20 Pull requests merged by 12 people

• Post-release preparation for codeql-cli-2.21.4

  #19602 merged May 27, 2025

• Release preparation for version 2.21.4

  #19601 merged May 27, 2025

• Rust: Recognize more sensitive data sources

  #19470 merged May 27, 2025

• C++: Address comments from earlier Windows MaD PRs

  #19599 merged May 27, 2025

• Go: Explicitly check whether proxy env vars are empty

  #19598 merged May 27, 2025

• C++: Add missing ReadFileEx flow summary

  #19595 merged May 27, 2025

• Rust: Model Pin

  #19529 merged May 27, 2025

• Rust: add option to extract dependencies as source files

  #19583 merged May 27, 2025

• C#: Improve cs/missed-readonly-modifier and to code-quality suite.

  #19520 merged May 27, 2025

• C++: Add more Win32 flow sources

  #19591 merged May 27, 2025

• Rust: Only include relevant AST nodes in TypeMention

  #19557 merged May 27, 2025

• C++: Add Windows command line and environment models

  #19563 merged May 27, 2025

• Swift: Update to Swift 6.1.1

  #19576 merged May 27, 2025

• JS: Explicitly Filter Quality Queries for Inclusion in Security-and-Quality

  #19578 merged May 27, 2025

• Swift: Fix type string representation

  #19582 merged May 27, 2025

• Rust: Add more Operation subclasses

  #19562 merged May 27, 2025

• Rust: Resolve function calls to traits methods

  #19575 merged May 27, 2025

• Rust: turn off macro expansion in code to be expanded by attribute macros

  #19572 merged May 27, 2025

• Rangeanalysis: Simplify Guards integration.

  #19571 merged May 26, 2025

• Type inference: Simplify internal representation of type paths

  #19570 merged May 26, 2025

16 Pull requests opened by 11 people

• Rust: Remove source vs library deduplication logic

  #19577 opened May 26, 2025

• JS: Enhance `isDomProperty`

  #19579 opened May 26, 2025

• Rust: Also include prelude path resolution in Core

  #19580 opened May 26, 2025

• Rust: skip private items when extracting library files

  #19581 opened May 26, 2025

• Rust: Type inference for `.await` expressions

  #19584 opened May 26, 2025

• Rust: skip unexpanded stuff in library emission

  #19585 opened May 27, 2025

• Diff-informed queries via primary/secondary abstractions

  #19586 opened May 27, 2025

• JS: Mark AngularJS $location as client-side remote flow source

  #19587 opened May 27, 2025

• Rust: re-enable attribute macro expansion in library mode

  #19588 opened May 27, 2025

• C#: Improve `cs/dereference-*` queries and add to the Code Quality suite.

  #19589 opened May 27, 2025

• Add QL for QL query to warn about possible non-inlining across overlay frontier

  #19590 opened May 27, 2025

• Experiment: Test overlay[caller] QL-for-QL warning

  #19592 opened May 27, 2025

• Rust: Type inference for operator overloading

  #19593 opened May 27, 2025

• Python: Add Pandas SQLi sinks

  #19594 opened May 27, 2025

• C++: Generate flow summaries for `curl/curl`

  #19596 opened May 27, 2025

• Rust: add more macro expansion tests

  #19600 opened May 27, 2025

1 Issue opened by 1 person

• Java: static field access of unknown class breaks dataflow (build-mode=none)

  #19597 opened May 27, 2025

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Quantum: Add Open Quantum Safe (OQS) provider signing model

  #19574 commented on May 27, 2025 • 26 new comments

• Python: Modernize iter not returning self query

  #19554 commented on May 27, 2025 • 7 new comments

• Rust: use all features by default

  #19551 commented on May 27, 2025 • 2 new comments

• Java: Queries for thread-safe classes

  #19539 commented on May 27, 2025 • 1 new comment

• Quantum: Add initial qltests for OpenSSL modeling

  #19564 commented on May 27, 2025 • 1 new comment

• CodeQL DB missing half the source C files, getting compiled with no errors.

  #19066 commented on May 27, 2025 • 0 new comments

• Java: Generic Class Methods not connected when type parameter is unknown (build-mode=none)

  #19538 commented on May 27, 2025 • 0 new comments

• How to speed up the execution

  #19471 commented on May 28, 2025 • 0 new comments

• C++: Multi-Level Member Function Calls Not Modeled as DataFlow::Node

  #19457 commented on May 28, 2025 • 0 new comments

• Rust: Make `SummarizedCallable` extend `Function` instead of `string`

  #19268 commented on May 27, 2025 • 0 new comments

• Go: Check more things while running tests

  #19491 commented on May 27, 2025 • 0 new comments

• Rust: upgrade `rust-analyzer` to 0.0.281

  #19524 commented on May 27, 2025 • 0 new comments

• C++: accept new test results after changes

  #19533 commented on May 27, 2025 • 0 new comments

• JS: new `Quality` query - Unhandled errors in `.pipe()` chain

  #19544 commented on May 27, 2025 • 0 new comments

• Rust: move body skipping logic to code generation

  #19559 commented on May 26, 2025 • 0 new comments

• Shared/Java: Add shared Guards library and switch Java to use it.

  #19573 commented on May 27, 2025 • 0 new comments