Release preparation for version 2.7.5

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

cpp/ql/lib/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.0.6-dev
+version: 0.0.6
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ### New Queries

cpp/ql/src/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups: cpp
 dependencies:
     codeql/cpp-all: "*"

cpp/upgrades/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

cpp/upgrades/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

cpp/upgrades/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

cpp/upgrades/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-upgrades
 groups: cpp
 upgrades: .
-version: 0.0.6-dev
+version: 0.0.6
 library: true

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

csharp/ql/lib/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.0.6-dev
+version: 0.0.6
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

csharp/ql/src/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups: csharp
 suites: codeql-suites
 extractor: csharp

csharp/upgrades/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

csharp/upgrades/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

csharp/upgrades/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

csharp/upgrades/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-upgrades
 groups: csharp
-version: 0.0.6-dev
+version: 0.0.6
 upgrades: .
 library: true

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.0.6
+
+### Major Analysis Improvements
+
+* Data flow now propagates taint from remote source `Parameter` types to read steps of their fields (e.g. `tainted.publicField` or `tainted.getField()`). This also applies to their subtypes and the types of their fields, recursively.
+
 ## 0.0.5
 
 ### Bug Fixes

java/ql/lib/change-notes/2021-12-15-tainted-field-read-step-on-entrypoint-types.md → java/ql/lib/change-notes/released/0.0.6.md

@@ -1,4 +1,5 @@
----
-category: majorAnalysis
----
+## 0.0.6
+
+### Major Analysis Improvements
+
 * Data flow now propagates taint from remote source `Parameter` types to read steps of their fields (e.g. `tainted.publicField` or `tainted.getField()`). This also applies to their subtypes and the types of their fields, recursively.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.0.6-dev
+version: 0.0.6
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ### Minor Analysis Improvements

java/ql/src/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups: java
 suites: codeql-suites
 extractor: java

java/upgrades/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

java/upgrades/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

java/upgrades/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

java/upgrades/qlpack.yml

@@ -2,4 +2,4 @@ name: codeql/java-upgrades
 groups: java
 upgrades: .
 library: true
-version: 0.0.6-dev
+version: 0.0.6

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.7
+
 ## 0.0.6
 
 ### New Features

javascript/ql/lib/change-notes/released/0.0.7.md

@@ -0,0 +1 @@
+## 0.0.7

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.0.7-dev
+version: 0.0.7
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 0.0.7
+
+### Minor Analysis Improvements
+
+* Support for handlebars templates has improved. Raw interpolation tags of the form `{{& ... }}` are now recognized,
+  as well as whitespace-trimming tags like `{{~ ... }}`.
+* Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are `express` and `fastify`.
+* `js/missing-token-validation` has been made more precise, yielding both fewer false positives and more true positives.
+
 ## 0.0.6
 
 ### Major Analysis Improvements

javascript/ql/src/change-notes/2021-11-08-routing-trees.md → javascript/ql/src/change-notes/released/0.0.7.md

@@ -1,5 +1,8 @@
----
-category: minorAnalysis
----
+## 0.0.7
+
+### Minor Analysis Improvements
+
+* Support for handlebars templates has improved. Raw interpolation tags of the form `{{& ... }}` are now recognized,
+  as well as whitespace-trimming tags like `{{~ ... }}`.
 * Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are `express` and `fastify`.
 * `js/missing-token-validation` has been made more precise, yielding both fewer false positives and more true positives.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.0.7-dev
+version: 0.0.7
 groups: javascript
 suites: codeql-suites
 extractor: javascript

javascript/upgrades/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.7
+
 ## 0.0.6
 
 ## 0.0.5

javascript/upgrades/change-notes/released/0.0.7.md

@@ -0,0 +1 @@
+## 0.0.7

javascript/upgrades/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7

javascript/upgrades/qlpack.yml

@@ -2,4 +2,4 @@ name: codeql/javascript-upgrades
 groups: javascript
 upgrades: .
 library: true
-version: 0.0.7-dev
+version: 0.0.7

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ### Minor Analysis Improvements

python/ql/lib/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.0.6-dev
+version: 0.0.6
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.0.6
+
+### New Queries
+
+* Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default.
+
+### Minor Analysis Improvements
+
+* To support the new SSRF queries, the PyPI package `requests` has been modeled, along with `http.client.HTTP[S]Connection` from the standard library.
+
 ## 0.0.5
 
 ### Minor Analysis Improvements

python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md → python/ql/src/change-notes/released/0.0.6.md

@@ -1,4 +1,9 @@
----
-category: newQuery
----
+## 0.0.6
+
+### New Queries
+
 * Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default.
+
+### Minor Analysis Improvements
+
+* To support the new SSRF queries, the PyPI package `requests` has been modeled, along with `http.client.HTTP[S]Connection` from the standard library.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups: python
 dependencies:
     codeql/python-all: "*"

python/upgrades/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

python/upgrades/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

python/upgrades/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

python/upgrades/qlpack.yml

@@ -2,4 +2,4 @@ name: codeql/python-upgrades
 groups: python
 upgrades: .
 library: true
-version: 0.0.6-dev
+version: 0.0.6

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.0.6
+
+### Deprecated APIs
+
+* `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access.
+
 ## 0.0.5
 
 ### New Features

ruby/ql/lib/change-notes/2021-12-21-constants.md → ruby/ql/lib/change-notes/released/0.0.6.md

@@ -1,4 +1,5 @@
----
-category: deprecated
----
+## 0.0.6
+
+### Deprecated APIs
+
 * `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.0.6-dev
+version: 0.0.6
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.0.6
+
 ## 0.0.5
 
 ## 0.0.4

ruby/ql/src/change-notes/released/0.0.6.md

@@ -0,0 +1 @@
+## 0.0.6

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups: ruby
 suites: codeql-suites
 defaultSuiteFile: codeql-suites/ruby-code-scanning.qls