Skip to content

Releases: GitHubSecurityLab/CodeQL-Community-Packs

v0.5.1

Choose a tag to compare

@github-actions github-actions released this 11 Jul 04:24
aeca4c1

Publish summary

Generated by publish.yml run #169 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.5.0 0.5.0 n/a n/a
C# 0.5.0 0.5.0 0.5.0 0.5.0
Go 0.5.0 0.5.0 n/a n/a
Java 0.5.0 0.5.0 0.5.0 0.5.0
JavaScript 0.5.0 0.5.0 n/a n/a
Python 0.5.0 0.5.0 n/a n/a
Ruby 0.5.0 0.5.0 n/a n/a

What's Changed

  • Chore/update codeql cli 2.24.3 - fix failing tests by @felickz in #180

Full Changelog: v0.5.0...v0.5.1

CodeQL standard library & query pack versions

Pinned CodeQL CLI/library version (.codeqlversion): v2.24.3

Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.24.3 (tag codeql-cli/v2.24.3). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.

Language Pack Dependency Our locked version Upstream (CLI v2.24.3 ships) Status
C++ src codeql/cpp-all 8.0.0 8.0.0
C++ src codeql/cpp-queries 1.5.12 1.5.12
C++ lib codeql/cpp-all 8.0.0 8.0.0
C# src codeql/csharp-all 5.4.8 5.4.8
C# src codeql/csharp-queries 1.6.3 1.6.3
C# lib codeql/csharp-all 5.4.8 5.4.8
Go src codeql/go-all 7.0.1 7.0.1
Go lib codeql/go-all 7.0.1 7.0.1
Java src codeql/java-all 8.1.1 8.1.1
Java lib codeql/java-all 8.1.1 8.1.1
JavaScript src codeql/javascript-all 2.6.23 2.6.23
JavaScript lib codeql/javascript-all 2.6.23 2.6.23
Python src codeql/python-all 7.0.0 7.0.0
Python lib codeql/python-all 7.0.0 7.0.0
Ruby src codeql/ruby-all 5.1.11 5.1.11
Ruby lib codeql/ruby-all 5.1.11 5.1.11

v0.5.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 02:45
c444769

Publish summary

Generated by publish.yml run #168 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.5.0 🆕 0.5.0 🆕 n/a n/a
C# 0.5.0 🆕 0.5.0 🆕 0.5.0 🆕 0.5.0 🆕
Go 0.5.0 🆕 0.5.0 🆕 n/a n/a
Java 0.5.0 🆕 0.5.0 🆕 0.5.0 🆕 0.5.0 🆕
JavaScript 0.5.0 🆕 0.5.0 🆕 n/a n/a
Python 0.5.0 🆕 0.5.0 🆕 n/a n/a
Ruby 0.5.0 🆕 0.5.0 🆕 n/a n/a

What's Changed

  • docs: retire hand-maintained CodeQL version table, point to GitHub Releases by @felickz in #178
  • chore: bump pinned CodeQL CLI to v2.24.3 and release v0.5.0 by @security-lab-bot[bot] in #179

Full Changelog: v0.4.0...v0.5.0

CodeQL standard library & query pack versions

Pinned CodeQL CLI/library version (.codeqlversion): v2.24.3

Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.24.3 (tag codeql-cli/v2.24.3). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.

Language Pack Dependency Our locked version Upstream (CLI v2.24.3 ships) Status
C++ src codeql/cpp-all 8.0.0 8.0.0
C++ src codeql/cpp-queries 1.5.12 1.5.12
C++ lib codeql/cpp-all 8.0.0 8.0.0
C# src codeql/csharp-all 5.4.8 5.4.8
C# src codeql/csharp-queries 1.6.3 1.6.3
C# lib codeql/csharp-all 5.4.8 5.4.8
Go src codeql/go-all 7.0.1 7.0.1
Go lib codeql/go-all 7.0.1 7.0.1
Java src codeql/java-all 8.1.1 8.1.1
Java lib codeql/java-all 8.1.1 8.1.1
JavaScript src codeql/javascript-all 2.6.23 2.6.23
JavaScript lib codeql/javascript-all 2.6.23 2.6.23
Python src codeql/python-all 7.0.0 7.0.0
Python lib codeql/python-all 7.0.0 7.0.0
Ruby src codeql/ruby-all 5.1.11 5.1.11
Ruby lib codeql/ruby-all 5.1.11 5.1.11

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 00:40
e7c143a

Publish summary

Generated by publish.yml run #167 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.4.0 🆕 0.4.0 🆕 n/a n/a
C# 0.4.0 🆕 0.4.0 🆕 0.4.0 🆕 0.4.0 🆕
Go 0.4.0 🆕 0.4.0 🆕 n/a n/a
Java 0.4.0 🆕 0.4.0 🆕 0.4.0 🆕 0.4.0 🆕
JavaScript 0.4.0 🆕 0.4.0 🆕 n/a n/a
Python 0.4.0 🆕 0.4.0 🆕 n/a n/a
Ruby 0.4.0 🆕 0.4.0 🆕 n/a n/a

What's Changed

  • fix(release): invoke patch-release-me via docker run to avoid mode arg quoting bug by @felickz in #171
  • feat(release): add prerelease boolean toggle, default off by @felickz in #172
  • feat(ci): add copilot-setup-steps.yml for delegated CI-fix sessions by @felickz in #174
  • fix(release): stop patch-release-me double-bumping ql/hotspots by @felickz in #175
  • chore: bump pinned CodeQL CLI to v2.22.4 and release v0.3.0 by @security-lab-bot[bot] in #173
  • chore(ci): pre-install every CodeQL pack's dependencies in copilot-setup-steps.yml by @felickz in #176
  • chore: bump pinned CodeQL CLI to v2.23.9 and release v0.4.0 by @security-lab-bot[bot] in #177

Full Changelog: v0.2.4...v0.4.0

CodeQL standard library & query pack versions

Pinned CodeQL CLI/library version (.codeqlversion): v2.23.9

Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.23.9 (tag codeql-cli/v2.23.9). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.

Language Pack Dependency Our locked version Upstream (CLI v2.23.9 ships) Status
C++ src codeql/cpp-all 6.1.4 6.1.4
C++ src codeql/cpp-queries 1.5.8 1.5.8
C++ lib codeql/cpp-all 6.1.4 6.1.4
C# src codeql/csharp-all 5.4.4 5.4.4
C# src codeql/csharp-queries 1.5.4 1.5.4
C# lib codeql/csharp-all 5.4.4 5.4.4
Go src codeql/go-all 5.0.6 5.0.6
Go lib codeql/go-all 5.0.6 5.0.6
Java src codeql/java-all 7.8.3 7.8.3
Java lib codeql/java-all 7.8.3 7.8.3
JavaScript src codeql/javascript-all 2.6.19 2.6.19
JavaScript lib codeql/javascript-all 2.6.19 2.6.19
Python src codeql/python-all 5.0.4 5.0.4
Python lib codeql/python-all 5.0.4 5.0.4
Ruby src codeql/ruby-all 5.1.7 5.1.7
Ruby lib codeql/ruby-all [5.1.7](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/blob/e7c143a361584f0fd3584e7066503619a181b...
Read more

v0.2.4

Choose a tag to compare

@github-actions github-actions released this 10 Jul 20:53
1ae3c42

Publish summary

Generated by publish.yml run #164 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.4 🆕 0.2.4 🆕 n/a n/a
C# 0.2.4 🆕 0.2.4 🆕 0.2.4 🆕 0.2.4 🆕
Go 0.2.4 🆕 0.2.4 🆕 n/a n/a
Java 0.2.4 🆕 0.2.4 🆕 0.2.4 🆕 0.2.4 🆕
JavaScript 0.2.4 🆕 0.2.4 🆕 n/a n/a
Python 0.2.4 🆕 0.2.4 🆕 n/a n/a
Ruby 0.2.4 🆕 0.2.4 🆕 n/a n/a

What's Changed

  • chore: bump remaining packs to 0.2.3 to match .release.yml by @felickz in #159
  • feat(publish): gate auto-publish on releases + publish summary table + docs by @felickz in #160
  • fix(workflows): add packages: read permission to update-codeql-version.yml by @felickz in #163
  • chore: bump pinned CodeQL CLI to v2.21.4 by @security-lab-bot[bot] in #166
  • feat(update-codeql-version): add optional release_bump input to publish in the same PR by @felickz in #167
  • fix(release): repin patch-release-me to 0.6.5 (0.6.6's GHCR image was never published) by @felickz in #168
  • Chore: Auto Update new Release by @security-lab-bot[bot] in #169

New Contributors

  • @security-lab-bot[bot] made their first contribution in #166

Full Changelog: v0.2.3...v0.2.4

CodeQL standard library & query pack versions

Pinned CodeQL CLI/library version (.codeqlversion): v2.21.4

Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.21.4 (tag codeql-cli/v2.21.4). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.

Language Pack Dependency Our locked version Upstream (CLI v2.21.4 ships) Status
C++ src codeql/cpp-all 5.0.0 5.0.0
C++ src codeql/cpp-queries 1.4.1 1.4.1
C++ lib codeql/cpp-all 5.0.0 5.0.0
C# src codeql/csharp-all 5.1.7 5.1.7
C# src codeql/csharp-queries 1.2.1 1.2.1
C# lib codeql/csharp-all 5.1.7 5.1.7
Go src codeql/go-all 4.2.6 4.2.6
Go lib codeql/go-all 4.2.6 4.2.6
Java src codeql/java-all 7.3.0 7.3.0
Java lib codeql/java-all 7.3.0 7.3.0
JavaScript src codeql/javascript-all 2.6.4 2.6.4
JavaScript lib codeql/javascript-all 2.6.4 2.6.4
Python src codeql/python-all 4.0.8 4.0.8
Python lib codeql/python-all 4.0.8 4.0.8
Ruby src codeql/ruby-all 4.1.7 [4.1.7](https://github.com/github/codeql/blob/codeql-cli/v2.21.4/ruby/ql/lib/qlpa...
Read more

v0.2.3

Choose a tag to compare

@github-actions github-actions released this 10 Jul 00:51
cb01617

Publish summary

Generated by publish.yml run #158 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.3 0.2.3 n/a n/a
C# 0.2.3 0.2.3 0.2.3 0.2.3
Go 0.2.3 0.2.3 n/a n/a
Java 0.2.3 0.2.3 0.2.3 0.2.3
JavaScript 0.2.3 0.2.3 n/a n/a
Python 0.2.3 0.2.3 n/a n/a
Ruby 0.2.3 0.2.3 n/a n/a

** NOTE: codeql-java-queries v0.2.2 was published in August 25 - so much of the 0.2.2 changelog is synced up in v0.2.3 for codeql-java-queries

What's Changed

  • Sync all packs to 0.2.2 and make .release.yml the version source of truth by @felickz in #158
  • fix(java): remove duplicate codeql-java-extensions dependency causing fatal analysis crash by @felickz in #155

Full Changelog: v0.2.2...v0.2.3

CodeQL standard library & query pack versions

Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1

Comparing each language's direct codeql/* dependencies (from <lang>/src/qlpack.yml, resolved in src/codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.21.1 (tag codeql-cli/v2.21.1). Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/src (and lib/ext as needed) hasn't been run since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.

Language Dependency Our locked version Upstream (CLI v2.21.1 ships) Status
C++ codeql/cpp-all 4.2.0 4.2.0
C++ codeql/cpp-queries 1.3.8 1.3.8
C# codeql/csharp-all 5.1.4 5.1.4
C# codeql/csharp-queries 1.1.1 1.1.1
Go codeql/go-all 4.2.3 4.2.3
Java codeql/java-all 7.1.3 7.1.3
JavaScript codeql/javascript-all 2.6.1 2.6.1
Python codeql/python-all 4.0.5 4.0.5
Ruby codeql/ruby-all 4.1.4 4.1.4

v0.2.2

Choose a tag to compare

@felickz felickz released this 09 Jul 16:33
de643b5

Note

All 18 published packages are now synced to 0.2.2. Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1. n/a means that pack doesn't exist for this language (only C# and Java publish ext/ext-library-sources today).

Progress toward v0.2.2

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.2 0.2.2 n/a n/a
C# 0.2.2 0.2.2 0.2.2 0.2.2
Go 0.2.2 0.2.2 n/a n/a
Java 0.2.2 ** 0.2.2 0.2.2 0.2.2
JavaScript 0.2.2 0.2.2 n/a n/a
Python 0.2.2 0.2.2 n/a n/a
Ruby 0.2.2 0.2.2 n/a n/a

** NOTE: codeql-java-queries v0.2.2 was published in August 25 - so much of the changelog below does not apply to this release - will be synced up in v0.2.3

18 of 18 published packages are on 0.2.2. All republished automatically by publish.yml after #158 merged to main; codeql-java-queries was already at 0.2.2 and was correctly skipped as a no-op (confirms the publish workflow's version-diff check is idempotent). See CONTRIBUTING.md: Releases & publishing for how a version bump triggers a republish.

What's Changed

  • deps: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 in the production-dependencies group by @dependabot[bot] in #108
  • deps: bump 42ByteLabs/patch-release-me from 0.4.1 to 0.5.3 in the production-dependencies group by @dependabot[bot] in #109
  • deps: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the production-dependencies group by @dependabot[bot] in #110
  • deps: bump actions/create-github-app-token from 1 to 2 in the production-dependencies group by @dependabot[bot] in #111
  • deps: bump 42ByteLabs/patch-release-me from 0.5.3 to 0.5.4 in the production-dependencies group by @dependabot[bot] in #112
  • docs: Update README by @GeekMasher in #104
  • Python: Add generated and manual models by @GeekMasher in #113
  • Java: Debugging queries by @GeekMasher in #114
  • JS: debugging queries by @GeekMasher in #115
  • Python: Debugging queries by @GeekMasher in #119
  • Go: Debugging queries by @GeekMasher in #120
  • deps: bump 42ByteLabs/patch-release-me from 0.5.4 to 0.5.5 in the production-dependencies group by @dependabot[bot] in #122
  • Feat: Add support for .codeqlversion by @GeekMasher in #117
  • deps: bump 42ByteLabs/patch-release-me from 0.5.5 to 0.6.0 in the production-dependencies group by @dependabot[bot] in #128
  • Remove "Change notes" section by @kevinbackhouse in #127
  • Update synthetics config to exclude test dir by @GeekMasher in #131
  • Java: remove SpringBootActuators query by @jcogs33 in #123
  • deps: bump 42ByteLabs/patch-release-me from 0.6.0 to 0.6.1 in the production-dependencies group by @dependabot[bot] in #133
  • Update synthetics.yml to remove WP 1P content by @felickz in #132
  • Update dependencies to packs shipped with 2.21.1 by @jcogs33 in #124
  • Add CodeQL quality configuration file for enhanced code quality analysis by @felickz in #136
  • Java: Remove the query githubsecuritylab/java/insecure-spring-actuator-config. by @michaelnebel in #138
  • deps: bump the production-dependencies group with 2 updates by @dependabot[bot] in #137
  • deps: bump the production-dependencies group across 1 directory with 6 updates by @dependabot[bot] in #143
  • Fix indentation for 'pack' and 'extensible' fields in model YAML files by @felickz in #146
  • deps: bump the production-dependencies group across 1 directory with 8 updates by @dependabot[bot] in #150
  • deps: bump dorny/paths-filter from 4.0.1 to 4.0.2 in the production-dependencies group by @dependabot[bot] in #152
  • Add Java security queries: cleartext LDAP, insecure JDBC cert, credentials in URL, IDOR by @felickz in #151
  • docs: document CodeQL version pinning and pack compatibility by @felickz in #154
  • security: adopt supply chain security defaults by @felickz in #153
  • docs: clarify how release/publish process works today by @felickz in #157
  • Sync all packs to 0.2.2 and make .release.yml the version source of truth by @felickz in #158

New Contributors

Full Changelog: v0.2.1...v0.2.2

Publish summary

Generated by publish.yml run #153 — 🆕 marks a package republished by this run.

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.2 0.2.2 n/a n/a
C# 0.2.2 0.2.2 [0.2.2](https://github.com/GitHubSecurityLab/CodeQL-Community-P...
Read more

v0.2.1

Choose a tag to compare

@GeekMasher GeekMasher released this 24 Jan 10:38
3a9acb5

Published package versions

This table is the point of truth for what's actually published to GHCR today. It's updated by hand when packages are republished; if it looks stale, check the pack's qlpack.yml on main and the GHCR package page directly.

Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.1 0.2.1 n/a n/a
C# 0.2.1 0.2.1 0.2.1 0.2.1
Go 0.2.1 0.2.1 n/a n/a
Java 0.2.2 0.2.1 0.2.1 0.2.1
JavaScript 0.2.1 0.2.1 n/a n/a
Python 0.2.1 0.2.1 n/a n/a
Ruby 0.2.1 0.2.1 n/a n/a

Java's queries pack is the only one currently republished with v2.21.1-era content (bumped straight to 0.2.2 in a standalone commit). Every other pack's source already targets v2.21.1, but its qlpack.yml version was never bumped, so GHCR is still serving the pre-v2.21.1 0.2.1 build. See CONTRIBUTING.md: Releases & publishing for how a version bump triggers a republish.

What's Changed

Full Changelog: v0.2.0...v0.2.1

v0.2.0

Choose a tag to compare

@GeekMasher GeekMasher released this 20 Jan 17:33
8fbaefb

Published package versions

Historical snapshot: every pack was 0.2.0 at this release. There was no repo-wide .codeqlversion pin yet (added later); CI (ci.yml) tested against CodeQL 2.20.1, while publish.yml had no explicit CLI pin and just used whatever CodeQL was preinstalled on the runner.

CI CodeQL CLI version at this release: v2.20.1

Language Queries (src) Library (lib) Extensions (ext) Library sources (ext-library-sources)
C++ 0.2.0 0.2.0 n/a n/a
C# 0.2.0 0.2.0 0.2.0 0.2.0
Go 0.2.0 0.2.0 n/a n/a
Java 0.2.0 0.2.0 0.2.0 0.2.0
JavaScript 0.2.0 0.2.0 n/a n/a
Python 0.2.0 0.2.0 n/a n/a
Ruby 0.2.0 0.2.0 n/a n/a

For the current published state, see the v0.2.1 release notes.

What's Changed

Read more