Post-release preparation for codeql-cli-2.22.3#20166
Conversation
Release preparation for version 2.22.3
github-actions
bot
added
C#
JS
C++
documentation
Java
Python
Go
Ruby
Rust
There was a problem hiding this comment.
Pull Request Overview
This PR performs post-release preparation for codeql-cli-2.22.3 by merging back changes from the release and bumping version strings for the next release (2.22.4). The changes include updating package versions, release tracking files, and consolidating change notes into changelogs.
- Version increments across all language packs and shared libraries
- Creation of release change notes and updating changelogs
- Removal of pending change note files that were incorporated into the release
Reviewed Changes
Copilot reviewed 172 out of 172 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Various qlpack.yml files | Version bumps from released to next development versions |
| Various codeql-pack.release.yml files | Updated lastReleaseVersion to track completed releases |
| Various change-notes/released/*.md files | New release notes documenting the changes in each package |
| Various CHANGELOG.md files | Updated with release notes and consolidated change summaries |
| Various change-notes/*.md files | Removed individual change note files that were incorporated into releases |
|
|
||
| ### New Queries | ||
|
|
||
| * Added a new query, `rust/hard-coded-cryptographic-value`, for detecting use of hardcoded keys, passwords, salts and initialization vectors. |
There was a problem hiding this comment.
There's an inconsistency in the query name. The change note refers to rust/hard-coded-cryptographic-value while the removed change note file mentions rust/hardcoded-crytographic-value (note the missing hyphen and typo 'crytographic'). Ensure the correct query name is used consistently.
|
|
||
| ### Minor Analysis Improvements | ||
|
|
||
| * The "Initialization code not run" query (`cpp/initialization-not-run`) no longer reports an alert on static global variables that have no dereference. |
There was a problem hiding this comment.
The grammar should be "that have no dereference" instead of "that has no dereference" to maintain subject-verb agreement with the plural "variables".
| ### New Features | ||
|
|
||
| * You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks which do not require extra logic to determine if they are unsafe are now defined in this way. | ||
| * You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks that do not require extra logic to determine if they are unsafe are now defined in this way. |
There was a problem hiding this comment.
[nitpick] The word "which" has been changed to "that" in this line. While both are grammatically correct, this appears to be a style improvement rather than a correction of an error.
2 participants
This PR merges back all of the changes from the release of codeql-cli-2.22.3. And it bumps the version version strings in semmle-code in preparation for the next release of 2.22.4.