Revert "Release preparation for version 2.16.4"

github · Mar 5, 2024 · 967963a · 967963a
1 parent eaef544
commit 967963a
Show file tree

Hide file tree

Showing 150 changed files with 168 additions and 394 deletions.
diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
@@ -1,9 +1,3 @@
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.
-
 ## 0.12.6
 
 ### New Features

diff --git a/cpp/ql/lib/change-notes/released/0.12.7.md → ...-notes/2024-02-26-ir-named-destructors.md b/cpp/ql/lib/change-notes/released/0.12.7.md → ...-notes/2024-02-26-ir-named-destructors.md
@@ -1,5 +1,4 @@
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.
+---
+category: minorAnalysis
+---
+* Added destructors for named objects to the intermediate representation.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.7
+lastReleaseVersion: 0.12.6
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.7
+version: 0.12.7-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -1,10 +1,3 @@
-## 0.9.6
-
-### Minor Analysis Improvements
-
-* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
-* The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
-
 ## 0.9.5
 
 ### Minor Analysis Improvements

diff --git a/cpp/ql/src/change-notes/released/0.9.6.md → ...24-02-16-modelled-functions-block-flow.md b/cpp/ql/src/change-notes/released/0.9.6.md → ...24-02-16-modelled-functions-block-flow.md
@@ -1,6 +1,4 @@
-## 0.9.6
-
-### Minor Analysis Improvements
-
-* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
+---
+category: minorAnalysis
+---
 * The new C/C++ dataflow and taint-tracking libraries (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now implicitly assume that dataflow and taint modelled via `DataFlowFunction` and `TaintFunction` always fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the new `isPartialWrite` predicate.
diff --git a/cpp/ql/src/change-notes/2024-02-29-non-constant-format-path-query.md b/cpp/ql/src/change-notes/2024-02-29-non-constant-format-path-query.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.6
+lastReleaseVersion: 0.9.5
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.6
+version: 0.9.6-dev
 groups:
   - cpp
   - queries

diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.7.10
-
-No user-facing changes.
-
 ## 1.7.9
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.10.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.10.md
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.10
+lastReleaseVersion: 1.7.9
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.10
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.7.10
-
-No user-facing changes.
-
 ## 1.7.9
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.10.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.10.md
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.10
+lastReleaseVersion: 1.7.9
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.10
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
@@ -1,17 +1,3 @@
-## 0.8.10
-
-### Major Analysis Improvements
-
-* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
-* We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
-
-### Minor Analysis Improvements
-
-* C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
-* C# 12: Add extractor and QL library support for `ref readonly` parameters.
-* C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
-* Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
-
 ## 0.8.9
 
 ### Minor Analysis Improvements

diff --git a/csharp/ql/lib/change-notes/2024-02-21-getonly-properties.md b/csharp/ql/lib/change-notes/2024-02-21-getonly-properties.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Data flow via get only properties like `public object Obj { get; }` is now captured by the data flow library.
diff --git a/csharp/ql/lib/change-notes/2024-02-22-no-db-stats.md b/csharp/ql/lib/change-notes/2024-02-22-no-db-stats.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* We no longer make use of CodeQL database stats, which may affect join-orders in custom queries. It is therefore recommended to test performance of custom queries after upgrading to this version.
diff --git a/csharp/ql/lib/change-notes/2024-02-23-compiler-generated.md b/csharp/ql/lib/change-notes/2024-02-23-compiler-generated.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C#: The table `expr_compiler_generated` has been deleted and its content has been added to `compiler_generated`.
diff --git a/csharp/ql/lib/change-notes/2024-02-26-variable-capture-flow.md b/csharp/ql/lib/change-notes/2024-02-26-variable-capture-flow.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
diff --git a/csharp/ql/lib/change-notes/2024-02-28-experimental-attribute.md b/csharp/ql/lib/change-notes/2024-02-28-experimental-attribute.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 12: Add QL library support (`ExperimentalAttribute`) for the experimental attribute.
diff --git a/csharp/ql/lib/change-notes/2024-02-28-refreadonly-parameter.md b/csharp/ql/lib/change-notes/2024-02-28-refreadonly-parameter.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 12: Add extractor and QL library support for `ref readonly` parameters.
diff --git a/csharp/ql/lib/change-notes/released/0.8.10.md b/csharp/ql/lib/change-notes/released/0.8.10.md
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.10
+version: 0.8.10-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
@@ -1,9 +1,3 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
-
 ## 0.8.9
 
 ### Minor Analysis Improvements

diff --git a/...rp/ql/src/change-notes/released/0.8.10.md → .../change-notes/2024-02-06-threat-models.md b/...rp/ql/src/change-notes/released/0.8.10.md → .../change-notes/2024-02-06-threat-models.md
@@ -1,5 +1,4 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
+---
+category: minorAnalysis
+---
+* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. The changed queries are `cs/code-injection`, `cs/command-line-injection`, `cs/user-controlled-bypass`, `cs/count-untrusted-data-external-api`, `cs/untrusted-data-to-external-api`, `cs/ldap-injection`, `cs/log-forging`, `cs/xml/missing-validation`, `cs/redos`, `cs/regex-injection`, `cs/resource-injection`, `cs/sql-injection`, `cs/path-injection`, `cs/unsafe-deserialization-untrusted-input`, `cs/web/unvalidated-url-redirection`, `cs/xml/insecure-dtd-handling`, `cs/xml/xpath-injection`, `cs/web/xss`, and `cs/uncontrolled-format-string`.
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.10
+version: 0.8.10-dev
 groups:
   - csharp
   - queries

diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 0.0.9
-
-No user-facing changes.
-
 ## 0.0.8
 
 No user-facing changes.

diff --git a/go/ql/consistency-queries/change-notes/released/0.0.9.md b/go/ql/consistency-queries/change-notes/released/0.0.9.md
diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.8
diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.9
+version: 0.0.9-dev
 groups:
   - go
   - queries

diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
@@ -1,14 +1,3 @@
-## 0.7.10
-
-### Major Analysis Improvements
-
-* We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
-* Go 1.22 has been included in the range of supported Go versions.
-
-### Bug Fixes
-
-* Fixed dataflow out of a `map` using a `range` statement.
-
 ## 0.7.9
 
 No user-facing changes.

diff --git a/go/ql/lib/change-notes/2024-02-14-range-map-read.md b/go/ql/lib/change-notes/2024-02-14-range-map-read.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed dataflow out of a `map` using a `range` statement.
diff --git a/go/ql/lib/change-notes/released/0.7.10.md → ...e-notes/2024-03-04-autobuilder-changes.md b/go/ql/lib/change-notes/released/0.7.10.md → ...e-notes/2024-03-04-autobuilder-changes.md
@@ -1,10 +1,5 @@
-## 0.7.10
-
-### Major Analysis Improvements
-
+---
+category: majorAnalysis
+---
 * We have significantly improved the Go autobuilder to understand a greater range of project layouts, which allows Go source files to be analysed that could previously not be processed.
 * Go 1.22 has been included in the range of supported Go versions.
-
-### Bug Fixes
-
-* Fixed dataflow out of a `map` using a `range` statement.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.10
+lastReleaseVersion: 0.7.9
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.10
+version: 0.7.10-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 0.7.10
-
-No user-facing changes.
-
 ## 0.7.9
 
 ### New Queries

diff --git a/go/ql/src/change-notes/released/0.7.10.md b/go/ql/src/change-notes/released/0.7.10.md
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.10
+lastReleaseVersion: 0.7.9
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.10
+version: 0.7.10-dev
 groups:
   - go
   - queries

diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 0.0.17
-
-No user-facing changes.
-
 ## 0.0.16
 
 No user-facing changes.

diff --git a/java/ql/automodel/src/change-notes/released/0.0.17.md b/java/ql/automodel/src/change-notes/released/0.0.17.md
diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.17
+lastReleaseVersion: 0.0.16
diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.17
+version: 0.0.17-dev
 groups:
     - java
     - automodel

diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md
@@ -1,14 +1,3 @@
-## 0.8.10
-
-### Minor Analysis Improvements
-
-* Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
-
-### Bug Fixes
-
-* Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
-* Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
-
 ## 0.8.9
 
 ### Deprecated APIs

diff --git a/java/ql/lib/change-notes/2024-02-23-widget-flowsteps.md b/java/ql/lib/change-notes/2024-02-23-widget-flowsteps.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.
diff --git a/java/ql/lib/change-notes/2024-02-27-error-types.md b/java/ql/lib/change-notes/2024-02-27-error-types.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Java expressions with erroneous types (e.g. the result of a call whose callee couldn't be resolved during extraction) are now given a CodeQL `ErrorType` more often.
diff --git a/java/ql/lib/change-notes/2024-02-27-mvnw-versions.md b/java/ql/lib/change-notes/2024-02-27-mvnw-versions.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed the Java autobuilder overriding the version of Maven used by a project when the Maven wrapper `mvnw` is in use and the `maven-wrapper.jar` file is not present in the repository.
diff --git a/java/ql/lib/change-notes/released/0.8.10.md b/java/ql/lib/change-notes/released/0.8.10.md
diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.10
+lastReleaseVersion: 0.8.9
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.10
+version: 0.8.10-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java