github · henrymercer · May 27, 2025 · May 27, 2025 · May 27, 2025 · May 27, 2025
@@ -1,3 +1,7 @@
+## 0.4.10
+
+No user-facing changes.
+
 ## 0.4.9
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.10
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.9
+lastReleaseVersion: 0.4.10
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.10-dev
+version: 0.4.11-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,9 @@
+## 0.6.2
+
+### Minor Analysis Improvements
+
+* The query `actions/missing-workflow-permissions` is now aware of the minimal permissions needed for the actions `deploy-pages`, `delete-package-versions`, `ai-inference`. This should lead to better alert messages and better fix suggestions.
+
 ## 0.6.1
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.6.2
+
+### Minor Analysis Improvements
+
 * The query `actions/missing-workflow-permissions` is now aware of the minimal permissions needed for the actions `deploy-pages`, `delete-package-versions`, `ai-inference`. This should lead to better alert messages and better fix suggestions.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.6.2
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.2-dev
+version: 0.6.3-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,27 @@
+## 5.0.0
+
+### Breaking Changes
+
+* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
+* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
+* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.
+
+### New Features
+
+* Added local flow source models for `ReadFile`, `ReadFileEx`, `MapViewOfFile`, `MapViewOfFile2`, `MapViewOfFile3`, `MapViewOfFile3FromApp`, `MapViewOfFileEx`, `MapViewOfFileFromApp`, `MapViewOfFileNuma2`, and `NtReadFile`.
+* Added the `pCmdLine` arguments of `WinMain` and `wWinMain` as local flow sources.
+* Added source models for `GetCommandLineA`, `GetCommandLineW`, `GetEnvironmentStringsA`, `GetEnvironmentStringsW`, `GetEnvironmentVariableA`, and `GetEnvironmentVariableW`.
+* Added summary models for `CommandLineToArgvA` and `CommandLineToArgvW`.
+* Added support for `wmain` as part of the ArgvSource model.
+
+### Bug Fixes
+
+* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ArrayAggregateLiteral`s.
+* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ClassAggregateLiteral`s.
+
 ## 4.3.1
 
 ### Bug Fixes

@@ -0,0 +1,23 @@
+## 5.0.0
+
+### Breaking Changes
+
+* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
+* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
+* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.
+
+### New Features
+
+* Added local flow source models for `ReadFile`, `ReadFileEx`, `MapViewOfFile`, `MapViewOfFile2`, `MapViewOfFile3`, `MapViewOfFile3FromApp`, `MapViewOfFileEx`, `MapViewOfFileFromApp`, `MapViewOfFileNuma2`, and `NtReadFile`.
+* Added the `pCmdLine` arguments of `WinMain` and `wWinMain` as local flow sources.
+* Added source models for `GetCommandLineA`, `GetCommandLineW`, `GetEnvironmentStringsA`, `GetEnvironmentStringsW`, `GetEnvironmentVariableA`, and `GetEnvironmentVariableW`.
+* Added summary models for `CommandLineToArgvA` and `CommandLineToArgvW`.
+* Added support for `wmain` as part of the ArgvSource model.
+
+### Bug Fixes
+
+* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ArrayAggregateLiteral`s.
+* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ClassAggregateLiteral`s.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.1
+lastReleaseVersion: 5.0.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.3.2-dev
+version: 5.0.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,9 @@
+## 1.4.1
+
+### Minor Analysis Improvements
+
+* Added flow model for the `SQLite` and `OpenSSL` libraries. This may result in more alerts when running queries on codebases that use these libraries.
+
 ## 1.4.0
 
 ### Query Metadata Changes

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Added flow model for the `SQLite` and `OpenSSL` libraries. This may result in more alerts when running queries on codebases that use these libraries.
+## 1.4.1
+
+### Minor Analysis Improvements
+
+* Added flow model for the `SQLite` and `OpenSSL` libraries. This may result in more alerts when running queries on codebases that use these libraries.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.1-dev
+version: 1.4.2-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.41
+
+No user-facing changes.
+
 ## 1.7.40
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.41
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.40
+lastReleaseVersion: 1.7.41
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.41-dev
+version: 1.7.42-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.41
+
+No user-facing changes.
+
 ## 1.7.40
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.41
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.40
+lastReleaseVersion: 1.7.41
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.41-dev
+version: 1.7.42-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,9 @@
+## 5.1.7
+
+### Minor Analysis Improvements
+
+* The generated Models as Data (MaD) models for .NET 9 Runtime have been updated and are now more precise (due to a recent model generator improvement).
+
 ## 5.1.6
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 5.1.7
+
+### Minor Analysis Improvements
+
 * The generated Models as Data (MaD) models for .NET 9 Runtime have been updated and are now more precise (due to a recent model generator improvement).
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.6
+lastReleaseVersion: 5.1.7
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.7-dev
+version: 5.1.8-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,12 @@
+## 1.2.1
+
+### Minor Analysis Improvements
+
+* The precision of the query `cs/missed-readonly-modifier` has been improved. Some false positives related to static fields and struct type fields have been removed.
+* The queries `cs/password-in-configuration`, `cs/hardcoded-credentials` and `cs/hardcoded-connection-string-credentials` have been removed from all query suites.
+* The precision of the query `cs/gethashcode-is-not-defined` has been improved (false negative reduction). Calls to more methods (and indexers) that rely on the invariant `e1.Equals(e2)` implies `e1.GetHashCode() == e2.GetHashCode()` are taken into account.
+* The precision of the query `cs/uncontrolled-format-string` has been improved (false negative reduction). Calls to `System.Text.CompositeFormat.Parse` are now considered a format like method call.
+
 ## 1.2.0
 
 ### Query Metadata Changes

@@ -0,0 +1,8 @@
+## 1.2.1
+
+### Minor Analysis Improvements
+
+* The precision of the query `cs/missed-readonly-modifier` has been improved. Some false positives related to static fields and struct type fields have been removed.
+* The queries `cs/password-in-configuration`, `cs/hardcoded-credentials` and `cs/hardcoded-connection-string-credentials` have been removed from all query suites.
+* The precision of the query `cs/gethashcode-is-not-defined` has been improved (false negative reduction). Calls to more methods (and indexers) that rely on the invariant `e1.Equals(e2)` implies `e1.GetHashCode() == e2.GetHashCode()` are taken into account.
+* The precision of the query `cs/uncontrolled-format-string` has been improved (false negative reduction). Calls to `System.Text.CompositeFormat.Parse` are now considered a format like method call.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.2.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.2.1-dev
+version: 1.2.2-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.24
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.24-dev
+version: 1.0.25-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 4.2.6
+
+No user-facing changes.
+
 ## 4.2.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 4.2.6
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.2.5
+lastReleaseVersion: 4.2.6
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.2.6-dev
+version: 4.2.7-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,9 @@
+## 1.2.1
+
+### Minor Analysis Improvements
+
+* The query `go/hardcoded-credentials` has been removed from all query suites.
+
 ## 1.2.0
 
 ### Query Metadata Changes

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.2.1
+
+### Minor Analysis Improvements
+
 * The query `go/hardcoded-credentials` has been removed from all query suites.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.2.1
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.2.1-dev
+version: 1.2.2-dev
 groups:
   - go
   - queries