github · aibaars · Jun 24, 2025 · Jun 24, 2025
@@ -1,3 +1,11 @@
+## 0.4.12
+
+### Minor Analysis Improvements
+
+* Fixed performance issues in the parsing of Bash scripts in workflow files,
+  which led to out-of-disk errors when analysing certain workflow files with
+  complex interpolations of shell commands or quoted strings.
+
 ## 0.4.11
 
 No user-facing changes.

@@ -1,6 +1,7 @@
----
-category: minorAnalysis
----
+## 0.4.12
+
+### Minor Analysis Improvements
+
 * Fixed performance issues in the parsing of Bash scripts in workflow files,
   which led to out-of-disk errors when analysing certain workflow files with
-  complex interpolations of shell commands or quoted strings.
+  complex interpolations of shell commands or quoted strings.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.11
+lastReleaseVersion: 0.4.12
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.12-dev
+version: 0.4.12
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.4-dev
+version: 0.6.4
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,20 @@
+## 5.2.0
+
+### Deprecated APIs
+
+* The `ThrowingFunction` class (`semmle.code.cpp.models.interfaces.Throwing`) has been deprecated. Please use the `AlwaysSehThrowingFunction` class instead.
+
+### New Features
+
+* Added a predicate `getAnAttribute` to `Namespace` to retrieve a namespace attribute.
+* The Microsoft-specific `__leave` statement is now supported.
+* A new class `LeaveStmt` extending `JumpStmt` was added to represent `__leave` statements.
+* Added a predicate `hasParameterList` to `LambdaExpression` to capture whether a lambda has an explicitly specified parameter list.
+
+### Bug Fixes
+
+* `resolveTypedefs` now properly resolves typedefs for `ArrayType`s.
+
 ## 5.1.0
 
 ### New Features

@@ -0,0 +1,16 @@
+## 5.2.0
+
+### Deprecated APIs
+
+* The `ThrowingFunction` class (`semmle.code.cpp.models.interfaces.Throwing`) has been deprecated. Please use the `AlwaysSehThrowingFunction` class instead.
+
+### New Features
+
+* Added a predicate `getAnAttribute` to `Namespace` to retrieve a namespace attribute.
+* The Microsoft-specific `__leave` statement is now supported.
+* A new class `LeaveStmt` extending `JumpStmt` was added to represent `__leave` statements.
+* Added a predicate `hasParameterList` to `LambdaExpression` to capture whether a lambda has an explicitly specified parameter list.
+
+### Bug Fixes
+
+* `resolveTypedefs` now properly resolves typedefs for `ArrayType`s.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.0
+lastReleaseVersion: 5.2.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.1.1-dev
+version: 5.2.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,9 @@
+## 1.4.3
+
+### Minor Analysis Improvements
+
+* Added flow model for the following libraries: `madler/zlib`, `google/brotli`, `libidn/libidn2`, `libssh2/libssh2/`, `nghttp2/nghttp2`, `libuv/libuv/`, and `curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
+
 ## 1.4.2
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Added flow model for the following libraries: `madler/zlib`, `google/brotli`, `libidn/libidn2`, `libssh2/libssh2/`, `nghttp2/nghttp2`, `libuv/libuv/`, and `curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
+## 1.4.3
+
+### Minor Analysis Improvements
+
+* Added flow model for the following libraries: `madler/zlib`, `google/brotli`, `libidn/libidn2`, `libssh2/libssh2/`, `nghttp2/nghttp2`, `libuv/libuv/`, and `curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.2
+lastReleaseVersion: 1.4.3
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.3-dev
+version: 1.4.3
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.43
+
+No user-facing changes.
+
 ## 1.7.42
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.43
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.42
+lastReleaseVersion: 1.7.43
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.43-dev
+version: 1.7.43
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.43
+
+No user-facing changes.
+
 ## 1.7.42
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.43
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.42
+lastReleaseVersion: 1.7.43
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.43-dev
+version: 1.7.43
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 5.1.9
+
+No user-facing changes.
+
 ## 5.1.8
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 5.1.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.8
+lastReleaseVersion: 5.1.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.9-dev
+version: 5.1.9
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,14 @@
+## 1.3.0
+
+### Query Metadata Changes
+
+* Query metadata tags have been systematically updated for many C# queries. Primary categorization as either `reliability` or `maintainability`, and relevant sub-category tags such as `readability`, `useless-code`, `complexity`, `performance`, `correctness`, `error-handling`, and `concurrency`. Aligns with the established [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags).
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `cs/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
+
+### Minor Analysis Improvements
+
+* The queries `cs/dereferenced-value-is-always-null` and `cs/dereferenced-value-may-be-null` have been improved to reduce false positives. The queries no longer assume that expressions are dereferenced when passed as the receiver (`this` parameter) to extension methods where that parameter is a nullable type.
+
 ## 1.2.2
 
 No user-facing changes.

@@ -0,0 +1,10 @@
+## 1.3.0
+
+### Query Metadata Changes
+
+* Query metadata tags have been systematically updated for many C# queries. Primary categorization as either `reliability` or `maintainability`, and relevant sub-category tags such as `readability`, `useless-code`, `complexity`, `performance`, `correctness`, `error-handling`, and `concurrency`. Aligns with the established [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags).
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `cs/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
+
+### Minor Analysis Improvements
+
+* The queries `cs/dereferenced-value-is-always-null` and `cs/dereferenced-value-may-be-null` have been improved to reduce false positives. The queries no longer assume that expressions are dereferenced when passed as the receiver (`this` parameter) to extension methods where that parameter is a nullable type.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.2
+lastReleaseVersion: 1.3.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.2.3-dev
+version: 1.3.0
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.26
+
+No user-facing changes.
+
 ## 1.0.25
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.26
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.25
+lastReleaseVersion: 1.0.26
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.26-dev
+version: 1.0.26
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 4.2.8
+
+No user-facing changes.
+
 ## 4.2.7
 
 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 4.2.8
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.7
+lastReleaseVersion: 4.2.8
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.8-dev
+version: 4.2.8
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,27 @@
+## 1.4.0
+
+### Query Metadata Changes
+
+* The tag `quality` has been added to multiple Go quality queries for consistency. They have all been given a tag for one of the two top-level categories `reliability` or `maintainability`, and a tag for a sub-category. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
+* The tag `external/cwe/cwe-129` has been added to `go/constant-length-comparison`.
+* The tag `external/cwe/cwe-193` has been added to `go/index-out-of-bounds`.
+* The tag `external/cwe/cwe-197` has been added to `go/shift-out-of-range`.
+* The tag `external/cwe/cwe-248` has been added to `go/redundant-recover`.
+* The tag `external/cwe/cwe-252` has been added to `go/missing-error-check` and `go/unhandled-writable-file-close`.
+* The tag `external/cwe/cwe-480` has been added to `go/mistyped-exponentiation`.
+* The tag `external/cwe/cwe-570` has been added to `go/impossible-interface-nil-check` and `go/comparison-of-identical-expressions`.
+* The tag `external/cwe/cwe-571` has been added to `go/negative-length-check` and `go/comparison-of-identical-expressions`.
+* The tag `external/cwe/cwe-783` has been added to `go/whitespace-contradicts-precedence`.
+* The tag `external/cwe/cwe-835` has been added to `go/inconsistent-loop-direction`.
+* The tag `error-handling` has been added to `go/missing-error-check`, `go/unhandled-writable-file-close`, and `go/unexpected-nil-value`.
+* The tag `useless-code` has been added to `go/useless-assignment-to-field`, `go/useless-assignment-to-local`, `go/useless-expression`, and `go/unreachable-statement`.
+* The tag `logic` has been removed from `go/index-out-of-bounds` and `go/unexpected-nil-value`.
+* The tags `call` and `defer` have been removed from `go/unhandled-writable-file-close`.
+* The tags `correctness` and `quality` have been reordered in `go/missing-error-check` and `go/unhandled-writable-file-close`.
+* The tag `maintainability` has been changed to `reliability` for `go/unhandled-writable-file-close`.
+* The tag order has been standardized to have `quality` first, followed by the top-level category (`reliability` or `maintainability`), then sub-category tags, and finally CWE tags.
+* The description text has been updated in `go/whitespace-contradicts-precedence` to change "may even indicate" to "may indicate".
+
 ## 1.3.0
 
 ### New Queries

@@ -1,6 +1,7 @@
----
-category: queryMetadata
----
+## 1.4.0
+
+### Query Metadata Changes
+
 * The tag `quality` has been added to multiple Go quality queries for consistency. They have all been given a tag for one of the two top-level categories `reliability` or `maintainability`, and a tag for a sub-category. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
 * The tag `external/cwe/cwe-129` has been added to `go/constant-length-comparison`.
 * The tag `external/cwe/cwe-193` has been added to `go/index-out-of-bounds`.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.4.0
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.3.1-dev
+version: 1.4.0
 groups:
   - go
   - queries

@@ -1,3 +1,9 @@
+## 7.3.2
+
+### Minor Analysis Improvements
+
+* Java `assert` statements are now assumed to be executed for the purpose of analysing control flow. This improves precision for a number of queries.
+
 ## 7.3.1
 
 No user-facing changes.