Merge pull request #15557 from github/release-prep/2.16.2

Release preparation for version 2.16.2
github · Feb 8, 2024 · 753d78a · 753d78a
2 parents a1395d5 + 36f01ff
commit 753d78a
Show file tree

Hide file tree

Showing 148 changed files with 383 additions and 154 deletions.
diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.12.5
+
+### New Features
+
+* Added the `PreprocBlock.qll` library to this repository.  This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
+* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
+
 ## 0.12.4
 
 ### Minor Analysis Improvements

diff --git a/cpp/ql/lib/change-notes/2024-01-30-throwing-model.md b/cpp/ql/lib/change-notes/2024-01-30-throwing-model.md
diff --git a/.../change-notes/2024-01-30-preproc-block.md → cpp/ql/lib/change-notes/released/0.12.5.md b/.../change-notes/2024-01-30-preproc-block.md → cpp/ql/lib/change-notes/released/0.12.5.md
@@ -1,4 +1,6 @@
----
-category: feature
----
+## 0.12.5
+
+### New Features
+
 * Added the `PreprocBlock.qll` library to this repository.  This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
+* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.4
+lastReleaseVersion: 0.12.5
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.5-dev
+version: 0.12.5
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.9.4
+
+### Minor Analysis Improvements
+
+* Corrected 2 false positive with `cpp/incorrect-string-type-conversion`: conversion of byte arrays to wchar and new array allocations converted to wchar.
+* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added.
+* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks.
+* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
+* ```
+* The diagnostic query `cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files.
+
 ## 0.9.3
 
 ### Minor Analysis Improvements

diff --git a/cpp/ql/src/change-notes/2024-01-19-extracted-files.md b/cpp/ql/src/change-notes/2024-01-19-extracted-files.md
diff --git a/.../src/change-notes/2024-01-29-false_positive_incorrect_string_type_conversion.md b/.../src/change-notes/2024-01-29-false_positive_incorrect_string_type_conversion.md
diff --git a/cpp/ql/src/change-notes/2024-01-29-incorrectly-checked-scanf-2.md b/cpp/ql/src/change-notes/2024-01-29-incorrectly-checked-scanf-2.md
diff --git a/cpp/ql/src/change-notes/2024-01-29-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2024-01-29-incorrectly-checked-scanf.md
diff --git a/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md b/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md
diff --git a/cpp/ql/src/change-notes/released/0.9.4.md b/cpp/ql/src/change-notes/released/0.9.4.md
@@ -0,0 +1,10 @@
+## 0.9.4
+
+### Minor Analysis Improvements
+
+* Corrected 2 false positive with `cpp/incorrect-string-type-conversion`: conversion of byte arrays to wchar and new array allocations converted to wchar.
+* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added.
+* The "Incorrect return-value check for a 'scanf'-like function" query (`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks.
+* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
+* ```
+* The diagnostic query `cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.3
+lastReleaseVersion: 0.9.4
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.4-dev
+version: 0.9.4
 groups:
   - cpp
   - queries

diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.8
+
+No user-facing changes.
+
 ## 1.7.7
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.8.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.8.md
@@ -0,0 +1,3 @@
+## 1.7.8
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.7
+lastReleaseVersion: 1.7.8
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.8-dev
+version: 1.7.8
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.8
+
+No user-facing changes.
+
 ## 1.7.7
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.8.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.8.md
@@ -0,0 +1,3 @@
+## 1.7.8
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.7
+lastReleaseVersion: 1.7.8
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.8-dev
+version: 1.7.8
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added a new database relation to store compiler arguments specified inside `@[...].rsp` file arguments. The arguments
+are returned by `Compilation::getExpandedArgument/1` and `Compilation::getExpandedArguments/0`.
+* C# 12: Added extractor, QL library and data flow support for collection expressions like `[1, y, 4, .. x]`.
+* The C# extractor now accepts an extractor option `logging.verbosity` that specifies the verbosity of the logs. The
+option is added via `codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the
+corresponding environment variable `CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`.
+
 ## 0.8.7
 
 ### Minor Analysis Improvements

diff --git a/csharp/ql/lib/change-notes/2024-01-25-extractor-option-logging.md b/csharp/ql/lib/change-notes/2024-01-25-extractor-option-logging.md
diff --git a/csharp/ql/lib/change-notes/2024-01-26-collection-expression.md b/csharp/ql/lib/change-notes/2024-01-26-collection-expression.md
diff --git a/csharp/ql/lib/change-notes/2024-01-31-compilation-expanded-args.md b/csharp/ql/lib/change-notes/2024-01-31-compilation-expanded-args.md
diff --git a/csharp/ql/lib/change-notes/released/0.8.8.md b/csharp/ql/lib/change-notes/released/0.8.8.md
@@ -0,0 +1,10 @@
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added a new database relation to store compiler arguments specified inside `@[...].rsp` file arguments. The arguments
+are returned by `Compilation::getExpandedArgument/1` and `Compilation::getExpandedArguments/0`.
+* C# 12: Added extractor, QL library and data flow support for collection expressions like `[1, y, 4, .. x]`.
+* The C# extractor now accepts an extractor option `logging.verbosity` that specifies the verbosity of the logs. The
+option is added via `codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the
+corresponding environment variable `CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`.
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.7
+lastReleaseVersion: 0.8.8
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.8-dev
+version: 0.8.8
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added string interpolation expressions and `string.Format` as possible sanitizers for the `cs/web/unvalidated-url-redirection` query.
+
 ## 0.8.7
 
 ### Minor Analysis Improvements

diff --git a/...otes/2024-01-22-url-redirect-sanitizer.md → csharp/ql/src/change-notes/released/0.8.8.md b/...otes/2024-01-22-url-redirect-sanitizer.md → csharp/ql/src/change-notes/released/0.8.8.md
@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.8.8
+
+### Minor Analysis Improvements
+
 * Added string interpolation expressions and `string.Format` as possible sanitizers for the `cs/web/unvalidated-url-redirection` query.
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.7
+lastReleaseVersion: 0.8.8
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.8-dev
+version: 0.8.8
 groups:
   - csharp
   - queries

diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.7
+
+No user-facing changes.
+
 ## 0.0.6
 
 No user-facing changes.

diff --git a/go/ql/consistency-queries/change-notes/released/0.0.7.md b/go/ql/consistency-queries/change-notes/released/0.0.7.md
@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7
diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.7-dev
+version: 0.0.7
 groups:
   - go
   - queries

diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.7.8
+
+No user-facing changes.
+
 ## 0.7.7
 
 ### Deprecated APIs

diff --git a/go/ql/lib/change-notes/released/0.7.8.md b/go/ql/lib/change-notes/released/0.7.8.md
@@ -0,0 +1,3 @@
+## 0.7.8
+
+No user-facing changes.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.7
+lastReleaseVersion: 0.7.8
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.8-dev
+version: 0.7.8
 groups: go
 dbscheme: go.dbscheme
 extractor: go

diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.7.8
+
+No user-facing changes.
+
 ## 0.7.7
 
 ### Minor Analysis Improvements

diff --git a/go/ql/src/change-notes/released/0.7.8.md b/go/ql/src/change-notes/released/0.7.8.md
@@ -0,0 +1,3 @@
+## 0.7.8
+
+No user-facing changes.
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.7
+lastReleaseVersion: 0.7.8
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.8-dev
+version: 0.7.8
 groups:
   - go
   - queries

diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.14
+
+No user-facing changes.
+
 ## 0.0.13
 
 No user-facing changes.

diff --git a/java/ql/automodel/src/change-notes/released/0.0.14.md b/java/ql/automodel/src/change-notes/released/0.0.14.md
@@ -0,0 +1,3 @@
+## 0.0.14
+
+No user-facing changes.
diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.0.14
diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.14-dev
+version: 0.0.14
 groups:
     - java
     - automodel

diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added models for the following packages:
+
+  * com.fasterxml.jackson.databind
+  * javax.servlet
+* Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
+
 ## 0.8.7
 
 ### New Features

diff --git a/java/ql/lib/change-notes/2024-01-24-new-models.md b/java/ql/lib/change-notes/2024-01-24-new-models.md
diff --git a/...d-uuid-and-date-to-simpletypesanitizer.md → java/ql/lib/change-notes/released/0.8.8.md b/...d-uuid-and-date-to-simpletypesanitizer.md → java/ql/lib/change-notes/released/0.8.8.md
@@ -1,4 +1,9 @@
----
-category: minorAnalysis
----
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added models for the following packages:
+
+  * com.fasterxml.jackson.databind
+  * javax.servlet
 * Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.7
+lastReleaseVersion: 0.8.8
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.8-dev
+version: 0.8.8
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java