github · smowton · May 13, 2025 · May 13, 2025
@@ -1,3 +1,7 @@
+## 0.4.9
+
+No user-facing changes.
+
 ## 0.4.8

 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.8
+lastReleaseVersion: 0.4.9
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.9-dev
+version: 0.4.9
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.1
+
+No user-facing changes.
+
 ## 0.6.0

 ### Breaking Changes

@@ -0,0 +1,3 @@
+## 0.6.1
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.6.1
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.1-dev
+version: 0.6.1
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,9 @@
+## 4.3.1
+
+### Bug Fixes
+
+* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
+
 ## 4.3.0

 ### New Features

@@ -1,4 +1,5 @@
---
-category: fix
---
-* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
+## 4.3.1
+
+### Bug Fixes
+
+* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.0
+lastReleaseVersion: 4.3.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.3.1-dev
+version: 4.3.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,14 @@
+## 1.4.0
+
+### Query Metadata Changes
+
+* The tag `external/cwe/cwe-14` has been removed from `cpp/memset-may-be-deleted` and the tag `external/cwe/cwe-014` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api-ir` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api-ir` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cpp/late-check-of-function-argument` and the tag `external/cwe/cwe-020` has been added.
+
 ## 1.3.9

 No user-facing changes.

@@ -1,6 +1,7 @@
---
-category: queryMetadata
---
+## 1.4.0
+
+### Query Metadata Changes
+
 * The tag `external/cwe/cwe-14` has been removed from `cpp/memset-may-be-deleted` and the tag `external/cwe/cwe-014` has been added.
 * The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
 * The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api-ir` and the tag `external/cwe/cwe-020` has been added.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.9
+lastReleaseVersion: 1.4.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.10-dev
+version: 1.4.0
 groups:
  - cpp
  - queries

@@ -1,3 +1,7 @@
+## 1.7.40
+
+No user-facing changes.
+
 ## 1.7.39

 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.40
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.39
+lastReleaseVersion: 1.7.40
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.40-dev
+version: 1.7.40
 groups:
  - csharp
  - solorigate

@@ -1,3 +1,7 @@
+## 1.7.40
+
+No user-facing changes.
+
 ## 1.7.39

 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.40
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.39
+lastReleaseVersion: 1.7.40
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.40-dev
+version: 1.7.40
 groups:
  - csharp
  - solorigate

@@ -1,3 +1,7 @@
+## 5.1.6
+
+No user-facing changes.
+
 ## 5.1.5

 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 5.1.6
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.5
+lastReleaseVersion: 5.1.6
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.6-dev
+version: 5.1.6
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,20 @@
+## 1.2.0
+
+### Query Metadata Changes
+
+* The tag `external/cwe/cwe-13` has been removed from `cs/password-in-configuration` and the tag `external/cwe/cwe-013` has been added.
+* The tag `external/cwe/cwe-11` has been removed from `cs/web/debug-binary` and the tag `external/cwe/cwe-011` has been added.
+* The tag `external/cwe/cwe-16` has been removed from `cs/web/large-max-request-length` and the tag `external/cwe/cwe-016` has been added.
+* The tag `external/cwe/cwe-16` has been removed from `cs/web/request-validation-disabled` and the tag `external/cwe/cwe-016` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cs/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cs/serialization-check-bypass` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `cs/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-12` has been removed from `cs/web/missing-global-error-handler` and the tag `external/cwe/cwe-012` has been added.
+
+### Minor Analysis Improvements
+
+* Changed the precision of the `cs/equality-on-floats` query from medium to high.
+
 ## 1.1.2

 ### Minor Analysis Improvements

@@ -1,6 +1,6 @@
---
-category: queryMetadata
---
+## 1.2.0
+
+### Query Metadata Changes

 * The tag `external/cwe/cwe-13` has been removed from `cs/password-in-configuration` and the tag `external/cwe/cwe-013` has been added.
 * The tag `external/cwe/cwe-11` has been removed from `cs/web/debug-binary` and the tag `external/cwe/cwe-011` has been added.
@@ -10,3 +10,7 @@ category: queryMetadata
 * The tag `external/cwe/cwe-20` has been removed from `cs/serialization-check-bypass` and the tag `external/cwe/cwe-020` has been added.
 * The tag `external/cwe/cwe-20` has been removed from `cs/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
 * The tag `external/cwe/cwe-12` has been removed from `cs/web/missing-global-error-handler` and the tag `external/cwe/cwe-012` has been added.
+
+### Minor Analysis Improvements
+
+* Changed the precision of the `cs/equality-on-floats` query from medium to high.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 1.2.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.1.3-dev
+version: 1.2.0
 groups:
  - csharp
  - queries

@@ -1,3 +1,7 @@
+## 1.0.23
+
+No user-facing changes.
+
 ## 1.0.22

 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.23
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.22
+lastReleaseVersion: 1.0.23
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.23-dev
+version: 1.0.23
 groups:
  - go
  - queries

@@ -1,3 +1,7 @@
+## 4.2.5
+
+No user-facing changes.
+
 ## 4.2.4

 No user-facing changes.

@@ -0,0 +1,3 @@
+## 4.2.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.4
+lastReleaseVersion: 4.2.5
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.5-dev
+version: 4.2.5
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,18 @@
+## 1.2.0
+
+### Query Metadata Changes
+
+* The tag `external/cwe/cwe-20` has been removed from `go/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `go/incomplete-hostname-regexp` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `go/regex/missing-regexp-anchor` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `go/suspicious-character-in-regex` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-unknown-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-90` has been removed from `go/ldap-injection` and the tag `external/cwe/cwe-090` has been added.
+* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection` and the tag `external/cwe/cwe-074` has been added.
+* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection-local` and the tag `external/cwe/cwe-074` has been added.
+* The tag `external/cwe/cwe-79` has been removed from `go/html-template-escaping-passthrough` and the tag `external/cwe/cwe-079` has been added.
+
 ## 1.1.13

 No user-facing changes.

@@ -1,6 +1,6 @@
---
-category: queryMetadata
---
+## 1.2.0
+
+### Query Metadata Changes

 * The tag `external/cwe/cwe-20` has been removed from `go/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
 * The tag `external/cwe/cwe-20` has been removed from `go/incomplete-hostname-regexp` and the tag `external/cwe/cwe-020` has been added.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.13
+lastReleaseVersion: 1.2.0
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.14-dev
+version: 1.2.0
 groups:
  - go
  - queries

@@ -1,3 +1,9 @@
+## 7.2.0
+
+### New Features
+
+* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
+
 ## 7.1.4

 No user-facing changes.

@@ -1,4 +1,5 @@
---
-category: feature
---
+## 7.2.0
+
+### New Features
+
 * Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.4
+lastReleaseVersion: 7.2.0
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.1.5-dev
+version: 7.2.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,11 @@
+## 1.5.0
+
+### Query Metadata Changes
+
+* The tag `external/cwe/cwe-20` has been removed from `java/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-20` has been removed from `java/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.
+* The tag `external/cwe/cwe-93` has been removed from `java/netty-http-request-or-response-splitting` and the tag `external/cwe/cwe-093` has been added.
+
 ## 1.4.2

 ### Minor Analysis Improvements

@@ -1,6 +1,6 @@
---
-category: queryMetadata
---
+## 1.5.0
+
+### Query Metadata Changes

 * The tag `external/cwe/cwe-20` has been removed from `java/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added.
 * The tag `external/cwe/cwe-20` has been removed from `java/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.2
+lastReleaseVersion: 1.5.0
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.4.3-dev
+version: 1.5.0
 groups:
  - java
  - queries

@@ -1,3 +1,11 @@
+## 2.6.3
+
+### Minor Analysis Improvements
+
+* Enhanced modeling of the [fastify](https://www.npmjs.com/package/fastify) framework to support the `all` route handler method.
+* Improved modeling of the [`shelljs`](https://www.npmjs.com/package/shelljs) and [`async-shelljs`](https://www.npmjs.com/package/async-shelljs) libraries by adding support for the `which`, `cmd`, `asyncExec` and `env`.
+* Added support for the `fastify` `addHook` method.
+
 ## 2.6.2

 No user-facing changes.