Release preparation for version 2.21.2

actions/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.4.8
+
+No user-facing changes.
+
 ## 0.4.7
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.8.md

@@ -0,0 +1,3 @@
+## 0.4.8
+
+No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.7
+lastReleaseVersion: 0.4.8

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.8-dev
+version: 0.4.8
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 0.6.0
+
+### Breaking Changes
+
+* The following queries have been removed from the `security-and-quality` suite.
+  They are not intended to produce user-facing
+  alerts describing vulnerabilities.
+  Any existing alerts for these queries will be closed automatically.
+  * `actions/composite-action-sinks`
+  * `actions/composite-action-sources`
+  * `actions/composite-action-summaries`
+  * `actions/reusable-workflow-sinks`
+    (renamed from `actions/reusable-wokflow-sinks`)
+  * `actions/reusable-workflow-sources`
+  * `actions/reusable-workflow-summaries`
+
+### Bug Fixes
+
+* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
+
 ## 0.5.4
 
 ### Bug Fixes

actions/ql/src/change-notes/2025-04-24-model-generator-queries.md → actions/ql/src/change-notes/released/0.6.0.md

@@ -1,6 +1,6 @@
----
-category: breaking
----
+## 0.6.0
+
+### Breaking Changes
 
 * The following queries have been removed from the `security-and-quality` suite.
   They are not intended to produce user-facing
@@ -13,4 +13,7 @@ category: breaking
     (renamed from `actions/reusable-wokflow-sinks`)
   * `actions/reusable-workflow-sources`
   * `actions/reusable-workflow-summaries`
-
+
+### Bug Fixes
+
+* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.6.0

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.5.5-dev
+version: 0.6.0
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 4.3.0
+
+### New Features
+
+* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
+* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
+* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
+* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
+
 ## 4.2.0
 
 ### New Features

cpp/ql/lib/change-notes/2025-04-23-typeof.md → cpp/ql/lib/change-notes/released/4.3.0.md

@@ -1,5 +1,8 @@
----
-category: feature
----
+## 4.3.0
+
+### New Features
+
 * New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
 * A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
+* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
+* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.0
+lastReleaseVersion: 4.3.0

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.2.1-dev
+version: 4.3.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.3.9
+
+No user-facing changes.
+
 ## 1.3.8
 
 No user-facing changes.

cpp/ql/src/change-notes/released/1.3.9.md

@@ -0,0 +1,3 @@
+## 1.3.9
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.8
+lastReleaseVersion: 1.3.9

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.9-dev
+version: 1.3.9
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.39
+
+No user-facing changes.
+
 ## 1.7.38
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.39.md

@@ -0,0 +1,3 @@
+## 1.7.39
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.38
+lastReleaseVersion: 1.7.39

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.39-dev
+version: 1.7.39
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.39
+
+No user-facing changes.
+
 ## 1.7.38
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.39.md

@@ -0,0 +1,3 @@
+## 1.7.39
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.38
+lastReleaseVersion: 1.7.39

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.39-dev
+version: 1.7.39
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 5.1.5
+
+### Minor Analysis Improvements
+
+* Improved autobuilder logic for detecting whether a project references a SDK (and should be built using `dotnet`).
+
 ## 5.1.4
 
 ### Minor Analysis Improvements

csharp/ql/lib/change-notes/2025-04-11-auto-builder-sdk.md → csharp/ql/lib/change-notes/released/5.1.5.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 5.1.5
+
+### Minor Analysis Improvements
+
 * Improved autobuilder logic for detecting whether a project references a SDK (and should be built using `dotnet`).

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.4
+lastReleaseVersion: 5.1.5

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.5-dev
+version: 5.1.5
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.1.2
+
+### Minor Analysis Improvements
+
+* Changes to the MaD model generation infrastructure: Changed the query `cs/utils/modelgenerator/summary-models` to use the implementation from `cs/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `cs/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `cs/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
+* Improved detection of authorization checks in the `cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces.
+* The precision of the query `cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query.
+
 ## 1.1.1
 
 ### Minor Analysis Improvements

csharp/ql/src/change-notes/2025-04-16-model-generation.md → csharp/ql/src/change-notes/released/1.1.2.md

@@ -1,4 +1,7 @@
----
-category: minorAnalysis
----
+## 1.1.2
+
+### Minor Analysis Improvements
+
 * Changes to the MaD model generation infrastructure: Changed the query `cs/utils/modelgenerator/summary-models` to use the implementation from `cs/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `cs/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `cs/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
+* Improved detection of authorization checks in the `cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces.
+* The precision of the query `cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.1
+lastReleaseVersion: 1.1.2

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.1.2-dev
+version: 1.1.2
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.22
+
+No user-facing changes.
+
 ## 1.0.21
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.22.md

@@ -0,0 +1,3 @@
+## 1.0.22
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.21
+lastReleaseVersion: 1.0.22

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.22-dev
+version: 1.0.22
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 4.2.4
+
+No user-facing changes.
+
 ## 4.2.3
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/released/4.2.4.md

@@ -0,0 +1,3 @@
+## 4.2.4
+
+No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.3
+lastReleaseVersion: 4.2.4

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.4-dev
+version: 4.2.4
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.1.13
+
+No user-facing changes.
+
 ## 1.1.12
 
 No user-facing changes.

go/ql/src/change-notes/released/1.1.13.md

@@ -0,0 +1,3 @@
+## 1.1.13
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.12
+lastReleaseVersion: 1.1.13

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.13-dev
+version: 1.1.13
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 7.1.4
+
+No user-facing changes.
+
 ## 7.1.3
 
 ### Minor Analysis Improvements

java/ql/lib/change-notes/released/7.1.4.md

@@ -0,0 +1,3 @@
+## 7.1.4
+
+No user-facing changes.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.3
+lastReleaseVersion: 7.1.4

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.1.4-dev
+version: 7.1.4
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.4.2
+
+### Minor Analysis Improvements
+
+* Changes to the MaD model generation infrastructure: Changed the query `java/utils/modelgenerator/summary-models` to use the implementation from `java/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `java/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `java/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
+
 ## 1.4.1
 
 No user-facing changes.

java/ql/src/change-notes/2025-04-16-model-generation.md → java/ql/src/change-notes/released/1.4.2.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Changes to the MaD model generation infrastructure: Changed the query `java/utils/modelgenerator/summary-models` to use the implementation from `java/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `java/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `java/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
+## 1.4.2
+
+### Minor Analysis Improvements
+
+* Changes to the MaD model generation infrastructure: Changed the query `java/utils/modelgenerator/summary-models` to use the implementation from `java/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `java/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `java/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.1
+lastReleaseVersion: 1.4.2

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.4.2-dev
+version: 1.4.2
 groups:
   - java
   - queries