From 33542f7d40619a50556b3870186211e136c9cddf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 14 Oct 2025 09:30:24 +0000 Subject: [PATCH 1/4] Release preparation for version 2.23.3 --- actions/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/0.4.19.md | 3 +++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/0.6.11.md | 3 +++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 10 +++++++++ cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md | 4 ---- .../6.0.0.md} | 13 +++++++---- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.5.2.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.50.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.50.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 9 ++++++++ .../2025-10-02-entity-locations.md | 4 ---- .../2025-10-07-entity-locations.md | 4 ---- .../2025-10-08-entity-locations.md | 4 ---- .../2025-10-10-entity-locations.md | 4 ---- csharp/ql/lib/change-notes/released/5.2.6.md | 8 +++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.4.2.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 22 +++++++++++++++++++ .../change-notes/2025-09-19-api-changes.md | 5 ----- ...9-use-use-flow-proper-post-update-nodes.md | 4 ---- .../2025-09-30-fewer-safe-urls.md | 4 ---- ...lidated-url-redirection-struct-init-fix.md | 4 ---- ...02-writenode-writescomponent-deprecated.md | 4 ---- ...-sqlinjection-numericorbooleansanitizer.md | 4 ---- ...9-sanitize-simple-types-request-forgery.md | 4 ---- go/ql/lib/change-notes/released/5.0.0.md | 21 ++++++++++++++++++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.4.7.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 6 +++++ .../7.7.2.md} | 7 +++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.8.2.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/2.6.13.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/2.1.2.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 +++++ .../4.0.17.md} | 7 +++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/1.6.7.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/5.1.1.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/1.4.7.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 10 +++++++++ .../2025-09-29-data-flow-function-pointer.md | 4 ---- .../ql/lib/change-notes/2025-10-07-rust-ga.md | 4 ---- rust/ql/lib/change-notes/released/0.1.18.md | 9 ++++++++ rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 6 +++++ .../0.1.18.md} | 7 +++--- rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 ++++ .../concepts/change-notes/released/0.0.7.md | 3 +++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.17.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/2.0.17.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.33.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 ++++ .../quantum/change-notes/released/0.0.11.md | 3 +++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.33.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/2.0.9.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.33.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.33.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../change-notes/released/0.0.14.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.17.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.33.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.20.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.33.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.33.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 4 ++++ swift/ql/lib/change-notes/released/5.0.9.md | 3 +++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.2.7.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 178 files changed, 448 insertions(+), 152 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.19.md create mode 100644 actions/ql/src/change-notes/released/0.6.11.md delete mode 100644 cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md rename cpp/ql/lib/change-notes/{2025-09-18-guards.md => released/6.0.0.md} (65%) create mode 100644 cpp/ql/src/change-notes/released/1.5.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-02-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-07-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-08-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-10-entity-locations.md create mode 100644 csharp/ql/lib/change-notes/released/5.2.6.md create mode 100644 csharp/ql/src/change-notes/released/1.4.2.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.33.md delete mode 100644 go/ql/lib/change-notes/2025-09-19-api-changes.md delete mode 100644 go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md delete mode 100644 go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md delete mode 100644 go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md delete mode 100644 go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md delete mode 100644 go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md delete mode 100644 go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md create mode 100644 go/ql/lib/change-notes/released/5.0.0.md create mode 100644 go/ql/src/change-notes/released/1.4.7.md rename java/ql/lib/change-notes/{2025-10-07-array-entrypointtype.md => released/7.7.2.md} (89%) create mode 100644 java/ql/src/change-notes/released/1.8.2.md create mode 100644 javascript/ql/lib/change-notes/released/2.6.13.md create mode 100644 javascript/ql/src/change-notes/released/2.1.2.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.33.md rename python/ql/lib/change-notes/{2025-10-13-fix-importerror-on-python-3.14.md => released/4.0.17.md} (77%) create mode 100644 python/ql/src/change-notes/released/1.6.7.md create mode 100644 ruby/ql/lib/change-notes/released/5.1.1.md create mode 100644 ruby/ql/src/change-notes/released/1.4.7.md delete mode 100644 rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md delete mode 100644 rust/ql/lib/change-notes/2025-10-07-rust-ga.md create mode 100644 rust/ql/lib/change-notes/released/0.1.18.md rename rust/ql/src/change-notes/{2025-09-19-insecure-cookie.md => released/0.1.18.md} (78%) create mode 100644 shared/concepts/change-notes/released/0.0.7.md create mode 100644 shared/controlflow/change-notes/released/2.0.17.md create mode 100644 shared/dataflow/change-notes/released/2.0.17.md create mode 100644 shared/mad/change-notes/released/1.0.33.md create mode 100644 shared/quantum/change-notes/released/0.0.11.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.33.md create mode 100644 shared/regex/change-notes/released/1.0.33.md create mode 100644 shared/ssa/change-notes/released/2.0.9.md create mode 100644 shared/threat-models/change-notes/released/1.0.33.md create mode 100644 shared/tutorial/change-notes/released/1.0.33.md create mode 100644 shared/typeflow/change-notes/released/1.0.33.md create mode 100644 shared/typeinference/change-notes/released/0.0.14.md create mode 100644 shared/typetracking/change-notes/released/2.0.17.md create mode 100644 shared/typos/change-notes/released/1.0.33.md create mode 100644 shared/util/change-notes/released/2.0.20.md create mode 100644 shared/xml/change-notes/released/1.0.33.md create mode 100644 shared/yaml/change-notes/released/1.0.33.md create mode 100644 swift/ql/lib/change-notes/released/5.0.9.md create mode 100644 swift/ql/src/change-notes/released/1.2.7.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index e6ae9a82059e..3de5d186721a 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.19 + +No user-facing changes. + ## 0.4.18 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.19.md b/actions/ql/lib/change-notes/released/0.4.19.md new file mode 100644 index 000000000000..fb592c5a34fe --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.19.md @@ -0,0 +1,3 @@ +## 0.4.19 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 1a848f928999..abf63707906b 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.18 +lastReleaseVersion: 0.4.19 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 80eecfca28d5..06f67aa0be6b 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.19-dev +version: 0.4.19 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 534ba89566b2..4592fbb66da7 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.11 + +No user-facing changes. + ## 0.6.10 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.11.md b/actions/ql/src/change-notes/released/0.6.11.md new file mode 100644 index 000000000000..3c83e3ac1120 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.11.md @@ -0,0 +1,3 @@ +## 0.6.11 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index c2eebb652b05..b73e74898d0f 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.10 +lastReleaseVersion: 0.6.11 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 2de1276aa82d..b758a0e68a1f 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.11-dev +version: 0.6.11 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 0909c8e3c881..e227764cca0a 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.0.0 + +### Breaking Changes + +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. + +### New Features + +* The C/C++ "build-mode: none" support is now General Availability (GA). + ## 5.6.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md deleted file mode 100644 index dce0cabc38c0..000000000000 --- a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The C/C++ "build-mode: none" support is now General Availability (GA). diff --git a/cpp/ql/lib/change-notes/2025-09-18-guards.md b/cpp/ql/lib/change-notes/released/6.0.0.md similarity index 65% rename from cpp/ql/lib/change-notes/2025-09-18-guards.md rename to cpp/ql/lib/change-notes/released/6.0.0.md index a739df714713..5f5a355f5944 100644 --- a/cpp/ql/lib/change-notes/2025-09-18-guards.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -1,4 +1,9 @@ ---- -category: breaking ---- -* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. \ No newline at end of file +## 6.0.0 + +### Breaking Changes + +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. + +### New Features + +* The C/C++ "build-mode: none" support is now General Availability (GA). diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 2dcac412aa9c..f8c4fa43ccb7 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.6.1 +lastReleaseVersion: 6.0.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 435d013c47b6..dadd68c23f55 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 5.6.2-dev +version: 6.0.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 39549ed1bdc2..4b876310708b 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/cpp/ql/src/change-notes/released/1.5.2.md b/cpp/ql/src/change-notes/released/1.5.2.md new file mode 100644 index 000000000000..384c27833f18 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index c5775c46013c..7eb901bae56a 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index f5193698fdb7..f33aa8fc5627 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.2-dev +version: 1.5.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index bcfd38e14942..7b4887608d94 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.50 + +No user-facing changes. + ## 1.7.49 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md new file mode 100644 index 000000000000..187bfe4d01f4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md @@ -0,0 +1,3 @@ +## 1.7.50 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index fe16fdfefdc8..dab079d66444 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.49 +lastReleaseVersion: 1.7.50 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 3c14c29940c0..6ef842443088 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.50-dev +version: 1.7.50 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index bcfd38e14942..7b4887608d94 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.50 + +No user-facing changes. + ## 1.7.49 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md new file mode 100644 index 000000000000..187bfe4d01f4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md @@ -0,0 +1,3 @@ +## 1.7.50 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index fe16fdfefdc8..dab079d66444 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.49 +lastReleaseVersion: 1.7.50 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index efb3216f3b9b..16479e216b37 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.50-dev +version: 1.7.50 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 095eab5cdbaf..a722d924f3b8 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,12 @@ +## 5.2.6 + +### Minor Analysis Improvements + +* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. + ## 5.2.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md deleted file mode 100644 index dd13aab6292e..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md deleted file mode 100644 index 44f36fe44c6a..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md deleted file mode 100644 index a96afe072513..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md deleted file mode 100644 index 72aa663febe0..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/change-notes/released/5.2.6.md b/csharp/ql/lib/change-notes/released/5.2.6.md new file mode 100644 index 000000000000..54ef01bfbf87 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.2.6.md @@ -0,0 +1,8 @@ +## 5.2.6 + +### Minor Analysis Improvements + +* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 63222f8b4a01..1ac2b5309f2d 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.2.5 +lastReleaseVersion: 5.2.6 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2f92b5edafdb..8dd6bc6ec101 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.2.6-dev +version: 5.2.6 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 7fa8992c49af..40ea9e3693a8 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.2 + +No user-facing changes. + ## 1.4.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/1.4.2.md b/csharp/ql/src/change-notes/released/1.4.2.md new file mode 100644 index 000000000000..37be01f40d98 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.4.2.md @@ -0,0 +1,3 @@ +## 1.4.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 43ccf4467bed..a76cacdf7997 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.1 +lastReleaseVersion: 1.4.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index fad06a3e9289..1ea66ed1c4e0 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.4.2-dev +version: 1.4.2 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 331bb4c220e0..102463df544a 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.33.md b/go/ql/consistency-queries/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 70529ff4f909..d9d08c55e176 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.33-dev +version: 1.0.33 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index adf218a99e44..ce835278cb18 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,25 @@ +## 5.0.0 + +### Breaking Changes + +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. + +### Deprecated APIs + +* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. + +### Major Analysis Improvements + +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. + +### Minor Analysis Improvements + +* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. + ## 4.3.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2025-09-19-api-changes.md b/go/ql/lib/change-notes/2025-09-19-api-changes.md deleted file mode 100644 index 071ec2719b3f..000000000000 --- a/go/ql/lib/change-notes/2025-09-19-api-changes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: breaking ---- -* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. -* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. diff --git a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md deleted file mode 100644 index 607f23dfb03e..000000000000 --- a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. diff --git a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md deleted file mode 100644 index 5eeee51c4a3c..000000000000 --- a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. diff --git a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md deleted file mode 100644 index 9e5d5aa14a2f..000000000000 --- a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. diff --git a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md deleted file mode 100644 index 834266e36b96..000000000000 --- a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. diff --git a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md deleted file mode 100644 index 647d9a4332cd..000000000000 --- a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. diff --git a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md deleted file mode 100644 index 1bbf8c7f88a9..000000000000 --- a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. diff --git a/go/ql/lib/change-notes/released/5.0.0.md b/go/ql/lib/change-notes/released/5.0.0.md new file mode 100644 index 000000000000..869479762804 --- /dev/null +++ b/go/ql/lib/change-notes/released/5.0.0.md @@ -0,0 +1,21 @@ +## 5.0.0 + +### Breaking Changes + +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. + +### Deprecated APIs + +* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. + +### Major Analysis Improvements + +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. + +### Minor Analysis Improvements + +* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index d6a085129424..c9e54136ca5c 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.3.5 +lastReleaseVersion: 5.0.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 20ace6482e44..2cc2dbe29063 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.3.6-dev +version: 5.0.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 65d6436fce3e..eb370a8cdddc 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.7 + +No user-facing changes. + ## 1.4.6 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.4.7.md b/go/ql/src/change-notes/released/1.4.7.md new file mode 100644 index 000000000000..4f064ad746f9 --- /dev/null +++ b/go/ql/src/change-notes/released/1.4.7.md @@ -0,0 +1,3 @@ +## 1.4.7 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 3b00bbce928c..163362bd6321 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index c85a94a90f58..660386f898e1 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.7-dev +version: 1.4.7 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 0e74414917b6..5d6fcbde3360 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.7.2 + +### Minor Analysis Improvements + +* Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. + ## 7.7.1 No user-facing changes. diff --git a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md b/java/ql/lib/change-notes/released/7.7.2.md similarity index 89% rename from java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md rename to java/ql/lib/change-notes/released/7.7.2.md index 45b898b6b2a6..43d4f94b816f 100644 --- a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md +++ b/java/ql/lib/change-notes/released/7.7.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 7.7.2 + +### Minor Analysis Improvements + * Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index c94dbb3cd65d..25c09b25d217 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.7.1 +lastReleaseVersion: 7.7.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index dabb65e61cef..2885944ca320 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.2-dev +version: 7.7.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 1e6df88fc31d..06133dffeba8 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.8.2 + +No user-facing changes. + ## 1.8.1 No user-facing changes. diff --git a/java/ql/src/change-notes/released/1.8.2.md b/java/ql/src/change-notes/released/1.8.2.md new file mode 100644 index 000000000000..12e641fd7205 --- /dev/null +++ b/java/ql/src/change-notes/released/1.8.2.md @@ -0,0 +1,3 @@ +## 1.8.2 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 28a7c123ae84..559af8348bb0 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.8.1 +lastReleaseVersion: 1.8.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index b1ee0395fb2e..0d507c465864 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.8.2-dev +version: 1.8.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 975d14e10988..1e874227c37b 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.6.13 + +No user-facing changes. + ## 2.6.12 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/2.6.13.md b/javascript/ql/lib/change-notes/released/2.6.13.md new file mode 100644 index 000000000000..475bfb69be95 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.13.md @@ -0,0 +1,3 @@ +## 2.6.13 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 8b34428a8454..9240f755da88 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.12 +lastReleaseVersion: 2.6.13 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index da942ea28a88..ca5e521255a2 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.13-dev +version: 2.6.13 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 46aae437f779..f03b3a66e4d3 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.1.2 + +No user-facing changes. + ## 2.1.1 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.1.2.md b/javascript/ql/src/change-notes/released/2.1.2.md new file mode 100644 index 000000000000..6e72407c8c7a --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.1.2.md @@ -0,0 +1,3 @@ +## 2.1.2 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 576c2ea18d68..1a4e53e87724 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.1 +lastReleaseVersion: 2.1.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 2581f9476291..2c79885b924c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.1.2-dev +version: 2.1.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 4cbaa48190df..a6f9fcd2377b 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.33.md b/misc/suite-helpers/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 7715f68107e7..537cf29a9df8 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.33-dev +version: 1.0.33 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 070309c08a05..cb18c48a0510 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.0.17 + +### Bug Fixes + +* The Python extractor no longer crashes with an `ImportError` when run using Python 3.14. + ## 4.0.16 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md b/python/ql/lib/change-notes/released/4.0.17.md similarity index 77% rename from python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md rename to python/ql/lib/change-notes/released/4.0.17.md index d2eefde0e119..561e2db6a31c 100644 --- a/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md +++ b/python/ql/lib/change-notes/released/4.0.17.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 4.0.17 + +### Bug Fixes + * The Python extractor no longer crashes with an `ImportError` when run using Python 3.14. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 916d99df3ad6..d1339a1f762e 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.16 +lastReleaseVersion: 4.0.17 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 35ab576bf1a9..a7a4c26b5657 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.17-dev +version: 4.0.17 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index e620dee4fca9..aef1a87136d6 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.7 + +No user-facing changes. + ## 1.6.6 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/released/1.6.7.md b/python/ql/src/change-notes/released/1.6.7.md new file mode 100644 index 000000000000..aba3f8d9ff70 --- /dev/null +++ b/python/ql/src/change-notes/released/1.6.7.md @@ -0,0 +1,3 @@ +## 1.6.7 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index f8e54f30a672..0b49adeac7da 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.6 +lastReleaseVersion: 1.6.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 08336cbb3eb8..2eb8d46c68c3 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.6.7-dev +version: 1.6.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index a62232991b81..32e1dd3538b3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.1 + +No user-facing changes. + ## 5.1.0 ### New Features diff --git a/ruby/ql/lib/change-notes/released/5.1.1.md b/ruby/ql/lib/change-notes/released/5.1.1.md new file mode 100644 index 000000000000..28b0060cedc5 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.1.md @@ -0,0 +1,3 @@ +## 5.1.1 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index dd8d287d0103..dcb83eca6a3a 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.0 +lastReleaseVersion: 5.1.1 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index a503103b95d0..8791a8080ac7 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.1-dev +version: 5.1.1 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7811ea73f864..29a0f89236d5 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.7 + +No user-facing changes. + ## 1.4.6 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.4.7.md b/ruby/ql/src/change-notes/released/1.4.7.md new file mode 100644 index 000000000000..4f064ad746f9 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.4.7.md @@ -0,0 +1,3 @@ +## 1.4.7 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 3b00bbce928c..163362bd6321 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index a01acd1d674d..87412b0fdd99 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.4.7-dev +version: 1.4.7 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index ec04cd624a76..228d9c21637c 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.1.18 + +### New Features + +* Rust analysis is now Generally Available (GA). + +### Minor Analysis Improvements + +* Improve data flow through functions being passed as function pointers. + ## 0.1.17 ### New Features diff --git a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md deleted file mode 100644 index 7d1adb06e746..000000000000 --- a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improve data flow through functions being passed as function pointers. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-10-07-rust-ga.md b/rust/ql/lib/change-notes/2025-10-07-rust-ga.md deleted file mode 100644 index f24f4f6e4c36..000000000000 --- a/rust/ql/lib/change-notes/2025-10-07-rust-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Rust analysis is now Generally Available (GA). diff --git a/rust/ql/lib/change-notes/released/0.1.18.md b/rust/ql/lib/change-notes/released/0.1.18.md new file mode 100644 index 000000000000..539b38a1d9cc --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.1.18.md @@ -0,0 +1,9 @@ +## 0.1.18 + +### New Features + +* Rust analysis is now Generally Available (GA). + +### Minor Analysis Improvements + +* Improve data flow through functions being passed as function pointers. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index eddeebba7bfe..a9893ce82c48 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.17 +lastReleaseVersion: 0.1.18 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 61c2ed8e81e1..0c4fb2d1c449 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.18-dev +version: 0.1.18 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 29117e66d4cb..df1c4e498568 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.18 + +### New Queries + +* Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. + ## 0.1.17 ### New Queries diff --git a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md b/rust/ql/src/change-notes/released/0.1.18.md similarity index 78% rename from rust/ql/src/change-notes/2025-09-19-insecure-cookie.md rename to rust/ql/src/change-notes/released/0.1.18.md index d84da707c43c..8249024b1455 100644 --- a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md +++ b/rust/ql/src/change-notes/released/0.1.18.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.1.18 + +### New Queries + * Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index eddeebba7bfe..a9893ce82c48 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.17 +lastReleaseVersion: 0.1.18 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 57d3e972fc69..ae14dfe64239 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.18-dev +version: 0.1.18 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index cfaa89c5ac2a..f7d8dfad9078 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.7 + +No user-facing changes. + ## 0.0.6 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.7.md b/shared/concepts/change-notes/released/0.0.7.md new file mode 100644 index 000000000000..84da6f18c42e --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.7.md @@ -0,0 +1,3 @@ +## 0.0.7 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index cf398ce02aa4..a2a5484910bc 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.6 +lastReleaseVersion: 0.0.7 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 452f932edef9..a22308185fe1 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.7-dev +version: 0.0.7 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index df7e781268e2..cb14761bb389 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.17.md b/shared/controlflow/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 660b1e125122..6f34e5333545 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 13be0b19eb2e..99ee484c7318 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.17.md b/shared/dataflow/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 166ef444b22c..d7cb0eefb907 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 9979556a4214..eda9cf4ddb21 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.33.md b/shared/mad/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index d9767452c27c..74599911e752 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 1857b399fe88..d9dd6b6f2e25 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.11 + +No user-facing changes. + ## 0.0.10 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.11.md b/shared/quantum/change-notes/released/0.0.11.md new file mode 100644 index 000000000000..19a2a55bd685 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.11.md @@ -0,0 +1,3 @@ +## 0.0.11 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index b740014e5aed..e679dc420925 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 7dfaa7479629..d3100a4df451 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.11-dev +version: 0.0.11 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 50ea4c310f68..7a0776cf53cc 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.33.md b/shared/rangeanalysis/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 85341d10420b..b1d244dd8138 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 830e0da6f287..2507f237ec0a 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.33.md b/shared/regex/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 72347bcd1601..bbf599db62f5 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 8e4b1482e78b..cb33a2dd6137 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.9 + +No user-facing changes. + ## 2.0.8 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.9.md b/shared/ssa/change-notes/released/2.0.9.md new file mode 100644 index 000000000000..b89eb98bbd9d --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.9.md @@ -0,0 +1,3 @@ +## 2.0.9 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 7ffb2d9f65be..ce305265e337 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.8 +lastReleaseVersion: 2.0.9 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 3c1f3fe02784..ef8d64df57cd 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.9-dev +version: 2.0.9 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 331bb4c220e0..102463df544a 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.33.md b/shared/threat-models/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index e28c5f26dd84..cc8146b434c7 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.33-dev +version: 1.0.33 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 6f6d29c25040..e982f144f9c4 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.33.md b/shared/tutorial/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 33dc89bc60cc..fab2fc6fbfdb 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 592596c37d21..32d26faa9f46 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.33.md b/shared/typeflow/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 5d257b81fc61..9fc3902c6c04 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 29ece641a7e3..ad4781e2cbda 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.14 + +No user-facing changes. + ## 0.0.13 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.14.md b/shared/typeinference/change-notes/released/0.0.14.md new file mode 100644 index 000000000000..63b4d50ca454 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.14.md @@ -0,0 +1,3 @@ +## 0.0.14 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index 044e54e4f7e5..ca29e45d0a67 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.13 +lastReleaseVersion: 0.0.14 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 5d8f8a6011f0..36e5b63799a8 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.14-dev +version: 0.0.14 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 6b132f75a558..a536c7073034 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.17.md b/shared/typetracking/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 6bc1e76cfb49..2dadf4b90856 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 2661fcc93085..979e0c24d1e5 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.33.md b/shared/typos/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a045761cd92c..ef9f5adb4543 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 3ded7f7af706..0f0cdcc36ca0 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.20 + +No user-facing changes. + ## 2.0.19 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.20.md b/shared/util/change-notes/released/2.0.20.md new file mode 100644 index 000000000000..6756bd5f6c18 --- /dev/null +++ b/shared/util/change-notes/released/2.0.20.md @@ -0,0 +1,3 @@ +## 2.0.20 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 4aecf1e1f86f..cde101f35162 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.19 +lastReleaseVersion: 2.0.20 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 33bf4527cf00..b90f801666d2 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.20-dev +version: 2.0.20 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 2c1d2132c7e1..f0d7c829bfb3 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.33.md b/shared/xml/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 62fcccb2453c..e18481717997 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 31243ec36be5..2ca0a52f6368 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.33.md b/shared/yaml/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 6c49b5f27ba2..203802df80af 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index eb3b3da96897..4b8852b67110 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.0.9 + +No user-facing changes. + ## 5.0.8 No user-facing changes. diff --git a/swift/ql/lib/change-notes/released/5.0.9.md b/swift/ql/lib/change-notes/released/5.0.9.md new file mode 100644 index 000000000000..5fca9bba5f7d --- /dev/null +++ b/swift/ql/lib/change-notes/released/5.0.9.md @@ -0,0 +1,3 @@ +## 5.0.9 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index c608aca69694..2b650f0b3405 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.8 +lastReleaseVersion: 5.0.9 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 4ad0623d0f30..19753127baa8 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 5.0.9-dev +version: 5.0.9 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index be2f79710a9c..f3fe65f7bd82 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.7 + +No user-facing changes. + ## 1.2.6 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.7.md b/swift/ql/src/change-notes/released/1.2.7.md new file mode 100644 index 000000000000..99f957692acd --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.7.md @@ -0,0 +1,3 @@ +## 1.2.7 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 24962f7ba24b..950e0645d4a7 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.6 +lastReleaseVersion: 1.2.7 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index ea5431f192eb..37771782a762 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.7-dev +version: 1.2.7 groups: - swift - queries From 9507ec08530d7f95679dbfe1d9032040d1073570 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:09:43 +0100 Subject: [PATCH 2/4] Fix "be be" typos --- .../ql/src/experimental/Security/CWE-200/SecretExfiltration.ql | 2 +- go/ql/lib/CHANGELOG.md | 2 +- go/ql/lib/change-notes/released/5.0.0.md | 2 +- ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql b/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql index 2e583a989893..2b4ed1a30b45 100644 --- a/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql +++ b/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql @@ -19,5 +19,5 @@ import SecretExfiltrationFlow::PathGraph from SecretExfiltrationFlow::PathNode source, SecretExfiltrationFlow::PathNode sink where SecretExfiltrationFlow::flowPath(source, sink) select sink.getNode(), source, sink, - "Potential secret exfiltration in $@, which may be be leaked to an attacker-controlled resource.", + "Potential secret exfiltration in $@, which may be leaked to an attacker-controlled resource.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index ce835278cb18..71d6bfdc60f6 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -12,7 +12,7 @@ ### Major Analysis Improvements -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/5.0.0.md b/go/ql/lib/change-notes/released/5.0.0.md index 869479762804..096e0b350bf6 100644 --- a/go/ql/lib/change-notes/released/5.0.0.md +++ b/go/ql/lib/change-notes/released/5.0.0.md @@ -12,7 +12,7 @@ ### Major Analysis Improvements -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. ### Minor Analysis Improvements diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll index cef6cb4fa043..0342932a6144 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll @@ -51,7 +51,7 @@ module Kernel { /** * Holds if `method` is a name of a private method in the `Kernel` module. - * These can be be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`. + * These can be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`. * ```ruby * puts "hello world" * Kernel.puts "hello world" From 9466279909e3392a6dc4b2e2480008dc45dce8e7 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:10:42 +0100 Subject: [PATCH 3/4] Prefer code quotes for BMN --- cpp/ql/lib/CHANGELOG.md | 2 +- cpp/ql/lib/change-notes/released/6.0.0.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e227764cca0a..1c05251c8cee 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -6,7 +6,7 @@ ### New Features -* The C/C++ "build-mode: none" support is now General Availability (GA). +* The C/C++ `build-mode: none` support is now General Availability (GA). ## 5.6.1 diff --git a/cpp/ql/lib/change-notes/released/6.0.0.md b/cpp/ql/lib/change-notes/released/6.0.0.md index 5f5a355f5944..b6eb7cef1f5a 100644 --- a/cpp/ql/lib/change-notes/released/6.0.0.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -6,4 +6,4 @@ ### New Features -* The C/C++ "build-mode: none" support is now General Availability (GA). +* The C/C++ `build-mode: none` support is now General Availability (GA). From 17352a101d0e51551b6dcc0bee48a08e2ee7c87d Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:13:23 +0100 Subject: [PATCH 4/4] Rephrase C++ BMN changelog note --- cpp/ql/lib/CHANGELOG.md | 2 +- cpp/ql/lib/change-notes/released/6.0.0.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 1c05251c8cee..093b31078e0c 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -6,7 +6,7 @@ ### New Features -* The C/C++ `build-mode: none` support is now General Availability (GA). +* C/C++ `build-mode: none` support is now generally available. ## 5.6.1 diff --git a/cpp/ql/lib/change-notes/released/6.0.0.md b/cpp/ql/lib/change-notes/released/6.0.0.md index b6eb7cef1f5a..574e05442ec4 100644 --- a/cpp/ql/lib/change-notes/released/6.0.0.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -6,4 +6,4 @@ ### New Features -* The C/C++ `build-mode: none` support is now General Availability (GA). +* C/C++ `build-mode: none` support is now generally available.