Merge pull request github#12209 from github/release-prep/2.12.3

Release preparation for version 2.12.3
firetop0011 · Feb 16, 2023 · 44dc5a1 · 44dc5a1
2 parents 180246b + b4d59ff
commit 44dc5a1
Show file tree

Hide file tree

Showing 104 changed files with 295 additions and 107 deletions.
diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.3
+
+No user-facing changes.
+
 ## 0.5.2
 
 No user-facing changes.

diff --git a/cpp/ql/lib/change-notes/released/0.5.3.md b/cpp/ql/lib/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
+## 0.5.3
+
+No user-facing changes.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.5.3-dev
+version: 0.5.3
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.3
+
+No user-facing changes.
+
 ## 0.5.2
 
 No user-facing changes.

diff --git a/cpp/ql/src/change-notes/released/0.5.3.md b/cpp/ql/src/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
+## 0.5.3
+
+No user-facing changes.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.5.3-dev
+version: 0.5.3
 groups: 
   - cpp
   - queries

diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.3
+
+No user-facing changes.
+
 ## 1.4.2
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.4.3.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.4.3.md
@@ -0,0 +1,3 @@
+## 1.4.3
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.2
+lastReleaseVersion: 1.4.3
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.4.3-dev
+version: 1.4.3
 groups:
     - csharp
     - solorigate

diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.3
+
+No user-facing changes.
+
 ## 1.4.2
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.4.3.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.4.3.md
@@ -0,0 +1,3 @@
+## 1.4.3
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.2
+lastReleaseVersion: 1.4.3
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.4.3-dev
+version: 1.4.3
 groups:
     - csharp
     - solorigate

diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.5.3
+
+### Minor Analysis Improvements
+
+* C# 11: Added extractor support for the `scoped` modifier annotation on parameters and local variables.
+
 ## 0.5.2
 
 ### Major Analysis Improvements

diff --git a/csharp/ql/lib/change-notes/2023-02-07-scoped-modifier.md b/csharp/ql/lib/change-notes/2023-02-07-scoped-modifier.md
diff --git a/csharp/ql/lib/change-notes/released/0.5.3.md b/csharp/ql/lib/change-notes/released/0.5.3.md
@@ -0,0 +1,5 @@
+## 0.5.3
+
+### Minor Analysis Improvements
+
+* C# 11: Added extractor support for the `scoped` modifier annotation on parameters and local variables.
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.5.3-dev
+version: 0.5.3
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.3
+
+No user-facing changes.
+
 ## 0.5.2
 
 No user-facing changes.

diff --git a/csharp/ql/src/change-notes/released/0.5.3.md b/csharp/ql/src/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
+## 0.5.3
+
+No user-facing changes.
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.5.3-dev
+version: 0.5.3
 groups: 
   - csharp
   - queries

diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.4.3
+
+### New Features
+
+* Go 1.20 is now supported. The extractor now functions as expected when Go 1.20 is installed; the definition of `implementsComparable` has been updated according to Go 1.20's new, more-liberal rules; and taint flow models have been added for relevant, new standard-library functions.
+
+### Minor Analysis Improvements
+
+* Support for the Twirp framework has been added.
+
 ## 0.4.2
 
 No user-facing changes.

diff --git a/go/ql/lib/change-notes/2023-02-01--add-support-for-twirp-framework.md b/go/ql/lib/change-notes/2023-02-01--add-support-for-twirp-framework.md
diff --git a/go/ql/lib/change-notes/2023-02-15-golang-120.md b/go/ql/lib/change-notes/2023-02-15-golang-120.md
diff --git a/go/ql/lib/change-notes/released/0.4.3.md b/go/ql/lib/change-notes/released/0.4.3.md
@@ -0,0 +1,9 @@
+## 0.4.3
+
+### New Features
+
+* Go 1.20 is now supported. The extractor now functions as expected when Go 1.20 is installed; the definition of `implementsComparable` has been updated according to Go 1.20's new, more-liberal rules; and taint flow models have been added for relevant, new standard-library functions.
+
+### Minor Analysis Improvements
+
+* Support for the Twirp framework has been added.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.4.3
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.4.3-dev
+version: 0.4.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go

diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.4.3
+
+### New Queries
+
+* Added a new query, `go/unhandled-writable-file-close`, to detect instances where writable file handles are closed without appropriate checks for errors.
+
+### Query Metadata Changes
+
+* The precision of the `go/log-injection` query was decreased from `high` to `medium`, since it may not be able to identify every way in which log data may be sanitized. This also aligns it with the precision of comparable queries for other languages.
+
 ## 0.4.2
 
 No user-facing changes.

diff --git a/go/ql/src/change-notes/2023-02-06-unhandled-close-writable-handle.md b/go/ql/src/change-notes/2023-02-06-unhandled-close-writable-handle.md
diff --git a/...tes/2023-02-09-log-injection-precision.md → go/ql/src/change-notes/released/0.4.3.md b/...tes/2023-02-09-log-injection-precision.md → go/ql/src/change-notes/released/0.4.3.md
@@ -1,4 +1,9 @@
----
-category: queryMetadata
----
+## 0.4.3
+
+### New Queries
+
+* Added a new query, `go/unhandled-writable-file-close`, to detect instances where writable file handles are closed without appropriate checks for errors.
+
+### Query Metadata Changes
+
 * The precision of the `go/log-injection` query was decreased from `high` to `medium`, since it may not be able to identify every way in which log data may be sanitized. This also aligns it with the precision of comparable queries for other languages.
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.4.3
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.4.3-dev
+version: 0.4.3
 groups:
   - go
   - queries

diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.5.3
+
+### New Features
+
+* Kotlin versions up to 1.8.20 are now supported.
+
+### Minor Analysis Improvements
+
+* Removed the first argument of `java.nio.file.Files#createTempDirectory(String,FileAttribute[])` as a "create-file" sink.
+* Added the first argument of `java.nio.file.Files#copy` as a "read-file" sink for the `java/path-injection` query.
+* The data flow library now disregards flow through code that is dead based on some basic constant propagation, for example, guards like `if (1+1>3)`.
+
 ## 0.5.2
 
 ### Minor Analysis Improvements

diff --git a/java/ql/lib/change-notes/2023-02-06-dataflow-deadcode.md b/java/ql/lib/change-notes/2023-02-06-dataflow-deadcode.md
diff --git a/java/ql/lib/change-notes/2023-02-08-kotlin-1.8.20.md b/java/ql/lib/change-notes/2023-02-08-kotlin-1.8.20.md
diff --git a/java/ql/lib/change-notes/2023-02-13-update-create-file-sinks.md b/java/ql/lib/change-notes/2023-02-13-update-create-file-sinks.md
diff --git a/java/ql/lib/change-notes/released/0.5.3.md b/java/ql/lib/change-notes/released/0.5.3.md
@@ -0,0 +1,11 @@
+## 0.5.3
+
+### New Features
+
+* Kotlin versions up to 1.8.20 are now supported.
+
+### Minor Analysis Improvements
+
+* Removed the first argument of `java.nio.file.Files#createTempDirectory(String,FileAttribute[])` as a "create-file" sink.
+* Added the first argument of `java.nio.file.Files#copy` as a "read-file" sink for the `java/path-injection` query.
+* The data flow library now disregards flow through code that is dead based on some basic constant propagation, for example, guards like `if (1+1>3)`.
diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.5.3-dev
+version: 0.5.3
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.5.3
+
+### New Queries
+
+* Added a new query, `java/xxe-local`, which is a version of the XXE query that uses local sources (for example, reads from a local file).
+
+### Minor Analysis Improvements
+
+* The `java/index-out-of-bounds` query has improved its handling of arrays of constant length, and may report additional results in those cases.
+
 ## 0.5.2
 
 ### New Queries

diff --git a/java/ql/src/change-notes/2023-02-06-index-out-of-bounds-constant.md b/java/ql/src/change-notes/2023-02-06-index-out-of-bounds-constant.md
diff --git a/java/ql/src/change-notes/2023-02-09-xxe-local.md b/java/ql/src/change-notes/2023-02-09-xxe-local.md
diff --git a/java/ql/src/change-notes/released/0.5.3.md b/java/ql/src/change-notes/released/0.5.3.md
@@ -0,0 +1,9 @@
+## 0.5.3
+
+### New Queries
+
+* Added a new query, `java/xxe-local`, which is a version of the XXE query that uses local sources (for example, reads from a local file).
+
+### Minor Analysis Improvements
+
+* The `java/index-out-of-bounds` query has improved its handling of arrays of constant length, and may report additional results in those cases.
diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.5.3-dev
+version: 0.5.3
 groups: 
   - java
   - queries

diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.3
+
+### Minor Analysis Improvements
+
+* Added dataflow sources for the [express-ws](https://www.npmjs.com/package/express-ws) library. 
+
 ## 0.4.2
 
 ### Minor Analysis Improvements

diff --git a/javascript/ql/lib/change-notes/2023-02-12-express-ws.md b/javascript/ql/lib/change-notes/2023-02-12-express-ws.md
diff --git a/javascript/ql/lib/change-notes/released/0.4.3.md b/javascript/ql/lib/change-notes/released/0.4.3.md
@@ -0,0 +1,5 @@
+## 0.4.3
+
+### Minor Analysis Improvements
+
+* Added dataflow sources for the [express-ws](https://www.npmjs.com/package/express-ws) library. 
diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.4.3
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.4.3-dev
+version: 0.4.3
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.3
+
+No user-facing changes.
+
 ## 0.5.2
 
 No user-facing changes.

diff --git a/javascript/ql/src/change-notes/released/0.5.3.md b/javascript/ql/src/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
+## 0.5.3
+
+No user-facing changes.
diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.5.3-dev
+version: 0.5.3
 groups: 
   - javascript
   - queries

diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.3
+
+No user-facing changes.
+
 ## 0.4.2
 
 No user-facing changes.