зеркало из https://github.com/github/codeql.git
Release preparation for version 2.16.2
This commit is contained in:
github-actions[bot]
Родитель
525f27173d
Коммит
c1b35fbf47
|
|
@ -1,3 +1,10 @@
|
|||
## 0.12.5
|
||||
|
||||
### New Features
|
||||
|
||||
* Added the `PreprocBlock.qll` library to this repository. This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
|
||||
* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
|
||||
|
||||
## 0.12.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
## 0.12.5
|
||||
|
||||
### New Features
|
||||
|
||||
* Added the `PreprocBlock.qll` library to this repository. This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
|
||||
* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.12.4
|
||||
lastReleaseVersion: 0.12.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-all
|
||||
version: 0.12.5-dev
|
||||
version: 0.12.5
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
## 0.9.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Corrected 2 false positive with `cpp/incorrect-string-type-conversion`: conversion of byte arrays to wchar and new array allocations converted to wchar.
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added.
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks.
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
|
||||
* ```
|
||||
* The diagnostic query `cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files.
|
||||
|
||||
## 0.9.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The diagnostic query `cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Corrected 2 false positive with `cpp/incorrect-string-type-conversion`: conversion of byte arrays to wchar and new array allocations converted to wchar.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
|
||||
* ```
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## 0.9.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Corrected 2 false positive with `cpp/incorrect-string-type-conversion`: conversion of byte arrays to wchar and new array allocations converted to wchar.
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added.
|
||||
* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks.
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
|
||||
* ```
|
||||
* The diagnostic query `cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.9.3
|
||||
lastReleaseVersion: 0.9.4
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-queries
|
||||
version: 0.9.4-dev
|
||||
version: 0.9.4
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.7.7
|
||||
lastReleaseVersion: 1.7.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.8-dev
|
||||
version: 1.7.8
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.7.7
|
||||
lastReleaseVersion: 1.7.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.8-dev
|
||||
version: 1.7.8
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a new database relation to store compiler arguments specified inside `@[...].rsp` file arguments. The arguments
|
||||
are returned by `Compilation::getExpandedArgument/1` and `Compilation::getExpandedArguments/0`.
|
||||
* C# 12: Added extractor, QL library and data flow support for collection expressions like `[1, y, 4, .. x]`.
|
||||
* The C# extractor now accepts an extractor option `logging.verbosity` that specifies the verbosity of the logs. The
|
||||
option is added via `codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the
|
||||
corresponding environment variable `CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The C# extractor now accepts an extractor option `logging.verbosity` that specifies the verbosity of the logs. The
|
||||
option is added via `codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the
|
||||
corresponding environment variable `CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 12: Added extractor, QL library and data flow support for collection expressions like `[1, y, 4, .. x]`.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a new database relation to store compiler arguments specified inside `@[...].rsp` file arguments. The arguments
|
||||
are returned by `Compilation::getExpandedArgument/1` and `Compilation::getExpandedArguments/0`.
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a new database relation to store compiler arguments specified inside `@[...].rsp` file arguments. The arguments
|
||||
are returned by `Compilation::getExpandedArgument/1` and `Compilation::getExpandedArguments/0`.
|
||||
* C# 12: Added extractor, QL library and data flow support for collection expressions like `[1, y, 4, .. x]`.
|
||||
* The C# extractor now accepts an extractor option `logging.verbosity` that specifies the verbosity of the logs. The
|
||||
option is added via `codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the
|
||||
corresponding environment variable `CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-all
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added string interpolation expressions and `string.Format` as possible sanitizers for the `cs/web/unvalidated-url-redirection` query.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added string interpolation expressions and `string.Format` as possible sanitizers for the `cs/web/unvalidated-url-redirection` query.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-queries
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.7
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.6
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.0.6
|
||||
lastReleaseVersion: 0.0.7
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql-go-consistency-queries
|
||||
version: 0.0.7-dev
|
||||
version: 0.0.7
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.7
|
||||
|
||||
### Deprecated APIs
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.7.7
|
||||
lastReleaseVersion: 0.7.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-all
|
||||
version: 0.7.8-dev
|
||||
version: 0.7.8
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.7.7
|
||||
lastReleaseVersion: 0.7.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-queries
|
||||
version: 0.7.8-dev
|
||||
version: 0.7.8
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.14
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.14
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.0.13
|
||||
lastReleaseVersion: 0.0.14
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-automodel-queries
|
||||
version: 0.0.14-dev
|
||||
version: 0.0.14
|
||||
groups:
|
||||
- java
|
||||
- automodel
|
||||
|
|
|
|||
|
|
@ -1,3 +1,13 @@
|
|||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.fasterxml.jackson.databind
|
||||
* javax.servlet
|
||||
* Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### New Features
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.fasterxml.jackson.databind
|
||||
* javax.servlet
|
||||
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.fasterxml.jackson.databind
|
||||
* javax.servlet
|
||||
* Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-all
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
## 0.8.8
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked.
|
||||
* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### New Queries
|
||||
|
|
@ -10,10 +17,6 @@
|
|||
|
||||
## 0.8.6
|
||||
|
||||
### Deprecated Queries
|
||||
|
||||
* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations.
|
||||
|
|
@ -24,6 +27,10 @@
|
|||
* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
|
||||
* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
## 0.8.8
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked.
|
||||
* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-queries
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.8.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.8.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-all
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.8.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.8.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-queries
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.7.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.7.7
|
||||
lastReleaseVersion: 0.7.8
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
name: codeql/suite-helpers
|
||||
version: 0.7.8-dev
|
||||
version: 0.7.8
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
|
|
|||
|
|
@ -1,3 +1,13 @@
|
|||
## 0.11.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `html.escape` as a sanitizer for HTML.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed the `a` (ASCII) inline flag not being recognized by the regular expression library.
|
||||
|
||||
## 0.11.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed the `a` (ASCII) inline flag not being recognized by the regular expression library.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `html.escape` as a sanitizer for HTML.
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
## 0.11.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `html.escape` as a sanitizer for HTML.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed the `a` (ASCII) inline flag not being recognized by the regular expression library.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.11.7
|
||||
lastReleaseVersion: 0.11.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-all
|
||||
version: 0.11.8-dev
|
||||
version: 0.11.8
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.9.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.9.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.9.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.9.7
|
||||
lastReleaseVersion: 0.9.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-queries
|
||||
version: 0.9.8-dev
|
||||
version: 0.9.8
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Flow is now tracked through Rails `render` calls, when the argument is a `ViewComponent`. In this case, data flow is tracked into the accompanying `.html.erb` file.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.8.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Flow is now tracked through Rails `render` calls, when the argument is a `ViewComponent`. In this case, data flow is tracked into the accompanying `.html.erb` file.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-all
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
## 0.8.8
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new experimental query, `rb/insecure-randomness`, to detect when application uses random values that are not cryptographically secure.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added new unsafe deserialization sinks for the ox gem.
|
||||
* Added an additional unsafe deserialization sink for the oj gem.
|
||||
|
||||
## 0.8.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new experimental query, `rb/insecure-randomness`, to detect when application uses random values that are not cryptographically secure.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added new unsafe deserialization sinks for the ox gem.
|
||||
* Added an additional unsafe deserialization sink for the oj gem.
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## 0.8.8
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new experimental query, `rb/insecure-randomness`, to detect when application uses random values that are not cryptographically secure.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added new unsafe deserialization sinks for the ox gem.
|
||||
* Added an additional unsafe deserialization sink for the oj gem.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.8.7
|
||||
lastReleaseVersion: 0.8.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-queries
|
||||
version: 0.8.8-dev
|
||||
version: 0.8.8
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.1.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.1.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.1.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.1.7
|
||||
lastReleaseVersion: 0.1.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/controlflow
|
||||
version: 0.1.8-dev
|
||||
version: 0.1.8
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.1.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.1.7
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.1.8
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.1.7
|
||||
lastReleaseVersion: 0.1.8
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/dataflow
|
||||
version: 0.1.8-dev
|
||||
version: 0.1.8
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче