1.7.3-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 0.8.2
+
+No user-facing changes.
+
 ## 0.8.1
 
 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 0.8.2
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,7 @@
+## 0.8.2
+
+No user-facing changes.
+
 ## 0.8.1
 
 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 0.8.2
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups:
   - csharp
   - queries

@@ -0,0 +1,3 @@
+## 0.0.1
+
+No user-facing changes.
@@ -0,0 +1,3 @@
+## 0.0.1
+
+No user-facing changes.
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.1
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.0
+version: 0.0.2-dev
 groups:
   - go
   - queries

@@ -1,3 +1,13 @@
+## 0.7.2
+
+### Minor Analysis Improvements
+
+* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers.
+
+### Bug Fixes
+
+* Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results.
+
 ## 0.7.1
 
 ### Minor Analysis Improvements

@@ -1,4 +1,9 @@
----
-category: fix
----
+## 0.7.2
+
+### Minor Analysis Improvements
+
+* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers.
+
+### Bug Fixes
+
 * Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.2-dev
+version: 0.7.3-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,9 @@
+## 0.7.2
+
+### Minor Analysis Improvements
+
+* The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`.
+
 ## 0.7.1
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.7.2
+
+### Minor Analysis Improvements
+
 * The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.2-dev
+version: 0.7.3-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 0.0.7
+
+No user-facing changes.
+
 ## 0.0.6
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.7-dev
+version: 0.0.8-dev
 groups:
     - java
     - automodel

@@ -1,3 +1,16 @@
+## 0.8.2
+
+### Minor Analysis Improvements
+
+* Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced.
+* New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference.
+* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`.
+* Added models for the following packages:
+
+  * com.alibaba.fastjson2
+  * javax.management
+  * org.apache.http.client.utils
+
 ## 0.8.1
 
 ### New Features

@@ -1,5 +1,12 @@
----
-category: minorAnalysis
----
+## 0.8.2
+
+### Minor Analysis Improvements
+
 * Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced.
 * New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference.
+* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`.
+* Added models for the following packages:
+
+  * com.alibaba.fastjson2
+  * javax.management
+  * org.apache.http.client.utils
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,10 @@
+## 0.8.2
+
+### Minor Analysis Improvements
+
+* java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts.
+* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.
+
 ## 0.8.1
 
 ### Minor Analysis Improvements

@@ -1,4 +1,6 @@
----
-category: minorAnalysis
----
+## 0.8.2
+
+### Minor Analysis Improvements
+
 * java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts.
+* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 0.8.2
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.2-dev
+version: 0.8.3-dev
 groups:
   - java
   - queries

@@ -1,3 +1,7 @@
+## 0.8.2
+
+No user-facing changes.
+
 ## 0.8.1
 
 ### Minor Analysis Improvements