34 Pull requests merged by 18 people

• C++: Update template test to also output the value of template arguments

  #18923 merged Mar 4, 2025

• Mergeback codeql-cli-2.20.6 to rc/3.17

  #18925 merged Mar 4, 2025

• Upgrade cargo dependencies

  #18789 merged Mar 4, 2025

• Update supported Java version

  #18917 merged Mar 4, 2025

• Rust: Move AstConsistency.qll into internal

  #18919 merged Mar 4, 2025

• Rust: Exclude functions without canonical path from model generation

  #18922 merged Mar 4, 2025

• C++ query to extract the number of errors due to include file resolution failure

  #18914 merged Mar 4, 2025

• Java: handle lock state check stored in variable for java/unreleased-lock

  #18900 merged Mar 4, 2025

• Rust: Allow SSA and some data flow for mutable borrows

  #18872 merged Mar 4, 2025

• Add CodeQL recommendation against Path.Combine

  #18865 merged Mar 4, 2025

• Post-release preparation for codeql-cli-2.20.6

  #18912 merged Mar 3, 2025

• Release preparation for version 2.20.6

  #18911 merged Mar 3, 2025

• C++: Improve and promote cpp/overflow-buffer

  #18837 merged Mar 3, 2025

• C#: Pin .NET for the integration test

  #18904 merged Mar 3, 2025

• Set the executable bit on the scripts in the Actions extractor

  #18888 merged Mar 3, 2025

• Rust: Model pointer read and write functions

  #18896 merged Mar 3, 2025

• Data flow: Improve doc for defaultImplicitTaintRead.

  #18895 merged Feb 28, 2025

• Java: Update test expectations for JDK24 upgrade

  #18861 merged Feb 28, 2025

• Update CSV framework coverage reports

  #18891 merged Feb 28, 2025

• C#: Pin .NET for the integration test standalone_dependencies_nuget_c…

  #18893 merged Feb 28, 2025

• Rust: fix dataflow test failure by pinning the toolchain version

  #18881 merged Feb 28, 2025

• Go: Add .gitignore for artifacts of make test

  #18886 merged Feb 27, 2025

• Move list of immutable actions into internal model pack for now.

  #18887 merged Feb 27, 2025

• Go: Add database sources for the gorqlite package

  #18863 merged Feb 27, 2025

• Go: Add belated change note for go 1.24

  #18885 merged Feb 27, 2025

• Go: Use getLocation instead of hasLocationInfo

  #18883 merged Feb 27, 2025

• Java: Simplify interpretOutput

  #18874 merged Feb 27, 2025

• Rust: Model Result.ok and Result.err.

  #18777 merged Feb 27, 2025

• Test: Ensure total ranking order to avoid ambiguous results

  #18864 merged Feb 27, 2025

• Go: Document support for Go 1.24

  #18870 merged Feb 26, 2025

• Go: Slightly adjust some location info to match locations that are in the database

  #18868 merged Feb 26, 2025

• Update CSV framework coverage reports

  #18839 merged Feb 26, 2025

• Don't run Go tests on documentation changes

  #18867 merged Feb 26, 2025

• Rust: Add generated models for standard libraries including core

  #18787 merged Feb 26, 2025

19 Pull requests opened by 13 people

• C#: Add cs/call-to-object-tostring to the CCR query suite.

  #18866 opened Feb 26, 2025

• Ssa: Update qltests including consistency checks

  #18869 opened Feb 26, 2025

• Python: Move min/maxParameter methods to `Function` class

  #18871 opened Feb 26, 2025

• Bump chrono from 0.4.38 to 0.4.40 in /ql

  #18876 opened Feb 27, 2025

• C#: Roll back changes for tuples in default to string.

  #18880 opened Feb 27, 2025

• JS: Sharpen up EnumerationRegExp

  #18892 opened Feb 28, 2025

• C#: Handle some BMN garbage types.

  #18894 opened Feb 28, 2025

• Rust: DO NOT MERGE test turning off path resolution

  #18897 opened Feb 28, 2025

• JS: Add ECMAScript 2024 `v` Flag Operators for Regex Parsing

  #18899 opened Feb 28, 2025

• Go: Add `database` source models for the `squirrel` package

  #18902 opened Mar 3, 2025

• C#: enable buildless mode

  #18906 opened Mar 3, 2025

• [CWE-925] Intent verification is only needed on non-empty onReceive methods.

  #18907 opened Mar 3, 2025

• C++: Change countNumberOfBranchesUsingParameter to match qldoc closer.

  #18908 opened Mar 3, 2025

• Go: Add `database` source models for the `github.com/couchbase/gocb` package

  #18913 opened Mar 3, 2025

• Rust: tweak qltest logs

  #18918 opened Mar 4, 2025

• Go: Do not track taint into a `sync.Map` via the key of a key-value pair

  #18920 opened Mar 4, 2025

• Python: Add support for forward references in unused var query

  #18921 opened Mar 4, 2025

• Ruby: Avoid a forced CP.

  #18927 opened Mar 4, 2025

• C++: Improve query description and fix alignment of the text

  #18928 opened Mar 4, 2025

8 Issues closed by 6 people

• How to Calculate LOC for BlockStmt

  #18915 closed Mar 4, 2025

• [cpp] extractor crashed when creating database

  #16449 closed Mar 3, 2025

• Failure to create CodeQL database with latest Visual Studio (17.8.1)

  #14927 closed Mar 3, 2025

• General issue

  #18363 closed Mar 3, 2025

• How to use my own modified version of codeql core library

  #18890 closed Mar 3, 2025

• Idk

  #18889 closed Feb 28, 2025

• Erica

  #18898 closed Feb 28, 2025

• [Actions] Unpinned actions in same organization or same enterprise incorrectly trigger actions/unpinned-tag

  #18316 closed Feb 28, 2025

6 Issues opened by 6 people

• False positive in Go / Golang context when logging using %T

  #18926 opened Mar 4, 2025

• CodeQl Cli - The process cannot access the file '<path>\build-tracer.log' because it is being used by another process.

  #18924 opened Mar 4, 2025

• Go: False positive when use sync.Map

  #18916 opened Mar 4, 2025

• Python: False Positive on Global Type Variable

  #18910 opened Mar 3, 2025

• Allow multiple excludes in Java extractor

  #18905 opened Mar 3, 2025

• How to use CodeQL to scan the sink of code（only sink）

  #18862 opened Feb 26, 2025

15 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• JS: Update test suite to use post-processed inline expectations

  #18670 commented on Mar 4, 2025 • 19 new comments

• Rust: Implement basic type inference in QL

  #18632 commented on Mar 4, 2025 • 11 new comments

• Rust: extract crate graph

  #18228 commented on Mar 4, 2025 • 6 new comments

• Java: path sanitizer for `replace`, `replaceAll`, and `matches`

  #18646 commented on Mar 3, 2025 • 3 new comments

• Java: Promote Spring Boot Actuators query from experimental

  #18793 commented on Mar 4, 2025 • 2 new comments

• Python: Don't prune any `MatchLiteralPattern`s

  #18738 commented on Mar 4, 2025 • 1 new comment

• Actions: Sequester issue_comment triggered untrusted checkout from other triggers

  #18838 commented on Feb 28, 2025 • 1 new comment

• Error downloading/installing codeql cpp-queries package

  #14492 commented on Mar 3, 2025 • 0 new comments

• Java: `getNumberOfCommentLines` and `getNumberOfLinesOfCode` should only exist for supported classes

  #10199 commented on Mar 4, 2025 • 0 new comments

• Go: `database` local source models

  #17905 commented on Mar 3, 2025 • 0 new comments

• JS: Support for ECMAScript 2024 `v` Flag Intersection

  #18055 commented on Feb 28, 2025 • 0 new comments

• Rust: add flag to turn off extractor path resolution

  #18813 commented on Mar 4, 2025 • 0 new comments

• Java: Add integration test for failure to download a particular Maven version

  #18836 commented on Mar 4, 2025 • 0 new comments

• Python: Add more documentation in regards to SSRF

  #18855 commented on Mar 3, 2025 • 0 new comments

• JS: React-relay useFragment support

  #18858 commented on Feb 26, 2025 • 0 new comments