github · dbartol · Jan 8, 2025 · Jan 6, 2025 · Jan 6, 2025 · Jan 6, 2025
@@ -0,0 +1,5 @@
+## 0.4.0
+
+### New Features
+
+* Initial public preview release
@@ -0,0 +1,5 @@
+## 0.4.0
+
+### New Features
+
+* Initial public preview release
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.4.0
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.0-dev
+version: 0.4.1-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,4 +1,5 @@
----
-category: feature
----
+## 0.4.0
+
+### New Queries
+
 * Initial public preview release
@@ -1,4 +1,5 @@
----
-category: newQuery
----
+## 0.4.0
+
+### New Queries
+
 * Initial public preview release
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.4.0
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.4.0-dev
+version: 0.4.1-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,22 @@
+## 3.1.0
+
+### Deprecated APIs
+
+* The `TemplateParameter` class, representing C++ type template parameters has been deprecated. Use `TypeTemplateParameter` instead.
+
+### New Features
+
+* New classes `SizeofPackExprOperator` and `SizeofPackTypeOperator` were introduced, which represent the C++ `sizeof...` operator taking expressions and type arguments, respectively.
+* A new class `TemplateTemplateParameterInstantiation` was introduced, which represents instantiations of template template parameters.
+* A new predicate `getAnInstantiation` was added to the `TemplateTemplateParameter` class, which yields instantiations of template template parameters.
+* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of template template parameters.
+* A new class `NonTypeTemplateParameter` was introduced, which represents C++ non-type template parameters.
+* A new class `TemplateParameterBase` was introduced, which represents C++ non-type template parameters, type template parameters, and template template parameters.
+
+### Minor Analysis Improvements
+
+* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions.
+
 ## 3.0.0
 
 ### Breaking Changes

@@ -0,0 +1,18 @@
+## 3.1.0
+
+### Deprecated APIs
+
+* The `TemplateParameter` class, representing C++ type template parameters has been deprecated. Use `TypeTemplateParameter` instead.
+
+### New Features
+
+* New classes `SizeofPackExprOperator` and `SizeofPackTypeOperator` were introduced, which represent the C++ `sizeof...` operator taking expressions and type arguments, respectively.
+* A new class `TemplateTemplateParameterInstantiation` was introduced, which represents instantiations of template template parameters.
+* A new predicate `getAnInstantiation` was added to the `TemplateTemplateParameter` class, which yields instantiations of template template parameters.
+* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of template template parameters.
+* A new class `NonTypeTemplateParameter` was introduced, which represents C++ non-type template parameters.
+* A new class `TemplateParameterBase` was introduced, which represents C++ non-type template parameters, type template parameters, and template template parameters.
+
+### Minor Analysis Improvements
+
+* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 3.0.0
+lastReleaseVersion: 3.1.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 3.0.1-dev
+version: 3.1.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,13 @@
+## 1.3.1
+
+### Minor Analysis Improvements
+
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
+* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer.
+* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error.
+* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error.
+* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL).
+
 ## 1.3.0
 
 ### New Queries

@@ -0,0 +1,9 @@
+## 1.3.1
+
+### Minor Analysis Improvements
+
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
+* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer.
+* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error.
+* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error.
+* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL).
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.3.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.1-dev
+version: 1.3.2-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.31
+
+No user-facing changes.
+
 ## 1.7.30
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.31
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.30
+lastReleaseVersion: 1.7.31
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.31-dev
+version: 1.7.32-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.31
+
+No user-facing changes.
+
 ## 1.7.30
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.31
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.30
+lastReleaseVersion: 1.7.31
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.31-dev
+version: 1.7.32-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,16 @@
+## 4.0.1
+
+### Minor Analysis Improvements
+
+* C# 13: Added QL library support for *collection* like type `params` parameters.
+* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
+  - `[SupplyParameterFromForm]`
+  - `[SupplyParameterFromQuery]`
+* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
+* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
+* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
+* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
+
 ## 4.0.0
 
 ### Breaking Changes

@@ -0,0 +1,12 @@
+## 4.0.1
+
+### Minor Analysis Improvements
+
+* C# 13: Added QL library support for *collection* like type `params` parameters.
+* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`:
+  - `[SupplyParameterFromForm]`
+  - `[SupplyParameterFromQuery]`
+* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. 
+* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.
+* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
+* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.0.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 4.0.1-dev
+version: 4.0.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,9 @@
+## 1.0.14
+
+### Minor Analysis Improvements
+
+* The `ExternalApi` and `TestLibrary` modules have been moved to the library pack.
+
 ## 1.0.13
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.0.14
+
+### Minor Analysis Improvements
+
 * The `ExternalApi` and `TestLibrary` modules have been moved to the library pack.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.13
+lastReleaseVersion: 1.0.14
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.14-dev
+version: 1.0.15-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.14
+
+No user-facing changes.
+
 ## 1.0.13
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.14
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.13
+lastReleaseVersion: 1.0.14
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.14-dev
+version: 1.0.15-dev
 groups:
   - go
   - queries

@@ -1,3 +1,9 @@
+## 3.0.1
+
+### Minor Analysis Improvements
+
+* Added a `commandargs` local source model for the `os.Args` variable.
+
 ## 3.0.0
 
 ### Breaking Changes