From 18fa6799ce464a0f77f6ebeb573986eeea93967b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 17 Nov 2025 16:38:07 +0000 Subject: [PATCH 1/5] Release preparation for version 2.23.6 --- actions/ql/lib/CHANGELOG.md | 4 +++ .../ql/lib/change-notes/released/0.4.21.md | 3 ++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 4 +++ .../ql/src/change-notes/released/0.6.13.md | 3 ++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 30 ++++++++++------ .../2025-11-11-range-analysis-performance.md | 4 --- .../6.1.0.md} | 11 ++++-- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 +++ cpp/ql/src/change-notes/released/1.5.4.md | 3 ++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 +++ .../lib/change-notes/released/1.7.52.md | 3 ++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/1.7.52.md | 3 ++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 36 +++++++++++++------ .../2025-10-04-deprecate-controlsblock.md | 4 --- ...0-30-overlay-compilation-and-extraction.md | 5 --- .../2025-11-03-roslyn-and-binlog.md | 4 --- csharp/ql/lib/change-notes/released/5.4.0.md | 13 +++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 16 +++++++-- ...025-10-24-insecure-cookie-query-promote.md | 4 --- .../1.5.0.md} | 11 ++++-- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 +++ .../change-notes/released/1.0.35.md | 3 ++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 9 +++++ .../5.0.2.md} | 7 ++-- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 +++ go/ql/src/change-notes/released/1.4.9.md | 3 ++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 4 +++ java/ql/lib/change-notes/released/7.7.4.md | 3 ++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 7 ++++ .../1.10.0.md} | 9 ++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 +++ .../ql/lib/change-notes/released/2.6.15.md | 3 ++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 7 ++++ .../2.2.0.md} | 9 ++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 +++ .../change-notes/released/1.0.35.md | 3 ++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++ .../5.0.0.md} | 6 ++-- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 ++++ .../2025-10-22-adjust-query-severity.md | 4 --- python/ql/src/change-notes/released/1.7.0.md | 5 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 +++ ruby/ql/lib/change-notes/released/5.1.3.md | 3 ++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++ .../2025-10-22-adjust-query-severity.md | 4 --- ruby/ql/src/change-notes/released/1.5.0.md | 5 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 6 ++++ .../0.1.20.md} | 7 ++-- rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 6 ++++ .../0.1.20.md} | 7 ++-- rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 +++ .../concepts/change-notes/released/0.0.9.md | 3 ++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 +++ .../change-notes/released/2.0.19.md | 3 ++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 +++ .../dataflow/change-notes/released/2.0.19.md | 3 ++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 +++ shared/mad/change-notes/released/1.0.35.md | 3 ++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 +++ .../quantum/change-notes/released/0.0.13.md | 3 ++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 +++ .../change-notes/released/1.0.35.md | 3 ++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 +++ shared/regex/change-notes/released/1.0.35.md | 3 ++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 +++ shared/ssa/change-notes/released/2.0.11.md | 3 ++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 +++ .../change-notes/released/1.0.35.md | 3 ++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 +++ .../tutorial/change-notes/released/1.0.35.md | 3 ++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 +++ .../typeflow/change-notes/released/1.0.35.md | 3 ++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.16.md | 3 ++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 +++ .../change-notes/released/2.0.19.md | 3 ++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 +++ shared/typos/change-notes/released/1.0.35.md | 3 ++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 +++ shared/util/change-notes/released/2.0.22.md | 3 ++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 +++ shared/xml/change-notes/released/1.0.35.md | 3 ++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 +++ shared/yaml/change-notes/released/1.0.35.md | 3 ++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 6 ++++ .../6.1.0.md} | 7 ++-- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 +++ swift/ql/src/change-notes/released/1.2.9.md | 3 ++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 171 files changed, 470 insertions(+), 164 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.21.md create mode 100644 actions/ql/src/change-notes/released/0.6.13.md delete mode 100644 cpp/ql/lib/change-notes/2025-11-11-range-analysis-performance.md rename cpp/ql/lib/change-notes/{2025-11-13-expanded.md => released/6.1.0.md} (52%) create mode 100644 cpp/ql/src/change-notes/released/1.5.4.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.52.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.52.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-04-deprecate-controlsblock.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-30-overlay-compilation-and-extraction.md delete mode 100644 csharp/ql/lib/change-notes/2025-11-03-roslyn-and-binlog.md create mode 100644 csharp/ql/lib/change-notes/released/5.4.0.md delete mode 100644 csharp/ql/src/change-notes/2025-10-24-insecure-cookie-query-promote.md rename csharp/ql/src/change-notes/{2025-11-14-guards-disjunctive.md => released/1.5.0.md} (58%) create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.35.md rename go/ql/lib/change-notes/{2025-11-11-path-transformer.md => released/5.0.2.md} (94%) create mode 100644 go/ql/src/change-notes/released/1.4.9.md create mode 100644 java/ql/lib/change-notes/released/7.7.4.md rename java/ql/src/change-notes/{2025-10-22-adjust-query-severity.md => released/1.10.0.md} (66%) create mode 100644 javascript/ql/lib/change-notes/released/2.6.15.md rename javascript/ql/src/change-notes/{2025-10-22-adjust-query-severity.md => released/2.2.0.md} (66%) create mode 100644 misc/suite-helpers/change-notes/released/1.0.35.md rename python/ql/lib/change-notes/{2025-10-30-remove-points-to-from-cfg-and-expr.md => released/5.0.0.md} (87%) delete mode 100644 python/ql/src/change-notes/2025-10-22-adjust-query-severity.md create mode 100644 python/ql/src/change-notes/released/1.7.0.md create mode 100644 ruby/ql/lib/change-notes/released/5.1.3.md delete mode 100644 ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md create mode 100644 ruby/ql/src/change-notes/released/1.5.0.md rename rust/ql/lib/change-notes/{2025-11-05-poem.md => released/0.1.20.md} (55%) rename rust/ql/src/change-notes/{2025-10-31-barriers.md => released/0.1.20.md} (80%) create mode 100644 shared/concepts/change-notes/released/0.0.9.md create mode 100644 shared/controlflow/change-notes/released/2.0.19.md create mode 100644 shared/dataflow/change-notes/released/2.0.19.md create mode 100644 shared/mad/change-notes/released/1.0.35.md create mode 100644 shared/quantum/change-notes/released/0.0.13.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.35.md create mode 100644 shared/regex/change-notes/released/1.0.35.md create mode 100644 shared/ssa/change-notes/released/2.0.11.md create mode 100644 shared/threat-models/change-notes/released/1.0.35.md create mode 100644 shared/tutorial/change-notes/released/1.0.35.md create mode 100644 shared/typeflow/change-notes/released/1.0.35.md create mode 100644 shared/typeinference/change-notes/released/0.0.16.md create mode 100644 shared/typetracking/change-notes/released/2.0.19.md create mode 100644 shared/typos/change-notes/released/1.0.35.md create mode 100644 shared/util/change-notes/released/2.0.22.md create mode 100644 shared/xml/change-notes/released/1.0.35.md create mode 100644 shared/yaml/change-notes/released/1.0.35.md rename swift/ql/lib/change-notes/{2025-10-22-swift-6.2.1.md => released/6.1.0.md} (51%) create mode 100644 swift/ql/src/change-notes/released/1.2.9.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index ffe1cba82818..0ae66461fc7e 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.21 + +No user-facing changes. + ## 0.4.20 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.21.md b/actions/ql/lib/change-notes/released/0.4.21.md new file mode 100644 index 000000000000..4457437acf28 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.21.md @@ -0,0 +1,3 @@ +## 0.4.21 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 380b2d094239..eb3b038a7159 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.20 +lastReleaseVersion: 0.4.21 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 295d925c3189..22e1d6db0fc6 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.21-dev +version: 0.4.21 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index c7253227b7c3..b26f2472b1db 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.13 + +No user-facing changes. + ## 0.6.12 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.13.md b/actions/ql/src/change-notes/released/0.6.13.md new file mode 100644 index 000000000000..0dad2009c46d --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.13.md @@ -0,0 +1,3 @@ +## 0.6.13 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 28c22ccab7cb..4568aee7f4f4 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.12 +lastReleaseVersion: 0.6.13 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index b612696b8162..78ca2aa20739 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.13-dev +version: 0.6.13 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 0f158cd3fb5b..450185adf894 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.1.0 + +### New Features + +* New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files. + +### Bug Fixes + +* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time. + ## 6.0.1 No user-facing changes. @@ -259,8 +269,8 @@ No user-facing changes. ### Breaking Changes -* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. -* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. * Deleted the deprecated `hasQualifiedName` and `isDefined` predicates from the `Declaration` class, use `hasGlobalName` and `hasDefinition` respectively instead. * Deleted the `getFullSignature` predicate from the `Function` class, use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead. * Deleted the deprecated `freeCall` predicate from `Alloc.qll`. Use `DeallocationExpr` instead. @@ -294,7 +304,7 @@ No user-facing changes. * A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. * An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. * A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. ### Minor Analysis Improvements @@ -372,9 +382,9 @@ No user-facing changes. ### New Features * Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field. -* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. * Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant. -* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. * Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant. * Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement. @@ -490,7 +500,7 @@ No user-facing changes. * Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as non-returning in the IR and dataflow. * Treat functions that reach the end of the function as returning in the IR. - They used to be treated as unreachable but it is allowed in C. + They used to be treated as unreachable but it is allowed in C. * The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. ## 0.9.3 @@ -539,7 +549,7 @@ No user-facing changes. ### New Features -* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. +* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed. ### Minor Analysis Improvements @@ -733,7 +743,7 @@ No user-facing changes. ### Deprecated APIs -* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. +* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### New Features @@ -750,7 +760,7 @@ No user-facing changes. ### Deprecated APIs -* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### New Features @@ -849,7 +859,7 @@ No user-facing changes. ### Deprecated APIs -* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. +* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### New Features diff --git a/cpp/ql/lib/change-notes/2025-11-11-range-analysis-performance.md b/cpp/ql/lib/change-notes/2025-11-11-range-analysis-performance.md deleted file mode 100644 index f24ab4b87fec..000000000000 --- a/cpp/ql/lib/change-notes/2025-11-11-range-analysis-performance.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2025-11-13-expanded.md b/cpp/ql/lib/change-notes/released/6.1.0.md similarity index 52% rename from cpp/ql/lib/change-notes/2025-11-13-expanded.md rename to cpp/ql/lib/change-notes/released/6.1.0.md index 82d0a1f51057..a904793a03f2 100644 --- a/cpp/ql/lib/change-notes/2025-11-13-expanded.md +++ b/cpp/ql/lib/change-notes/released/6.1.0.md @@ -1,4 +1,9 @@ ---- -category: feature ---- +## 6.1.0 + +### New Features + * New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files. + +### Bug Fixes + +* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index d1f3c68c8120..22247782f3e5 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.0.1 +lastReleaseVersion: 6.1.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 8b2113533238..c2f8cc98819d 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 6.0.2-dev +version: 6.1.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 880cab8a58de..58677d61a2a1 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.4 + +No user-facing changes. + ## 1.5.3 No user-facing changes. diff --git a/cpp/ql/src/change-notes/released/1.5.4.md b/cpp/ql/src/change-notes/released/1.5.4.md new file mode 100644 index 000000000000..5ff5ac8ebb7c --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.4.md @@ -0,0 +1,3 @@ +## 1.5.4 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 232224b0e267..c216828ee1c3 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.3 +lastReleaseVersion: 1.5.4 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 39cdb717ca7d..8e062d290b56 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.4-dev +version: 1.5.4 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index a25c349e35ee..de67deb4d32e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.52 + +No user-facing changes. + ## 1.7.51 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.52.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.52.md new file mode 100644 index 000000000000..07bec2a826a4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.52.md @@ -0,0 +1,3 @@ +## 1.7.52 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 26376c0cebb2..31d9cd574dd0 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.51 +lastReleaseVersion: 1.7.52 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 7877ad717e23..80e9343408f9 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.52-dev +version: 1.7.52 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index a25c349e35ee..de67deb4d32e 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.52 + +No user-facing changes. + ## 1.7.51 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.52.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.52.md new file mode 100644 index 000000000000..07bec2a826a4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.52.md @@ -0,0 +1,3 @@ +## 1.7.52 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 26376c0cebb2..31d9cd574dd0 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.51 +lastReleaseVersion: 1.7.52 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 6427ecbb9358..f107eb7dee6d 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.52-dev +version: 1.7.52 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 20b1c03d7222..962b6ecd1847 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 5.4.0 + +### Deprecated APIs + +* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library. + +### New Features + +* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`. + +### Minor Analysis Improvements + +* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality. + ## 5.3.0 ### Deprecated APIs @@ -6,7 +20,7 @@ ### Major Analysis Improvements -* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions. For example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. +* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. ### Minor Analysis Improvements @@ -143,7 +157,7 @@ No user-facing changes. * Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`: - `[SupplyParameterFromForm]` - `[SupplyParameterFromQuery]` -* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. +* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. * Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method. * The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. * The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features. @@ -163,7 +177,7 @@ No user-facing changes. - `System.Web.HttpUtility::ParseQueryString` - `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseQuery` - `Microsoft.AspNetCore.WebUtilities.QueryHelpers::ParseNullableQuery` -* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript. +* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript. ## 3.1.1 @@ -201,8 +215,8 @@ No user-facing changes. ### Breaking Changes -* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. -* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. * Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. ### Minor Analysis Improvements @@ -451,7 +465,7 @@ No user-facing changes. ### New Features -* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. +* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`. Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed. ### Minor Analysis Improvements @@ -586,7 +600,7 @@ No user-facing changes. * Attributes on methods in CIL are now extracted (Bugfix). * Support for `static virtual` and `static abstract` interface members. -* Support for *operators* in interface definitions. +* Support for *operators* in interface definitions. * C# 11: Added support for the unsigned right shift `>>>` and unsigned right shift assignment `>>>=` operators. * Query id's have been aligned such that they are prefixed with `cs` instead of `csharp`. @@ -626,13 +640,13 @@ No user-facing changes. ### Minor Analysis Improvements * `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries. -* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. +* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. ## 0.4.0 ### Deprecated APIs -* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. +* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### Bug Fixes @@ -645,7 +659,7 @@ No user-facing changes. ### Deprecated APIs -* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### Minor Analysis Improvements @@ -692,7 +706,7 @@ No user-facing changes. ### Deprecated APIs -* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. +* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias. ### New Features diff --git a/csharp/ql/lib/change-notes/2025-10-04-deprecate-controlsblock.md b/csharp/ql/lib/change-notes/2025-10-04-deprecate-controlsblock.md deleted file mode 100644 index a3c69932917d..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-04-deprecate-controlsblock.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library. diff --git a/csharp/ql/lib/change-notes/2025-10-30-overlay-compilation-and-extraction.md b/csharp/ql/lib/change-notes/2025-10-30-overlay-compilation-and-extraction.md deleted file mode 100644 index 0f5005a22a2f..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-30-overlay-compilation-and-extraction.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- - -* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`. diff --git a/csharp/ql/lib/change-notes/2025-11-03-roslyn-and-binlog.md b/csharp/ql/lib/change-notes/2025-11-03-roslyn-and-binlog.md deleted file mode 100644 index 92231d3be2fc..000000000000 --- a/csharp/ql/lib/change-notes/2025-11-03-roslyn-and-binlog.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality. diff --git a/csharp/ql/lib/change-notes/released/5.4.0.md b/csharp/ql/lib/change-notes/released/5.4.0.md new file mode 100644 index 000000000000..478e6deb4141 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.4.0.md @@ -0,0 +1,13 @@ +## 5.4.0 + +### Deprecated APIs + +* `ControlFlowElement.controlsBlock` has been deprecated in favor of the Guards library. + +### New Features + +* Initial support for incremental C# databases via `codeql database create --overlay-base`/`--overlay-changes`. + +### Minor Analysis Improvements + +* Updated *roslyn* and *binlog* dependencies in the extractor, which may improve database and analysis quality. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index b0a1c83e5bc9..afb2156eaa2b 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.3.0 +lastReleaseVersion: 5.4.0 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 3ecdad08291b..3c3ae516a563 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.3.1-dev +version: 5.4.0 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 8993b4535436..b7bef32f2074 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,8 +1,18 @@ +## 1.5.0 + +### New Queries + +* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack. + +### Minor Analysis Improvements + +* An improvement to the Guards library for recognizing disjunctions means improved precision for `cs/constant-condition`, `cs/inefficient-containskey`, and `cs/dereferenced-value-may-be-null`. The two former can have additional findings, and the latter will have fewer false positives. + ## 1.4.3 ### Minor Analysis Improvements -* The `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. +* the `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. ## 1.4.2 @@ -170,7 +180,7 @@ No user-facing changes. ### Minor Analysis Improvements -* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. +* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. ## 1.0.10 @@ -284,7 +294,7 @@ No user-facing changes. ### Minor Analysis Improvements -* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. +* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. * Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` ## 0.8.5 diff --git a/csharp/ql/src/change-notes/2025-10-24-insecure-cookie-query-promote.md b/csharp/ql/src/change-notes/2025-10-24-insecure-cookie-query-promote.md deleted file mode 100644 index 6b3d8d5b2590..000000000000 --- a/csharp/ql/src/change-notes/2025-10-24-insecure-cookie-query-promote.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack. diff --git a/csharp/ql/src/change-notes/2025-11-14-guards-disjunctive.md b/csharp/ql/src/change-notes/released/1.5.0.md similarity index 58% rename from csharp/ql/src/change-notes/2025-11-14-guards-disjunctive.md rename to csharp/ql/src/change-notes/released/1.5.0.md index 015f16f8d091..16106aaca11f 100644 --- a/csharp/ql/src/change-notes/2025-11-14-guards-disjunctive.md +++ b/csharp/ql/src/change-notes/released/1.5.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 1.5.0 + +### New Queries + +* The `cs/web/cookie-secure-not-set` and `cs/web/cookie-httponly-not-set` queries have been promoted from experimental to the main query pack. + +### Minor Analysis Improvements + * An improvement to the Guards library for recognizing disjunctions means improved precision for `cs/constant-condition`, `cs/inefficient-containskey`, and `cs/dereferenced-value-may-be-null`. The two former can have additional findings, and the latter will have fewer false positives. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 08f88b689fb6..639f80c43417 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.3 +lastReleaseVersion: 1.5.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 2597e99f55b6..4834c59d8fa9 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.4.4-dev +version: 1.5.0 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 870695d684ce..c27711a0c4c8 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.35.md b/go/ql/consistency-queries/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index be82fc786d23..ce049f780271 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.35-dev +version: 1.0.35 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index e2d2a71f6bd0..553cccf4eab8 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,12 @@ +## 5.0.2 + +### Bug Fixes + +* Some fixes relating to use of path transformers when extracting a database: + * Fixed a problem where the path transformer would be ignored when extracting older codebases that predate the use of Go modules. + * The environment variable `CODEQL_PATH_TRANSFORMER` is now recognized, in addition to `SEMMLE_PATH_TRANSFORMER`. + * Fixed some cases where the extractor emitted paths without applying the path transformer. + ## 5.0.1 No user-facing changes. diff --git a/go/ql/lib/change-notes/2025-11-11-path-transformer.md b/go/ql/lib/change-notes/released/5.0.2.md similarity index 94% rename from go/ql/lib/change-notes/2025-11-11-path-transformer.md rename to go/ql/lib/change-notes/released/5.0.2.md index c36cf8fb83e6..1c95b433daca 100644 --- a/go/ql/lib/change-notes/2025-11-11-path-transformer.md +++ b/go/ql/lib/change-notes/released/5.0.2.md @@ -1,6 +1,7 @@ ---- -category: fix ---- +## 5.0.2 + +### Bug Fixes + * Some fixes relating to use of path transformers when extracting a database: * Fixed a problem where the path transformer would be ignored when extracting older codebases that predate the use of Go modules. * The environment variable `CODEQL_PATH_TRANSFORMER` is now recognized, in addition to `SEMMLE_PATH_TRANSFORMER`. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index ae7df5e18b78..3940dee0f32d 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.1 +lastReleaseVersion: 5.0.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 058e65978f23..ec804b7aee56 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 5.0.2-dev +version: 5.0.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 786164b5fe4a..82f6633fef9c 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.9 + +No user-facing changes. + ## 1.4.8 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.4.9.md b/go/ql/src/change-notes/released/1.4.9.md new file mode 100644 index 000000000000..23b8222662cd --- /dev/null +++ b/go/ql/src/change-notes/released/1.4.9.md @@ -0,0 +1,3 @@ +## 1.4.9 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 16e6425ae7e4..c1bf629045f1 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.8 +lastReleaseVersion: 1.4.9 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 4a0baaa78369..d273ea1ddfca 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.9-dev +version: 1.4.9 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index e261dbee59e9..10dfe5ce35b3 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 7.7.4 + +No user-facing changes. + ## 7.7.3 No user-facing changes. diff --git a/java/ql/lib/change-notes/released/7.7.4.md b/java/ql/lib/change-notes/released/7.7.4.md new file mode 100644 index 000000000000..47cd244f7892 --- /dev/null +++ b/java/ql/lib/change-notes/released/7.7.4.md @@ -0,0 +1,3 @@ +## 7.7.4 + +No user-facing changes. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 6856106e7719..7b894469209e 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.7.3 +lastReleaseVersion: 7.7.4 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index bcfc194a4cbb..8a3414dcb122 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.4-dev +version: 7.7.4 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index ed02fdc5bb2a..9e82554241e8 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.10.0 + +### Query Metadata Changes + +* Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. +* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact. + ## 1.9.0 ### New Queries diff --git a/java/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/java/ql/src/change-notes/released/1.10.0.md similarity index 66% rename from java/ql/src/change-notes/2025-10-22-adjust-query-severity.md rename to java/ql/src/change-notes/released/1.10.0.md index 61cc9402a786..6cfa49bc2c4e 100644 --- a/java/ql/src/change-notes/2025-10-22-adjust-query-severity.md +++ b/java/ql/src/change-notes/released/1.10.0.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 1.10.0 + +### Query Metadata Changes + * Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. -* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file +* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index df17dc3a3662..753e9ac28449 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.9.0 +lastReleaseVersion: 1.10.0 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 98f0bdd57106..3a4bf16b2322 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.9.1-dev +version: 1.10.0 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 9f27fdae99c4..7ec6b99fd998 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.6.15 + +No user-facing changes. + ## 2.6.14 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/2.6.15.md b/javascript/ql/lib/change-notes/released/2.6.15.md new file mode 100644 index 000000000000..f69028c68915 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.15.md @@ -0,0 +1,3 @@ +## 2.6.15 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 022aeff4e02f..cafb64b87929 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.14 +lastReleaseVersion: 2.6.15 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index bd19febdfaa6..de43ec0c7ad9 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.15-dev +version: 2.6.15 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 4a453506818e..f52156dc1b9c 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 2.2.0 + +### Query Metadata Changes + +* Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries. +* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. + ## 2.1.3 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/javascript/ql/src/change-notes/released/2.2.0.md similarity index 66% rename from javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md rename to javascript/ql/src/change-notes/released/2.2.0.md index ca81037f44bc..6a60b337eef2 100644 --- a/javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md +++ b/javascript/ql/src/change-notes/released/2.2.0.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 2.2.0 + +### Query Metadata Changes + * Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries. -* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file +* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 345fb0c73a44..2f3083541950 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.3 +lastReleaseVersion: 2.2.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 93dd9cf7ae7c..d3adb5a5207c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.1.4-dev +version: 2.2.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 203d289a6734..b273c2953fd3 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.35.md b/misc/suite-helpers/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index e3283b5dc3f9..b3316643de4e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.35-dev +version: 1.0.35 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index df8a66ca0e62..67b8cece8211 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 5.0.0 + +### Breaking Changes + +- The classes `ControlFlowNode`, `Expr`, and `Module` no longer expose predicates that invoke the points-to analysis. To access these predicates, import the module `LegacyPointsTo` and follow the instructions given therein. + ## 4.1.0 ### New Features diff --git a/python/ql/lib/change-notes/2025-10-30-remove-points-to-from-cfg-and-expr.md b/python/ql/lib/change-notes/released/5.0.0.md similarity index 87% rename from python/ql/lib/change-notes/2025-10-30-remove-points-to-from-cfg-and-expr.md rename to python/ql/lib/change-notes/released/5.0.0.md index 9b8eef6bcbae..ae6a34880e01 100644 --- a/python/ql/lib/change-notes/2025-10-30-remove-points-to-from-cfg-and-expr.md +++ b/python/ql/lib/change-notes/released/5.0.0.md @@ -1,5 +1,5 @@ ---- -category: breaking ---- +## 5.0.0 + +### Breaking Changes - The classes `ControlFlowNode`, `Expr`, and `Module` no longer expose predicates that invoke the points-to analysis. To access these predicates, import the module `LegacyPointsTo` and follow the instructions given therein. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index d5b1bf88d10e..c9e54136ca5c 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.0 +lastReleaseVersion: 5.0.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index bb28a8f63157..fd765f7c3855 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.1.1-dev +version: 5.0.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 65fd05e047b9..1496c93adc72 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.7.0 + +### Query Metadata Changes + +* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. + ## 1.6.8 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md deleted file mode 100644 index bc314358a6f8..000000000000 --- a/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file diff --git a/python/ql/src/change-notes/released/1.7.0.md b/python/ql/src/change-notes/released/1.7.0.md new file mode 100644 index 000000000000..92850b2e4649 --- /dev/null +++ b/python/ql/src/change-notes/released/1.7.0.md @@ -0,0 +1,5 @@ +## 1.7.0 + +### Query Metadata Changes + +* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index fbc11aa62b75..d1184cc67507 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.8 +lastReleaseVersion: 1.7.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 7280bbcb67c9..0c4bd654b0b0 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.6.9-dev +version: 1.7.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index a99e40177893..1a4f011d531c 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.3 + +No user-facing changes. + ## 5.1.2 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/5.1.3.md b/ruby/ql/lib/change-notes/released/5.1.3.md new file mode 100644 index 000000000000..9af1eab14f34 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.3.md @@ -0,0 +1,3 @@ +## 5.1.3 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index d21c12fbe7fb..8ffbc76d58a0 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.2 +lastReleaseVersion: 5.1.3 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 3a400018dec5..dba4b173bf27 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.3-dev +version: 5.1.3 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 282fd2846352..300aa213b5d1 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.5.0 + +### Query Metadata Changes + +* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. + ## 1.4.8 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md deleted file mode 100644 index 4da73769e279..000000000000 --- a/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file diff --git a/ruby/ql/src/change-notes/released/1.5.0.md b/ruby/ql/src/change-notes/released/1.5.0.md new file mode 100644 index 000000000000..491a3bf9ee42 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.5.0.md @@ -0,0 +1,5 @@ +## 1.5.0 + +### Query Metadata Changes + +* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 16e6425ae7e4..639f80c43417 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.8 +lastReleaseVersion: 1.5.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 37c9e4be5221..a581cc8866da 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.4.9-dev +version: 1.5.0 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 7e8575b03be4..7dd8b44f124d 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.20 + +### Minor Analysis Improvements + +* Added models for cookie methods in the `poem` crate. + ## 0.1.19 ### Major Analysis Improvements diff --git a/rust/ql/lib/change-notes/2025-11-05-poem.md b/rust/ql/lib/change-notes/released/0.1.20.md similarity index 55% rename from rust/ql/lib/change-notes/2025-11-05-poem.md rename to rust/ql/lib/change-notes/released/0.1.20.md index b71e52a81397..12d4a7a3d5ac 100644 --- a/rust/ql/lib/change-notes/2025-11-05-poem.md +++ b/rust/ql/lib/change-notes/released/0.1.20.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.1.20 + +### Minor Analysis Improvements + * Added models for cookie methods in the `poem` crate. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index de6e4c490684..9910e8d039f3 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.19 +lastReleaseVersion: 0.1.20 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 3c045cd83e56..0a00fef81b0c 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.20-dev +version: 0.1.20 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 2b0c54fc057e..d292205bfdcd 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.20 + +### Minor Analysis Improvements + +* Taint flow barriers have been added to the `rust/regex-injection`, `rust/sql-injection` and `rust/log-injection`, reducing the frequency of false positive results for these queries. + ## 0.1.19 ### Minor Analysis Improvements diff --git a/rust/ql/src/change-notes/2025-10-31-barriers.md b/rust/ql/src/change-notes/released/0.1.20.md similarity index 80% rename from rust/ql/src/change-notes/2025-10-31-barriers.md rename to rust/ql/src/change-notes/released/0.1.20.md index 1504380d8d03..a29940bfb7cf 100644 --- a/rust/ql/src/change-notes/2025-10-31-barriers.md +++ b/rust/ql/src/change-notes/released/0.1.20.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.1.20 + +### Minor Analysis Improvements + * Taint flow barriers have been added to the `rust/regex-injection`, `rust/sql-injection` and `rust/log-injection`, reducing the frequency of false positive results for these queries. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index de6e4c490684..9910e8d039f3 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.19 +lastReleaseVersion: 0.1.20 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index a26c9d35de5d..fcf86c7e21f8 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.20-dev +version: 0.1.20 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index 4d0898b90e46..ab7c158c25b5 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.9 + +No user-facing changes. + ## 0.0.8 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.9.md b/shared/concepts/change-notes/released/0.0.9.md new file mode 100644 index 000000000000..c9e17c6d6cf2 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.9.md @@ -0,0 +1,3 @@ +## 0.0.9 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index 58fdc6b45deb..ecdd64fbab86 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.8 +lastReleaseVersion: 0.0.9 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index f76c1f2ae45d..289b9d531da7 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.9-dev +version: 0.0.9 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index c5b9b9d696ab..d2961b514834 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.19 + +No user-facing changes. + ## 2.0.18 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.19.md b/shared/controlflow/change-notes/released/2.0.19.md new file mode 100644 index 000000000000..b37b6798b125 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.19.md @@ -0,0 +1,3 @@ +## 2.0.19 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 16342205c738..4aecf1e1f86f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.18 +lastReleaseVersion: 2.0.19 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index fdf7de8e6a70..a046376584b5 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.19-dev +version: 2.0.19 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index f963117ea88f..ff6b9243d64a 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.19 + +No user-facing changes. + ## 2.0.18 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.19.md b/shared/dataflow/change-notes/released/2.0.19.md new file mode 100644 index 000000000000..b37b6798b125 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.19.md @@ -0,0 +1,3 @@ +## 2.0.19 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 16342205c738..4aecf1e1f86f 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.18 +lastReleaseVersion: 2.0.19 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 7f969fdef424..d1cddb658060 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.19-dev +version: 2.0.19 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index b0b444f8c414..b5ca37028e4c 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.35.md b/shared/mad/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 13a5b8507b36..54662518ac6b 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 83a42fb05515..29ece641a7e3 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.13 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.13.md b/shared/quantum/change-notes/released/0.0.13.md new file mode 100644 index 000000000000..f679eaf0313a --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.13.md @@ -0,0 +1,3 @@ +## 0.0.13 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index 997fb8da83cd..044e54e4f7e5 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.0.13 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 0cc0fbad9065..7aa341ed298c 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.13-dev +version: 0.0.13 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 640d26270e1f..f433c424cfeb 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.35.md b/shared/rangeanalysis/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 24b697d1f49a..acfe26c3d74e 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 1e3fb3c306c9..69cf5cdad0ec 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.35.md b/shared/regex/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index f66b9d743f6f..7c883c5a3489 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 2d8087cd96c8..5cbc5a2ebca7 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.11 + +No user-facing changes. + ## 2.0.10 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.11.md b/shared/ssa/change-notes/released/2.0.11.md new file mode 100644 index 000000000000..b3d110bcba50 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.11.md @@ -0,0 +1,3 @@ +## 2.0.11 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 96ea0220a690..3cbe73b4cadc 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.10 +lastReleaseVersion: 2.0.11 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0aada9508eea..9c7f6f2ac2ad 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.11-dev +version: 2.0.11 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 870695d684ce..c27711a0c4c8 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.35.md b/shared/threat-models/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 4bb9cb4cb5f9..02bfe21bf768 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.35-dev +version: 1.0.35 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 23fd78f42e58..33db936cccce 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.35.md b/shared/tutorial/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index fa53c0be99f3..658dbc8c8163 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index d95faf698642..04ce591c7d2e 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.35.md b/shared/typeflow/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 94cae6f26a66..b0d79695965b 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 4f4b3189bb41..28235d47f61f 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.16 + +No user-facing changes. + ## 0.0.15 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.16.md b/shared/typeinference/change-notes/released/0.0.16.md new file mode 100644 index 000000000000..62b5521ea013 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.16.md @@ -0,0 +1,3 @@ +## 0.0.16 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index dff35216fc69..a49f7be4cff3 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.15 +lastReleaseVersion: 0.0.16 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 000088497029..485c62840300 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.16-dev +version: 0.0.16 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 4edafe872909..0d3ff4a1df1d 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.19 + +No user-facing changes. + ## 2.0.18 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.19.md b/shared/typetracking/change-notes/released/2.0.19.md new file mode 100644 index 000000000000..b37b6798b125 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.19.md @@ -0,0 +1,3 @@ +## 2.0.19 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 16342205c738..4aecf1e1f86f 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.18 +lastReleaseVersion: 2.0.19 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 0c5881829119..d804fa007480 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.19-dev +version: 2.0.19 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 9fbdb39d4931..e38e1645eb5c 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.35.md b/shared/typos/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b876c84bbe37..94ec6653e8b6 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 88679dd68468..13de50b73212 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.22 + +No user-facing changes. + ## 2.0.21 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.22.md b/shared/util/change-notes/released/2.0.22.md new file mode 100644 index 000000000000..8a2611adad2d --- /dev/null +++ b/shared/util/change-notes/released/2.0.22.md @@ -0,0 +1,3 @@ +## 2.0.22 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index a572e88bffd4..980bdfe195ba 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.21 +lastReleaseVersion: 2.0.22 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 4d4b671071ee..aefbed94437d 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.22-dev +version: 2.0.22 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index ff67592d22ba..25cba5db417f 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.35.md b/shared/xml/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 40a7eadd8285..7fa5e1d171ec 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index fb623a1f26cf..daf8d92d00ae 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.35 + +No user-facing changes. + ## 1.0.34 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.35.md b/shared/yaml/change-notes/released/1.0.35.md new file mode 100644 index 000000000000..c539ed2d3b13 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.35.md @@ -0,0 +1,3 @@ +## 1.0.35 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index b736654032cf..9493cf42a28b 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.34 +lastReleaseVersion: 1.0.35 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index a1af32ac0796..fd6a84b16931 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.35-dev +version: 1.0.35 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index b1b958708e0c..a1224ca4a8c9 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 6.1.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.1. + ## 6.0.0 ### Breaking Changes diff --git a/swift/ql/lib/change-notes/2025-10-22-swift-6.2.1.md b/swift/ql/lib/change-notes/released/6.1.0.md similarity index 51% rename from swift/ql/lib/change-notes/2025-10-22-swift-6.2.1.md rename to swift/ql/lib/change-notes/released/6.1.0.md index 42a738ff746d..2c16ed106e6f 100644 --- a/swift/ql/lib/change-notes/2025-10-22-swift-6.2.1.md +++ b/swift/ql/lib/change-notes/released/6.1.0.md @@ -1,4 +1,5 @@ ---- -category: majorAnalysis ---- +## 6.1.0 + +### Major Analysis Improvements + * Upgraded to allow analysis of Swift 6.2.1. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index f8c4fa43ccb7..22247782f3e5 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.0.0 +lastReleaseVersion: 6.1.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index ba8c8aac0443..84ff9e5061a6 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.0.1-dev +version: 6.1.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 99b5491b9dbb..ac02b32dc565 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.9 + +No user-facing changes. + ## 1.2.8 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.9.md b/swift/ql/src/change-notes/released/1.2.9.md new file mode 100644 index 000000000000..a928703e4be4 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.9.md @@ -0,0 +1,3 @@ +## 1.2.9 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index a49a92ee5abd..96443e87f0d8 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.8 +lastReleaseVersion: 1.2.9 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index d5a55b365f1e..cf2c5ccfc84c 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.9-dev +version: 1.2.9 groups: - swift - queries From 1c81c4d4c9c8abfeb5e4c9d6adeeae729fd93d7c Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 18 Nov 2025 10:01:36 +0100 Subject: [PATCH 2/5] C#: make some tweaks to change logs --- csharp/ql/lib/CHANGELOG.md | 2 +- csharp/ql/lib/change-notes/released/5.3.0.md | 2 +- csharp/ql/src/change-notes/released/1.0.11.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 962b6ecd1847..dbaa58119a4f 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -20,7 +20,7 @@ ### Major Analysis Improvements -* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. +* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions. For example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/5.3.0.md b/csharp/ql/lib/change-notes/released/5.3.0.md index 144f8bf26332..fa3053625757 100644 --- a/csharp/ql/lib/change-notes/released/5.3.0.md +++ b/csharp/ql/lib/change-notes/released/5.3.0.md @@ -6,7 +6,7 @@ ### Major Analysis Improvements -* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. +* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions. For example, improved precision has been observed for `cs/inefficient-containskey` and `cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: `cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, `cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, `cs/dereferenced-value-may-be-null` has been changed from a `path-problem` query to a `problem` query, so paths are no longer reported for this query. ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/1.0.11.md b/csharp/ql/src/change-notes/released/1.0.11.md index 9d2720380a06..d5c9f149c41d 100644 --- a/csharp/ql/src/change-notes/released/1.0.11.md +++ b/csharp/ql/src/change-notes/released/1.0.11.md @@ -2,4 +2,4 @@ ### Minor Analysis Improvements -* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. +* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. From 4c1f2b840eedfbfdf779147aec2cf6c0c9eecf13 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 18 Nov 2025 10:06:19 +0100 Subject: [PATCH 3/5] C#: change capitalization --- csharp/ql/src/CHANGELOG.md | 2 +- csharp/ql/src/change-notes/released/1.4.3.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index b7bef32f2074..fcf727fac490 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -12,7 +12,7 @@ ### Minor Analysis Improvements -* the `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. +* The `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. ## 1.4.2 diff --git a/csharp/ql/src/change-notes/released/1.4.3.md b/csharp/ql/src/change-notes/released/1.4.3.md index 1a022f2462d4..b3427ec89067 100644 --- a/csharp/ql/src/change-notes/released/1.4.3.md +++ b/csharp/ql/src/change-notes/released/1.4.3.md @@ -2,4 +2,4 @@ ### Minor Analysis Improvements -* the `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. +* The `cs/web/missing-x-frame-options` query now correctly handles configuration nested in root `` elements. From 5ee45af3aa96998305f2b97d03b74188040e10d7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 18 Nov 2025 09:53:12 +0000 Subject: [PATCH 4/5] Post-release preparation for codeql-cli-2.23.6 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 41 files changed, 41 insertions(+), 41 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 22e1d6db0fc6..7671d59ddc06 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.21 +version: 0.4.22-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 78ca2aa20739..b11eab521ebb 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.13 +version: 0.6.14-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index c2f8cc98819d..febb297cb8da 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 6.1.0 +version: 6.1.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 8e062d290b56..1e30e25da037 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.4 +version: 1.5.5-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 80e9343408f9..177b79ef6b83 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.52 +version: 1.7.53-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index f107eb7dee6d..7b065e193b68 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.52 +version: 1.7.53-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 3c3ae516a563..7ea21611edc5 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.0 +version: 5.4.1-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 4834c59d8fa9..a4033c362f05 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.5.0 +version: 1.5.1-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index ce049f780271..e7707ebbfe0a 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.35 +version: 1.0.36-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index ec804b7aee56..97c351dfe8a1 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 5.0.2 +version: 5.0.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index d273ea1ddfca..1a6c47319a2a 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.9 +version: 1.4.10-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 8a3414dcb122..5d14d9b313ae 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.4 +version: 7.7.5-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 3a4bf16b2322..f1a422dcfa92 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.0 +version: 1.10.1-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index de43ec0c7ad9..b0c7e2e1e121 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.15 +version: 2.6.16-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index d3adb5a5207c..3716fa82c2fb 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.2.0 +version: 2.2.1-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index b3316643de4e..350d555bf574 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.35 +version: 1.0.36-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index fd765f7c3855..7f4e67a5cbf6 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 5.0.0 +version: 5.0.1-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 0c4bd654b0b0..40cb22f102a3 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.0 +version: 1.7.1-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index dba4b173bf27..99ffc1da075d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.3 +version: 5.1.4-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index a581cc8866da..81ee5e4f3790 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.0 +version: 1.5.1-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 0a00fef81b0c..bbd3b4da4b5c 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.20 +version: 0.1.21-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index fcf86c7e21f8..557990e8f369 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.20 +version: 0.1.21-dev groups: - rust - queries diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 289b9d531da7..a6f2253b7127 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.9 +version: 0.0.10-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index a046376584b5..aa9beb00dc76 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.19 +version: 2.0.20-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index d1cddb658060..ba23cda97ca2 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.19 +version: 2.0.20-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 54662518ac6b..579802e08f3a 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true dependencies: diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 7aa341ed298c..bd398ce4e038 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.13 +version: 0.0.14-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index acfe26c3d74e..1483733e8e37 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 7c883c5a3489..8d95fbccbda3 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 9c7f6f2ac2ad..4fa7f6e64220 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.11 +version: 2.0.12-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 02bfe21bf768..33680c17c7a0 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.35 +version: 1.0.36-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 658dbc8c8163..225922fa95a1 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index b0d79695965b..baec0554bd8d 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 485c62840300..4bd6beec446d 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.16 +version: 0.0.17-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index d804fa007480..bd32acdd76e1 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.19 +version: 2.0.20-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 94ec6653e8b6..752d11a2bc8c 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index aefbed94437d..47b84b65ff2f 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.22 +version: 2.0.23-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 7fa5e1d171ec..744b7a72909c 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index fd6a84b16931..f905e7abee4f 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.35 +version: 1.0.36-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 84ff9e5061a6..a35a1836ed14 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.1.0 +version: 6.1.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index cf2c5ccfc84c..d7584e3ed16c 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.9 +version: 1.2.10-dev groups: - swift - queries From 1ebc16e2d3700960a129e729a2cfb6da7feeb390 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Mon, 17 Nov 2025 14:39:35 -0600 Subject: [PATCH 5/5] Merge pull request #20855 from github/changedocs-2.23.5 Changedocs 2.23.5 (cherry picked from commit f27271d216a472339e38cdd62398220c97d068ef) --- .../codeql-changelog/codeql-cli-2.23.5.rst | 134 ++++++++++++++++++ .../codeql-changelog/index.rst | 1 + 2 files changed, 135 insertions(+) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.5.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.5.rst new file mode 100644 index 000000000000..9022a09444fc --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.5.rst @@ -0,0 +1,134 @@ +.. _codeql-cli-2.23.5: + +========================== +CodeQL 2.23.5 (2025-11-13) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.23.5 runs a total of 483 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 3 security queries have been added with this release. + +CodeQL CLI +---------- + +Breaking Changes +~~~~~~~~~~~~~~~~ + +* In order to make a :code:`@kind path-problem` query diff-informed, the :code:`getASelectedSourceLocation` and :code:`getASelectedSinkLocation` predicates in the dataflow configuration now need to be overridden to always return the location of the source/sink *in addition to* any other locations that are selected by the query. See the `QLdoc `__ for more details. + +Query Packs +----------- + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* the :code:`cs/web/missing-x-frame-options` query now correctly handles configuration nested in root :code:`` elements. + +Java/Kotlin +""""""""""" + +* Calls to :code:`String.matches` are now treated as sanitizers for the :code:`java/ssrf` query. + +Python +"""""" + +* The :code:`py/insecure-cookie` query has been split into multiple queries; with :code:`py/insecure-cookie` checking for cases in which :code:`Secure` flag is not set, :code:`py/client-exposed-cookie` checking for cases in which the :code:`HttpOnly` flag is not set, and the :code:`py/samesite-none` query checking for cases in which the :code:`SameSite` attribute is set to :code:`None`. These queries also now only alert for cases in which the cookie is detected to contain sensitive data. + +Rust +"""" + +* The "Low Rust analysis quality" query (:code:`rust/diagnostic/database-quality`), used by the tool status page, has been extended with a measure of successful type inference. + +New Queries +~~~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* The :code:`java/sensitive-cookie-not-httponly` query has been promoted from experimental to the main query pack. +* Added a new query, :code:`java/escaping`, to detect values escaping from classes marked as :code:`@ThreadSafe`. +* Added a new query, :code:`java/not-threadsafe`, to detect data races in classes marked as :code:`@ThreadSafe`. +* Added a new query, :code:`java/safe-publication`, to detect unsafe publication in classes marked as :code:`@ThreadSafe`. + +Language Libraries +------------------ + +Breaking Changes +~~~~~~~~~~~~~~~~ + +Swift +""""" + +* The :code:`OpenedArchetypeType` class has been renamed as :code:`ExistentialArchetypeType`. +* The :code:`OtherAvailabilitySpec` class has been removed. Use :code:`AvailabilitySpec::isWildcard` instead. +* The :code:`PlatformVersionAvailabilitySpec` has been removed. Use :code:`AvailabilitySpec::getPlatform` and :code:`AvailabilitySpec::getVersion` instead. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for :code:`cs/inefficient-containskey` and :code:`cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: :code:`cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, :code:`cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, :code:`cs/dereferenced-value-may-be-null` has been changed from a :code:`path-problem` query to a :code:`problem` query, so paths are no longer reported for this query. + +Swift +""""" + +* Upgraded to allow analysis of Swift 6.2. +* Support for experimental Embedded Swift has been dropped. + +Rust +"""" + +* Resolution of calls to functions has been improved in a number of ways, to make it more aligned with the behavior of the Rust compiler. This may impact queries that rely on call resolution, such as data flow queries. +* Added basic models for the :code:`actix-web` web framework. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* Added tracer support for macOS and Linux when the .NET CLI (:code:`dotnet`) directly invokes the C# compiler (:code:`csc`). This enhancement provides basic tracing and extraction capabilities for .NET 10 RC2 on these platforms. +* The extraction of location information for source code entities has been updated to use star IDs (:code:`*` IDs). This change should be transparent to end-users but may improve extraction performance in some cases by reducing TRAP file size and eliminating overhead from location de-duplication. + +Rust +"""" + +* Added :code:`ExtractedFile::hasSemantics` and :code:`ExtractedFile::isSkippedByCompilation` predicates. +* Generalized some existing models to improve data flow. +* Added models for the :code:`mysql` and :code:`mysql_async` libraries. + +Deprecated APIs +~~~~~~~~~~~~~~~ + +C# +"" + +* The class :code:`AbstractValue` in the :code:`Guards` library has been deprecated and replaced with the class :code:`GuardValue`. + +New Features +~~~~~~~~~~~~ + +Python +"""""" + +* Initial support for incremental Python databases via :code:`codeql database create --overlay-base`\ /\ :code:`--overlay-changes`. + +Swift +""""" + +* Added AST nodes :code:`UsingDecl`, :code:`UnsafeExpr`, and :code:`InlineArrayType` that correspond to new nodes in Swift 6.2. +* Added new predicates :code:`isDistributedGet`, :code:`isRead2`, :code:`isModify2`, and :code:`isInit` to the :code:`Accessor` class that correspond to new accessors in Swift 6.2. +* Added a new predicate :code:`isApply` to the :code:`KeyPathComponent` class that corresponds to method and initializer key path components in Swift 6.2. diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index 4b3e1f5bb982..e48181dc0263 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here