Merge pull request #17480 from github/post-release-prep/codeql-cli-2.19.0

Post-release preparation for codeql-cli-2.19.0
This commit is contained in:
Chris Smowton 2024-09-16 16:06:58 +01:00 коммит произвёл GitHub
Родитель d24d933ad7 79be301984
Коммит 30be6803c3
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
153 изменённых файлов: 463 добавлений и 170 удалений

Просмотреть файл

@ -1,3 +1,27 @@
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `hasQualifiedName` and `isDefined` predicates from the `Declaration` class, use `hasGlobalName` and `hasDefinition` respectively instead.
* Deleted the `getFullSignature` predicate from the `Function` class, use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead.
* Deleted the deprecated `freeCall` predicate from `Alloc.qll`. Use `DeallocationExpr` instead.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted the deprecated `getFieldExpr` predicate from `ClassAggregateLiteral`, use `getAFieldExpr` instead.
* Deleted the deprecated `getElementExpr` predicate from `ArrayOrVectorAggregateLiteral`, use `getAnElementExpr` instead.
### New Features
* Added a class `C11GenericExpr` to represent C11 generic selection expressions. The generic selection is represented as a `Conversion` on the expression that will be selected.
* Added subclasses of `BuiltInOperations` for the `__is_scoped_enum`, `__is_trivially_equality_comparable`, and `__is_trivially_relocatable` builtin operations.
* Added a subclass of `Expr` for `__datasizeof` expressions.
### Minor Analysis Improvements
* Added a data flow model for `swap` member functions, which were previously modeled as taint tracking functions. This change improves the precision of queries where flow through `swap` member functions might affect the results.
* Added a data flow model for `realloc`-like functions, which were previously modeled as a taint tracking functions. This change improves the precision of queries where flow through `realloc`-like functions might affect the results.
## 1.4.2
No user-facing changes.

Просмотреть файл

@ -1,5 +0,0 @@
---
category: feature
---
* Added subclasses of `BuiltInOperations` for the `__is_scoped_enum`, `__is_trivially_equality_comparable`, and `__is_trivially_relocatable` builtin operations.
* Added a subclass of `Expr` for `__datasizeof` expressions.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: feature
---
* Added a class `C11GenericExpr` to represent C11 generic selection expressions. The generic selection is represented as a `Conversion` on the expression that will be selected.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added a data flow model for `realloc`-like functions, which were previously modeled as a taint tracking functions. This change improves the precision of queries where flow through `realloc`-like functions might affect the results.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added a data flow model for `swap` member functions, which were previously modeled as taint tracking functions. This change improves the precision of queries where flow through `swap` member functions might affect the results.

Просмотреть файл

@ -1,6 +1,7 @@
---
category: breaking
---
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `hasQualifiedName` and `isDefined` predicates from the `Declaration` class, use `hasGlobalName` and `hasDefinition` respectively instead.
@ -9,3 +10,14 @@ category: breaking
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted the deprecated `getFieldExpr` predicate from `ClassAggregateLiteral`, use `getAFieldExpr` instead.
* Deleted the deprecated `getElementExpr` predicate from `ArrayOrVectorAggregateLiteral`, use `getAnElementExpr` instead.
### New Features
* Added a class `C11GenericExpr` to represent C11 generic selection expressions. The generic selection is represented as a `Conversion` on the expression that will be selected.
* Added subclasses of `BuiltInOperations` for the `__is_scoped_enum`, `__is_trivially_equality_comparable`, and `__is_trivially_relocatable` builtin operations.
* Added a subclass of `Expr` for `__datasizeof` expressions.
### Minor Analysis Improvements
* Added a data flow model for `swap` member functions, which were previously modeled as taint tracking functions. This change improves the precision of queries where flow through `swap` member functions might affect the results.
* Added a data flow model for `realloc`-like functions, which were previously modeled as a taint tracking functions. This change improves the precision of queries where flow through `realloc`-like functions might affect the results.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.2
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 1.4.3-dev
version: 2.0.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

Просмотреть файл

@ -1,3 +1,11 @@
## 1.2.3
### Minor Analysis Improvements
* Removed false positives caused by buffer accesses in unreachable code.
* Removed false positives caused by inconsistent type checking.
* Add modeling of C functions that don't throw, thereby increasing the precision of the `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query. The query now produces additional true positives.
## 1.2.2
No user-facing changes.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Add modeling of C functions that don't throw, thereby increasing the precision of the `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query. The query now produces additional true positives.

Просмотреть файл

@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Removed false positives caused by buffer accesses in unreachable code
* Removed false positives caused by inconsistent type checking

Просмотреть файл

@ -0,0 +1,7 @@
## 1.2.3
### Minor Analysis Improvements
* Removed false positives caused by buffer accesses in unreachable code
* Removed false positives caused by inconsistent type checking
* Add modeling of C functions that don't throw, thereby increasing the precision of the `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query. The query now produces additional true positives.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.2.2
lastReleaseVersion: 1.2.3

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.2.3-dev
version: 1.2.4-dev
groups:
- cpp
- queries

Просмотреть файл

@ -1,3 +1,7 @@
## 1.7.25
No user-facing changes.
## 1.7.24
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.7.25
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.24
lastReleaseVersion: 1.7.25

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.25-dev
version: 1.7.26-dev
groups:
- csharp
- solorigate

Просмотреть файл

@ -1,3 +1,7 @@
## 1.7.25
No user-facing changes.
## 1.7.24
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.7.25
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.24
lastReleaseVersion: 1.7.25

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.25-dev
version: 1.7.26-dev
groups:
- csharp
- solorigate

Просмотреть файл

@ -1,3 +1,16 @@
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
### Minor Analysis Improvements
* Parameters of public methods in abstract controller-like classes are now considered remote flow sources.
* The reported location of `partial` methods has been changed from the definition to the implementation part.
## 1.2.0
### New Features

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Parameters of public methods in abstract controller-like classes are now considered remote flow sources.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The reported location of `partial` methods has been changed from the definition to the implementation part.

Просмотреть файл

@ -1,6 +1,12 @@
---
category: breaking
---
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
### Minor Analysis Improvements
* Parameters of public methods in abstract controller-like classes are now considered remote flow sources.
* The reported location of `partial` methods has been changed from the definition to the implementation part.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.2.0
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 1.2.1-dev
version: 2.0.1-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.0.8-dev
version: 1.0.9-dev
groups:
- csharp
- queries

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.8-dev
version: 1.0.9-dev
groups:
- go
- queries

Просмотреть файл

@ -1,3 +1,27 @@
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
### Minor Analysis Improvements
* When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.
* Local source models for reading and parsing environment variables have been added for the following libraries:
* `os`
* `syscall`
* `github.com/caarlos0/env`
* `github.com/gobuffalo/envy`
* `github.com/hashicorp/go-envparse`
* `github.com/joho/godotenv`
* `github.com/kelseyhightower/envconfig`
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
### Bug Fixes
* Golang vendor directories not at the root of a repository are now correctly excluded from the baseline Go file count. This means code coverage information will be more accurate.
## 1.2.0
### Major Analysis Improvements
@ -6,18 +30,6 @@
## 1.1.5
### Minor Analysis Improvements
* Local source models for reading and parsing environment variables have been added for the following libraries:
- os
- syscall
- github.com/caarlos0/env
- github.com/gobuffalo/envy
- github.com/hashicorp/go-envparse
- github.com/joho/godotenv
- github.com/kelseyhightower/envconfig
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
### Bug Fixes
* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: fix
---
* Golang vendor directories not at the root of a repository are now correctly excluded from the baseline Go file count. This means code coverage information will be more accurate.

Просмотреть файл

@ -1,5 +0,0 @@
---
category: breaking
---
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.

Просмотреть файл

@ -1,6 +1,13 @@
---
category: minorAnalysis
---
## 2.0.0
### Breaking Changes
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
### Minor Analysis Improvements
* When a function or type has more than one anonymous type parameters, they were mistakenly being treated as the same type parameter. This has now been fixed.
* Local source models for reading and parsing environment variables have been added for the following libraries:
* os
* syscall
@ -10,3 +17,7 @@ category: minorAnalysis
* github.com/joho/godotenv
* github.com/kelseyhightower/envconfig
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
### Bug Fixes
* Golang vendor directories not at the root of a repository are now correctly excluded from the baseline Go file count. This means code coverage information will be more accurate.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.2.0
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/go-all
version: 1.2.1-dev
version: 2.0.1-dev
groups: go
dbscheme: go.dbscheme
extractor: go

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.0.8-dev
version: 1.0.9-dev
groups:
- go
- queries

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 1.0.8-dev
version: 1.0.9-dev
groups:
- java
- automodel

Просмотреть файл

@ -1,3 +1,20 @@
## 4.0.0
### Breaking Changes
* Deleted the deprecated `ProcessBuilderConstructor`, `MethodProcessBuilderCommand`, and `MethodRuntimeExec` from `JDK.qll`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
* Deleted the deprecated `getURI` predicate from `CamelJavaDslToDecl` and `SpringCamelXmlToElement`, use `getUri` instead.
* Deleted the deprecated `ExecCallable` class from `ExternalProcess.qll`.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `PathCreation.qll` file.
* Deleted the deprecated `WebviewDubuggingEnabledQuery.qll` file.
### Major Analysis Improvements
* When a method exists as source code, we will no longer use a models-as-data (MaD) model of that method. This primarily affects query results when the analysis includes generated models for the source code being analysed.
## 3.0.2
No user-facing changes.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* A generated (Models as Data) summary model is no longer used, if there exists a source code alternative. This primarily affects the analysis, when the analysis includes generated models for the source code being analysed.

Просмотреть файл

@ -1,6 +1,7 @@
---
category: breaking
---
## 4.0.0
### Breaking Changes
* Deleted the deprecated `ProcessBuilderConstructor`, `MethodProcessBuilderCommand`, and `MethodRuntimeExec` from `JDK.qll`.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
@ -9,3 +10,7 @@ category: breaking
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted the deprecated `PathCreation.qll` file.
* Deleted the deprecated `WebviewDubuggingEnabledQuery.qll` file.
### Major Analysis Improvements
* A generated (Models as Data) summary model is no longer used, if there exists a source code alternative. This primarily affects the analysis, when the analysis includes generated models for the source code being analysed.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 3.0.2
lastReleaseVersion: 4.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/java-all
version: 3.0.3-dev
version: 4.0.1-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

Просмотреть файл

@ -1,3 +1,7 @@
## 1.1.5
No user-facing changes.
## 1.1.4
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.1.5
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.4
lastReleaseVersion: 1.1.5

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.1.5-dev
version: 1.1.6-dev
groups:
- java
- queries

Просмотреть файл

@ -1,3 +1,19 @@
## 2.0.0
### Breaking Changes
* Deleted the deprecated `isHTMLElement` and `getDOMName` predicates from the JSX library, use `isHtmlElement` and `getDomName` respectively instead.
* Deleted the deprecated `getPackageJSON` predicate from the `SourceMappingComment` class, use `SourceMappingComment` instead.
* Deleted many deprecated directives from the `Stmt.qll` file, use the `Directive::` module instead.
* Deleted the deprecated `YAMLNode`, `YAMLValue`, and `YAMLScalar` classes from the YAML libraries, use `YamlNode`, `YamlValue`, and `YamlScalar` respectively instead.
* Deleted the deprecated `getARouteHandlerExpr` predicate from `Connect.qll`, use `getARouteHandlerNode` instead.
* Deleted the deprecated `getGWTVersion` predicate from `GWT.qll`, use `getGwtVersion` instead.
* Deleted the deprecated `getOwnOptionsObject` predicate from `Vue.qll`, use `getOwnOptions().getASink()` instead.
### Major Analysis Improvements
* Added support for TypeScript 5.6.
## 1.1.4
No user-facing changes.

Просмотреть файл

@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* Added support for TypeScript 5.6.

Просмотреть файл

@ -1,6 +1,7 @@
---
category: breaking
---
## 2.0.0
### Breaking Changes
* Deleted the deprecated `isHTMLElement` and `getDOMName` predicates from the JSX library, use `isHtmlElement` and `getDomName` respectively instead.
* Deleted the deprecated `getPackageJSON` predicate from the `SourceMappingComment` class, use `SourceMappingComment` instead.
* Deleted many deprecated directives from the `Stmt.qll` file, use the `Directive::` module instead.
@ -8,3 +9,7 @@ category: breaking
* Deleted the deprecated `getARouteHandlerExpr` predicate from `Connect.qll`, use `getARouteHandlerNode` instead.
* Deleted the deprecated `getGWTVersion` predicate from `GWT.qll`, use `getGwtVersion` instead.
* Deleted the deprecated `getOwnOptionsObject` predicate from `Vue.qll`, use `getOwnOptions().getASink()` instead.
### Major Analysis Improvements
* Added support for TypeScript 5.6.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.4
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 1.1.5-dev
version: 2.0.1-dev
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript

Просмотреть файл

@ -1,3 +1,9 @@
## 1.2.0
### Major Analysis Improvements
- Added a new query (`js/actions/actions-artifact-leak`) to detect GitHub Actions artifacts that may leak the `GITHUB_TOKEN` token.
## 1.1.3
No user-facing changes.

Просмотреть файл

@ -1,5 +1,5 @@
---
category: majorAnalysis
---
## 1.2.0
### Major Analysis Improvements
- Added a new query (`js/actions/actions-artifact-leak`) to detect GitHub Actions artifacts that may leak the GITHUB_TOKEN token.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.3
lastReleaseVersion: 1.2.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 1.1.4-dev
version: 1.2.1-dev
groups:
- javascript
- queries

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,4 +1,4 @@
name: codeql/suite-helpers
version: 1.0.8-dev
version: 1.0.9-dev
groups: shared
warnOnImplicitThis: true

Просмотреть файл

@ -1,3 +1,14 @@
## 2.0.0
### Breaking Changes
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted the deprecated `semmle.python.RegexTreeView` module, use `semmle.python.regexp.RegexTreeView` instead.
* Deleted the deprecated `RegexString` class from `regex.qll`.
* Deleted the deprecated `Regex` class, use `RegExp` instead.
* Deleted the deprecated `semmle/python/security/SQL.qll` file.
* Deleted the deprecated `useSSL` predicates from the LDAP libraries, use `useSsl` instead.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -1,9 +1,10 @@
---
category: breaking
---
## 2.0.0
### Breaking Changes
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted the deprecated `semmle.python.RegexTreeView` module, use `semmle.python.regexp.RegexTreeView` instead.
* Deleted the deprecated `RegexString` class from `regex.qll`.
* Deleted the deprecated `Regex` class, use `RegExp` instead.
* Deleted the deprecated `semmle/python/security/SQL.qll` file.
* Deleted the deprecated `useSSL` predicates from the LDAP libraries, use `useSsl` instead.
* Deleted the deprecated `useSSL` predicates from the LDAP libraries, use `useSsl` instead.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/python-all
version: 1.0.8-dev
version: 2.0.1-dev
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

Просмотреть файл

@ -1,3 +1,9 @@
## 1.2.2
### Minor Analysis Improvements
* The `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data` queries have been updated to exclude the `certificate` classification of sensitive sources, which often do not contain sensitive data.
## 1.2.1
No user-facing changes.

Просмотреть файл

@ -1,4 +1,5 @@
---
category: minorAnalysis
---
* The `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data` queries have been updated to exclude the `certificate` classification of sensitive sources, which often do not contain sensitive data.
## 1.2.2
### Minor Analysis Improvements
* The `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data` queries have been updated to exclude the `certificate` classification of sensitive sources, which often do not contain sensitive data.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.2.1
lastReleaseVersion: 1.2.2

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/python-queries
version: 1.2.2-dev
version: 1.2.3-dev
groups:
- python
- queries

Просмотреть файл

@ -1,3 +1,13 @@
## 2.0.0
### Breaking Changes
* Deleted the deprecated `getURL` predicate the `Http::Request` class, use `getAUrlPart` instead.
* Deleted the deprecated `getNode` predicate from the `CfgNode` class, use `getAstNode` instead.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`.
* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -1,6 +1,7 @@
---
category: breaking
---
## 2.0.0
### Breaking Changes
* Deleted the deprecated `getURL` predicate the `Http::Request` class, use `getAUrlPart` instead.
* Deleted the deprecated `getNode` predicate from the `CfgNode` class, use `getAstNode` instead.
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 2.0.0

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 1.0.8-dev
version: 2.0.1-dev
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

Просмотреть файл

@ -1,3 +1,7 @@
## 1.1.3
No user-facing changes.
## 1.1.2
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.1.3
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.2
lastReleaseVersion: 1.1.3

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 1.1.3-dev
version: 1.1.4-dev
groups:
- ruby
- queries

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/controlflow
version: 1.0.8-dev
version: 1.0.9-dev
groups: shared
library: true
dependencies:

Просмотреть файл

@ -1,3 +1,7 @@
## 1.1.2
No user-facing changes.
## 1.1.1
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.1.2
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.1.2

Просмотреть файл

@ -1,5 +1,5 @@
name: codeql/dataflow
version: 1.1.2-dev
version: 1.1.3-dev
groups: shared
library: true
dependencies:

Просмотреть файл

@ -1,3 +1,7 @@
## 1.0.8
No user-facing changes.
## 1.0.7
No user-facing changes.

Просмотреть файл

@ -0,0 +1,3 @@
## 1.0.8
No user-facing changes.

Просмотреть файл

@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.7
lastReleaseVersion: 1.0.8

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше