github · nickrolfe · Jul 23, 2025 · Jul 23, 2025
@@ -1,9 +1,3 @@
-## 0.4.13
-
-### Bug Fixes
-
-* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
-
 ## 0.4.12
 
 ### Minor Analysis Improvements

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries  now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.13
+lastReleaseVersion: 0.4.12
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.13
+version: 0.4.13-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,7 +1,3 @@
-## 0.6.5
-
-No user-facing changes.
-
 ## 0.6.4
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.5
+lastReleaseVersion: 0.6.4
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.5
+version: 0.6.5-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,20 +1,3 @@
-## 5.3.0
-
-### Deprecated APIs
-
-* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
-
-### New Features
-
-* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
-
-### Minor Analysis Improvements
-
-* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
-* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
-* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
-* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
-
 ## 5.2.0
 
 ### Deprecated APIs

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.3.0
+lastReleaseVersion: 5.2.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.3.0
+version: 5.2.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,16 +1,3 @@
-## 1.4.4
-
-### Minor Analysis Improvements
-
-* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
-* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
-* Improved support for dataflow through function objects and lambda expressions.
-* Added flow models for `pthread_create` and `std::thread`.
-* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
-* Added flow models for the GNU C Library.
-* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
-* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
-
 ## 1.4.3
 
 ### Minor Analysis Improvements

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow models for the GNU C Library.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow models for `pthread_create` and `std::thread`.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved support for dataflow through function objects and lambda expressions.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.4
+lastReleaseVersion: 1.4.3
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.4
+version: 1.4.4-dev
 groups:
   - cpp
   - queries

@@ -1,7 +1,3 @@
-## 1.7.44
-
-No user-facing changes.
-
 ## 1.7.43
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.44
+lastReleaseVersion: 1.7.43
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.44
+version: 1.7.44-dev
 groups:
   - csharp
   - solorigate

@@ -1,7 +1,3 @@
-## 1.7.44
-
-No user-facing changes.
-
 ## 1.7.43
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.44
+lastReleaseVersion: 1.7.43
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.44
+version: 1.7.44-dev
 groups:
   - csharp
   - solorigate

@@ -1,9 +1,3 @@
-## 5.2.0
-
-### New Features
-
-* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
-
 ## 5.1.9
 
 No user-facing changes.

@@ -1,5 +1,4 @@
-## 5.2.0
-
-### New Features
-
+---
+category: feature
+---
 * Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.2.0
+lastReleaseVersion: 5.1.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.2.0
+version: 5.1.10-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,14 +1,3 @@
-## 1.3.1
-
-### Minor Analysis Improvements
-
-* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
-* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
-
-### Bug Fixes
-
-* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
-
 ## 1.3.0
 
 ### Query Metadata Changes

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
@@ -1,10 +1,4 @@
-## 1.3.1
-
-### Minor Analysis Improvements
-
+---
+category: minorAnalysis
+---
 * Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
-* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
-
-### Bug Fixes
-
-* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.1
+lastReleaseVersion: 1.3.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.3.1
+version: 1.3.1-dev
 groups:
   - csharp
   - queries

@@ -1,7 +1,3 @@
-## 1.0.27
-
-No user-facing changes.
-
 ## 1.0.26
 
 No user-facing changes.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.27
+lastReleaseVersion: 1.0.26
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.27
+version: 1.0.27-dev
 groups:
   - go
   - queries

@@ -1,15 +1,3 @@
-## 4.3.0
-
-### Deprecated APIs
-
-* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
-* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.
-
-### Minor Analysis Improvements
-
-* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
-* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
-
 ## 4.2.8
 
 No user-facing changes.

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
@@ -0,0 +1,5 @@
+---
+category: deprecated
+---
+* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
+* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.