added change notes

Author: Napalys

cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,9 @@
+---
+category: breaking
+---
+* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
+* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
+* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.

csharp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,32 @@
+---
+category: breaking
+---
+* Deleted the deprecated `CollectionExpr` class from the `Guards.qll`.
+* Deleted the deprecated `ParameterPosition` class from the `FlowSummary.qll`.
+* Deleted the deprecated `ArgumentPosition` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `isCapturedVariableDefinitionFlowIn` predicate from the `SSA.qll`.
+* Deleted the deprecated `isCapturedVariableDefinitionFlowOut` predicate from the `SSA.qll`.
+* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`.
+* Deleted the deprecated `Remote` import from the `InsecureDirectObjectReferenceQuery.qll`.
+* Deleted the deprecated `RemoteSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `CommandInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ConditionalBypassQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `LDAPInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `MissingXMLValidationQuery.qll` use `ActiveThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ReDoSQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `RegexInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `TaintedPathQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `UrlRedirectQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `XPathInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `ORMMappedProperty` class from the `Stored.qll` use `EntityFramework::StoredFlowSource` and `NHibernate::StoredFlowSource` instead.
+

go/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,9 @@
+---
+category: breaking
+---
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `AppenderOrSprinter` class from the `Fmt.qll`.

java/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,8 @@
+---
+category: breaking
+---
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.

javascript/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,70 @@
+---
+category: breaking
+---
+* Deleted the deprecated `getImportAssertion` predicate from the `ImportDeclaration` class, use `getImportAttributes` instead.
+* Deleted the deprecated `getImportAssertion` predicate from the `ExportDeclaration` class, use `getImportAttributes` instead.
+* Deleted the deprecated `getImportAttributes` predicate from the `DynamicImportExpr` class, use `getImportOptions` instead.
+* Deleted the deprecated `Configuration` class from the `BrokenCryptoAlgorithmQuery.qll`, use the `BrokenCryptoAlgorithmFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `BuildArtifactLeakQuery.qll`, use the `BuildArtifactLeakFlow` module instead.
+* Deleted the deprecated `getLabel` predicate from the `CleartextLoggingCustomizations.qll`.
+* Deleted the deprecated `getLabel` predicate from the `Sink` class.
+* Deleted the deprecated `isSanitizerEdge` predicate from the `CleartextLoggingCustomizations.qll`, use `Barrier` instead, sanitized have been replaced by sanitized nodes.
+* Deleted the deprecated `Configuration` class from the `CleartextLoggingQuery.qll`, use the `CleartextLoggingFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `CleartextStorageQuery.qll`, use the `ClearTextStorageFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ClientSideRequestForgeryQuery.qll`, use the `ClientSideRequestForgeryFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ClientSideUrlRedirectQuery.qll`.
+* Deleted the deprecated `Configuration` class from the `CodeInjectionQuery.qll`, use the `CodeInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `CommandInjectionQuery.qll`, use the `CommandInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ConditionalBypassQuery.qll`, use the `ConditionalBypassFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `CorsMisconfigurationForCredentialsQuery.qll`, use the `CorsMisconfigurationFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `DeepObjectResourceExhaustionQuery.qll`, use the `DeepObjectResourceExhaustionFlow` module instead.
+* Deleted the deprecated `isOptionallySanitizedEdge` predicate from the `DomBasedXssCustomizations.qll`, use the `isOptionallySanitizedNode` module instead.
+* Deleted the deprecated `Configuration` class from the `DomBasedXssQuery.qll`, use the `DomBasedXssFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ExceptionXssQuery.qll`, use the `ExceptionXssFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ExternalAPIUsedWithUntrustedDataQuery.qll`, use the `ExternalAPIUsedWithUntrustedDataFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `FileAccessToHttpQuery.qll`, use the `FileAccessToHttpFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `HardcodedCredentialsQuery.qll`, use the `HardcodedCredentials` module instead.
+* Deleted the deprecated `Configuration` class from the `HardcodedDataInterpretedAsCodeQuery.qll`, use the `HardcodedDataInterpretedAsCodeFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `HostHeaderPoisoningInEmailGenerationQuery.qll`, use the `HostHeaderPoisoningFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `HttpToFileAccessQuery.qll`, use the `HttpToFileAccessFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ImproperCodeSanitizationQuery.qll`, use the `ImproperCodeSanitizationFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `IncompleteHtmlAttributeSanitizationQuery.qll`, use the `IncompleteHtmlAttributeSanitizationFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `IndirectCommandInjectionQuery.qll`, use the `IndirectCommandInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `InsecureDownloadQuery.qll`, use the `InsecureDownload` module instead.
+* Deleted the deprecated `Configuration` class from the `InsecureRandomnessQuery.qll`, use the `InsecureRandomnessFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `InsufficientPasswordHashQuery.qll`, use the `InsufficientPasswordHashFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `LogInjectionQuery.qll`, use the `LogInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `LoopBoundInjectionQuery.qll`, use the `LoopBoundInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `NosqlInjectionQuery.qll`, use the `NosqlInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `PostMessageStarQuery.qll`, use the `PostMessageStarFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `PrototypePollutingAssignmentQuery.qll`, use the `PrototypePollutingAssignmentFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `PrototypePollutionQuery.qll`, use the `PrototypePollutionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `RegExpInjectionQuery.qll`, use the `RegExpInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `RemotePropertyInjectionQuery.qll`, use the `RemotePropertyInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `RequestForgeryQuery.qll`, use the `RequestForgeryFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ResourceExhaustionQuery.qll`, use the `ResourceExhaustionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `SecondOrderCommandInjectionQuery.qll`, use the `SecondOrderCommandInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ShellCommandInjectionFromEnvironmentQuery.qll`, use the `ShellCommandInjectionFromEnvironmentFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `SqlInjectionQuery.qll`, use the `SqlInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `StackTraceExposureQuery.qll`, use the `StackTraceExposureFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `StoredXssQuery.qll`, use the `StoredXssFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `TaintedFormatStringQuery.qll`, use the `TaintedFormatStringFlow` module instead.
+* Deleted the deprecated `BarrierGuardNode` class from the `TaintedPathCustomizations.qll`.
+* Deleted the deprecated `Configuration` class from the `TaintedPathQuery.qll`, use the `TaintedPathFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `TemplateObjectInjectionQuery.qll`, use the `TemplateObjInjectionConfig` module instead.
+* Deleted the deprecated `Configuration` class from the `TypeConfusionThroughParameterTamperingQuery.qll`, use the `TypeConfusionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `UnsafeCodeConstruction.qll`, use the `UnsafeCodeConstructionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `UnsafeDeserializationQuery.qll`, use the `UnsafeDeserializationFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `UnsafeDynamicMethodAccessQuery.qll`, use the `UnsafeDynamicMethodAccessFlow` module instead.
+* Deleted the deprecated `Configration` class from the `UnsafeHtmlConstructionQuery.qll`.
+* Deleted the deprecated `Configuration` class from the `UnsafeJQueryPluginQuery.qll`, use the `UnsafeJQueryPluginFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `UnsafeShellCommandConstructionQuery.qll`, use the `UnsafeShellCommandConstructionFlow` module instead.
+* Deleted the deprecated `sanitizes` predicate from the `UnvalidatedDynamicMethodCallCustomizations.qll`.
+* Deleted the deprecated `Configuration` class from the `UnvalidatedDynamicMethodCallQuery.qll`, use the `UnvalidatedDynamicMethodCallFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `XmlBombQuery.qll`, use the `XmlBombFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `XpathInjectionQuery.qll`, use the `XpathInjectionFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `XssThroughDomQuery.qll`, use the `XssThroughDomFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `XxeQuery.qll`, use the `XxeFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `ZipSlipQuery.qll`.
+* Deleted the deprecated `Configuration` class from the `PolynomialReDoSQuery.qll`, use the `PolynomialReDoSFlow` module instead.
+* Deleted the deprecated `Configuration` class from the `SSRF.qll`, use the `SsrfFlow` module instead.

python/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,9 @@
+---
+category: breaking
+---
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `propagatesFlowExt` predicate from the `FlowSummary.qll`, use `propagatesFlow` instead.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.

ruby/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,10 @@
+---
+category: breaking
+---
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `propagatesFlowExt` predicate from the `FlowSummary.qll`, use `propagatesFlow` instead.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`.

shared/dataflow/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,5 @@
+---
+category: breaking
+---
+* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlow.qll`.
+* Deleted the deprecated `FlowStateString` module from the `DataFlowImplCommon.qll`, use `FlowState` type instead.

swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md

@@ -0,0 +1,10 @@
+---
+category: breaking
+---
+* Deleted the deprecated `parseContent` predicate from the `ExternalFlow.qll`.
+* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`.
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.