github · angelapwen · Mar 6, 2024 · Mar 6, 2024
@@ -1,9 +1,3 @@
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.
-
 ## 0.12.6
 
 ### New Features

@@ -1,5 +1,4 @@
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.
+---
+category: minorAnalysis
+---
+* Added destructors for named objects to the intermediate representation.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.7
+lastReleaseVersion: 0.12.6
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.7
+version: 0.12.7-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,10 +1,3 @@
-## 0.9.6
-
-### Minor Analysis Improvements
-
-* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
-* The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
-
 ## 0.9.5
 
 ### Minor Analysis Improvements

@@ -1,6 +1,4 @@
-## 0.9.6
-
-### Minor Analysis Improvements
-
-* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
+---
+category: minorAnalysis
+---
 * The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.6
+lastReleaseVersion: 0.9.5
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.6
+version: 0.9.6-dev
 groups:
   - cpp
   - queries

@@ -1,7 +1,3 @@
-## 1.7.10
-
-No user-facing changes.
-
 ## 1.7.9
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.10
+lastReleaseVersion: 1.7.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.10
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

@@ -1,7 +1,3 @@
-## 1.7.10
-
-No user-facing changes.
-
 ## 1.7.9
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.10
+lastReleaseVersion: 1.7.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.10
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

@@ -1,17 +1,3 @@
-## 0.8.10
-
-### Major Analysis Improvements
-
-* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
-* We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
-
-### Minor Analysis Improvements
-
-* C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
-* C# 12: Add extractor and QL library support for `ref readonly` parameters.
-* C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
-* Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
-
 ## 0.8.9
 
 ### Minor Analysis Improvements

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 12: Add extractor and QL library support for `ref readonly` parameters.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.10
+version: 0.8.10-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,9 +1,3 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
-
 ## 0.8.9
 
 ### Minor Analysis Improvements

@@ -1,5 +1,4 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
+---
+category: minorAnalysis
+---
+* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.10
+version: 0.8.10-dev
 groups:
   - csharp
   - queries

@@ -1,7 +1,3 @@
-## 0.0.9
-
-No user-facing changes.
-
 ## 0.0.8
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.8
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.9
+version: 0.0.9-dev
 groups:
   - go
   - queries

@@ -1,14 +1,3 @@
-## 0.7.10
-
-### Major Analysis Improvements
-
-* We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
-* Go 1.22 has been included in the range of supported Go versions.
-
-### Bug Fixes
-
-* Fixed dataflow out of a `map` using a `range` statement.
-
 ## 0.7.9
 
 No user-facing changes.

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed dataflow out of a `map` using a `range` statement.
@@ -1,10 +1,5 @@
-## 0.7.10
-
-### Major Analysis Improvements
-
+---
+category: majorAnalysis
+---
 * We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
 * Go 1.22 has been included in the range of supported Go versions.
-
-### Bug Fixes
-
-* Fixed dataflow out of a `map` using a `range` statement.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.10
+lastReleaseVersion: 0.7.9
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.10
+version: 0.7.10-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,7 +1,3 @@
-## 0.7.10
-
-No user-facing changes.
-
 ## 0.7.9
 
 ### New Queries

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.10
+lastReleaseVersion: 0.7.9
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.10
+version: 0.7.10-dev
 groups:
   - go
   - queries

@@ -1,7 +1,3 @@
-## 0.0.17
-
-No user-facing changes.
-
 ## 0.0.16
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.17
+lastReleaseVersion: 0.0.16
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.17
+version: 0.0.17-dev
 groups:
     - java
     - automodel

@@ -1,14 +1,3 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
-
-### Bug Fixes
-
-* Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
-* Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
-
 ## 0.8.9
 
 ### Deprecated APIs

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.10
+version: 0.8.10-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java