From e0c84515a52207288edfbce304d07cea896104e2 Mon Sep 17 00:00:00 2001 From: felickz <1760475+felickz@users.noreply.github.com> Date: Fri, 10 Jul 2026 23:10:13 +0000 Subject: [PATCH 1/2] chore: bump pinned CodeQL CLI to v2.23.9 and release v0.4.0 --- .codeqlversion | 2 +- .release.yml | 2 +- cpp/lib/codeql-pack.lock.yml | 24 +++++++++++---------- cpp/lib/qlpack.yml | 4 ++-- cpp/src/codeql-pack.lock.yml | 28 +++++++++++++------------ cpp/src/qlpack.yml | 6 +++--- cpp/test/codeql-pack.lock.yml | 28 +++++++++++++------------ cpp/test/qlpack.yml | 4 ++-- csharp/ext-library-sources/qlpack.yml | 4 ++-- csharp/ext/qlpack.yml | 4 ++-- csharp/lib/codeql-pack.lock.yml | 20 +++++++++--------- csharp/lib/qlpack.yml | 4 ++-- csharp/src/codeql-pack.lock.yml | 24 ++++++++++----------- csharp/src/qlpack.yml | 6 +++--- csharp/test/codeql-pack.lock.yml | 24 ++++++++++----------- csharp/test/qlpack.yml | 4 ++-- go/ext/qlpack.yml | 4 ++-- go/lib/codeql-pack.lock.yml | 20 +++++++++++------- go/lib/qlpack.yml | 4 ++-- go/src/codeql-pack.lock.yml | 20 +++++++++++------- go/src/qlpack.yml | 4 ++-- go/test/codeql-pack.lock.yml | 20 +++++++++++------- go/test/qlpack.yml | 2 +- java/ext-library-sources/qlpack.yml | 4 ++-- java/ext/qlpack.yml | 4 ++-- java/lib/codeql-pack.lock.yml | 28 ++++++++++++------------- java/lib/qlpack.yml | 4 ++-- java/src/codeql-pack.lock.yml | 28 ++++++++++++------------- java/src/qlpack.yml | 4 ++-- java/test/codeql-pack.lock.yml | 28 ++++++++++++------------- java/test/qlpack.yml | 2 +- javascript/lib/codeql-pack.lock.yml | 26 ++++++++++++----------- javascript/lib/qlpack.yml | 4 ++-- javascript/src/codeql-pack.lock.yml | 26 ++++++++++++----------- javascript/src/qlpack.yml | 4 ++-- javascript/test/codeql-pack.lock.yml | 26 ++++++++++++----------- javascript/test/qlpack.yml | 2 +- python/ext/qlpack.yml | 4 ++-- python/lib/codeql-pack.lock.yml | 26 ++++++++++++----------- python/lib/qlpack.yml | 4 ++-- python/src/codeql-pack.lock.yml | 26 ++++++++++++----------- python/src/qlpack.yml | 4 ++-- python/test/codeql-pack.lock.yml | 30 ++++++++++++++------------- python/test/qlpack.yml | 4 ++-- ruby/lib/codeql-pack.lock.yml | 20 +++++++++--------- ruby/lib/qlpack.yml | 4 ++-- ruby/src/codeql-pack.lock.yml | 20 +++++++++--------- ruby/src/qlpack.yml | 4 ++-- ruby/test/codeql-pack.lock.yml | 24 ++++++++++----------- ruby/test/qlpack.yml | 4 ++-- 50 files changed, 328 insertions(+), 298 deletions(-) diff --git a/.codeqlversion b/.codeqlversion index aeb1b068..eb43aa2c 100644 --- a/.codeqlversion +++ b/.codeqlversion @@ -1 +1 @@ -2.22.4 +2.23.9 diff --git a/.release.yml b/.release.yml index 9898ea5b..2843cada 100644 --- a/.release.yml +++ b/.release.yml @@ -1,6 +1,6 @@ name: "CodeQL Community Packs" repository: "githubsecuritylab/codeql-community-packs" -version: "0.3.0" +version: "0.4.0" prerelease: false ecosystem: CodeQL diff --git a/cpp/lib/codeql-pack.lock.yml b/cpp/lib/codeql-pack.lock.yml index 95bae44e..bde92c18 100644 --- a/cpp/lib/codeql-pack.lock.yml +++ b/cpp/lib/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.23 codeql/cpp-all: - version: 5.4.1 + version: 6.1.4 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/cpp/lib/qlpack.yml b/cpp/lib/qlpack.yml index 6dac845b..9f60be8b 100644 --- a/cpp/lib/qlpack.yml +++ b/cpp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-cpp-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/cpp-all: '5.4.1' + codeql/cpp-all: '6.1.4' diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index e8d089e8..8aaff64e 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -1,30 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.23 codeql/cpp-all: - version: 5.4.1 + version: 6.1.4 codeql/cpp-queries: - version: 1.4.6 + version: 1.5.8 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index 6deb3ce9..bc23ff5a 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-cpp-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/cpp.qls dependencies: - codeql/cpp-all: '5.4.1' - codeql/cpp-queries: '1.4.6' + codeql/cpp-all: '6.1.4' + codeql/cpp-queries: '1.5.8' githubsecuritylab/codeql-cpp-libs: '*' diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index e8d089e8..8aaff64e 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -1,30 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.23 codeql/cpp-all: - version: 5.4.1 + version: 6.1.4 codeql/cpp-queries: - version: 1.4.6 + version: 1.5.8 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/cpp/test/qlpack.yml b/cpp/test/qlpack.yml index 71c33cf7..8bf0f5f3 100644 --- a/cpp/test/qlpack.yml +++ b/cpp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-cpp-tests groups: [cpp, test] dependencies: - codeql/cpp-all: '5.4.1' - codeql/cpp-queries: '1.4.6' + codeql/cpp-all: '6.1.4' + codeql/cpp-queries: '1.5.8' githubsecuritylab/codeql-cpp-queries: '*' githubsecuritylab/codeql-cpp-libs: '*' extractor: cpp diff --git a/csharp/ext-library-sources/qlpack.yml b/csharp/ext-library-sources/qlpack.yml index e7bd58b5..66cce996 100644 --- a/csharp/ext-library-sources/qlpack.yml +++ b/csharp/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-library-sources -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/csharp-all: '5.2.2' + codeql/csharp-all: '5.4.4' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/ext/qlpack.yml b/csharp/ext/qlpack.yml index b9a89a84..e5ad844d 100644 --- a/csharp/ext/qlpack.yml +++ b/csharp/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-extensions -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/csharp-all: '5.2.2' + codeql/csharp-all: '5.4.4' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/lib/codeql-pack.lock.yml b/csharp/lib/codeql-pack.lock.yml index 6405cc38..0580cdfb 100644 --- a/csharp/lib/codeql-pack.lock.yml +++ b/csharp/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/csharp-all: - version: 5.2.2 + version: 5.4.4 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/csharp/lib/qlpack.yml b/csharp/lib/qlpack.yml index a98fda6a..79d1fb97 100644 --- a/csharp/lib/qlpack.yml +++ b/csharp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-csharp-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/csharp-all: "5.2.2" + codeql/csharp-all: "5.4.4" diff --git a/csharp/src/codeql-pack.lock.yml b/csharp/src/codeql-pack.lock.yml index 5da2285b..b31e6644 100644 --- a/csharp/src/codeql-pack.lock.yml +++ b/csharp/src/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/csharp-all: - version: 5.2.2 + version: 5.4.4 codeql/csharp-queries: - version: 1.3.3 + version: 1.5.4 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/csharp/src/qlpack.yml b/csharp/src/qlpack.yml index 61f2c76c..6dd5353b 100644 --- a/csharp/src/qlpack.yml +++ b/csharp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-csharp-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/csharp.qls dependencies: - codeql/csharp-all: "5.2.2" - codeql/csharp-queries: "1.3.3" # Required for Dependencies.ql + codeql/csharp-all: "5.4.4" + codeql/csharp-queries: "1.5.4" # Required for Dependencies.ql githubsecuritylab/codeql-csharp-libs: "*" diff --git a/csharp/test/codeql-pack.lock.yml b/csharp/test/codeql-pack.lock.yml index 5da2285b..b31e6644 100644 --- a/csharp/test/codeql-pack.lock.yml +++ b/csharp/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/csharp-all: - version: 5.2.2 + version: 5.4.4 codeql/csharp-queries: - version: 1.3.3 + version: 1.5.4 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/csharp/test/qlpack.yml b/csharp/test/qlpack.yml index 44af9376..04082172 100644 --- a/csharp/test/qlpack.yml +++ b/csharp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-csharp-tests groups: [csharp, test] dependencies: - codeql/csharp-all: "5.2.2" - codeql/csharp-queries: "1.3.3" + codeql/csharp-all: "5.4.4" + codeql/csharp-queries: "1.5.4" githubsecuritylab/codeql-csharp-extensions: "*" githubsecuritylab/codeql-csharp-library-sources: "*" githubsecuritylab/codeql-csharp-libs: "*" diff --git a/go/ext/qlpack.yml b/go/ext/qlpack.yml index 75a38ead..5d983e4f 100644 --- a/go/ext/qlpack.yml +++ b/go/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-go-extensions -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/go-all: '4.3.2' + codeql/go-all: '5.0.6' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/go/lib/codeql-pack.lock.yml b/go/lib/codeql-pack.lock.yml index 1818451a..a662ba02 100644 --- a/go/lib/codeql-pack.lock.yml +++ b/go/lib/codeql-pack.lock.yml @@ -1,20 +1,24 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/go-all: - version: 4.3.2 + version: 5.0.6 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/go/lib/qlpack.yml b/go/lib/qlpack.yml index 98159fcf..372cbb53 100644 --- a/go/lib/qlpack.yml +++ b/go/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-go-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/go-all: '4.3.2' + codeql/go-all: '5.0.6' diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index 1818451a..a662ba02 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -1,20 +1,24 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/go-all: - version: 4.3.2 + version: 5.0.6 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index d5344d45..6a5818f5 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-go-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/go.qls dependencies: - codeql/go-all: '4.3.2' + codeql/go-all: '5.0.6' githubsecuritylab/codeql-go-libs: '*' diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index 1818451a..a662ba02 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -1,20 +1,24 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/go-all: - version: 4.3.2 + version: 5.0.6 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/go/test/qlpack.yml b/go/test/qlpack.yml index 490ba80d..a3a94a6b 100644 --- a/go/test/qlpack.yml +++ b/go/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-go-tests groups: [go, test] dependencies: - codeql/go-all: '4.3.2' + codeql/go-all: '5.0.6' # codeql/go-queries: '*' githubsecuritylab/codeql-go-queries: '*' githubsecuritylab/codeql-go-libs: '*' diff --git a/java/ext-library-sources/qlpack.yml b/java/ext-library-sources/qlpack.yml index a6ce3639..30657b78 100644 --- a/java/ext-library-sources/qlpack.yml +++ b/java/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-library-sources -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/java-all: '7.6.0' + codeql/java-all: '7.8.3' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/ext/qlpack.yml b/java/ext/qlpack.yml index 831bc5aa..4f31f5bb 100644 --- a/java/ext/qlpack.yml +++ b/java/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-extensions -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/java-all: '7.6.0' + codeql/java-all: '7.8.3' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/lib/codeql-pack.lock.yml b/java/lib/codeql-pack.lock.yml index 50b54733..9fd01008 100644 --- a/java/lib/codeql-pack.lock.yml +++ b/java/lib/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/java-all: - version: 7.6.0 + version: 7.8.3 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/java/lib/qlpack.yml b/java/lib/qlpack.yml index ecc5a790..722baed3 100644 --- a/java/lib/qlpack.yml +++ b/java/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-java-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/java-all: '7.6.0' + codeql/java-all: '7.8.3' diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index 50b54733..9fd01008 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/java-all: - version: 7.6.0 + version: 7.8.3 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index b93feb8c..fa87b7c1 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-java-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/java.qls dependencies: - codeql/java-all: '7.6.0' + codeql/java-all: '7.8.3' githubsecuritylab/codeql-java-libs: '*' diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index 50b54733..9fd01008 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/java-all: - version: 7.6.0 + version: 7.8.3 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/quantum: - version: 0.0.7 + version: 0.0.17 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typeflow: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/java/test/qlpack.yml b/java/test/qlpack.yml index 0b858190..c8f4d2f7 100644 --- a/java/test/qlpack.yml +++ b/java/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-java-tests groups: [java, test] dependencies: - codeql/java-all: '7.6.0' + codeql/java-all: '7.8.3' githubsecuritylab/codeql-java-queries: '*' githubsecuritylab/codeql-java-libs: '*' githubsecuritylab/codeql-java-library-sources: '*' diff --git a/javascript/lib/codeql-pack.lock.yml b/javascript/lib/codeql-pack.lock.yml index e2c921b1..2fc85485 100644 --- a/javascript/lib/codeql-pack.lock.yml +++ b/javascript/lib/codeql-pack.lock.yml @@ -2,27 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/javascript-all: - version: 2.6.9 + version: 2.6.19 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/javascript/lib/qlpack.yml b/javascript/lib/qlpack.yml index d5abb28c..8c14ddf0 100644 --- a/javascript/lib/qlpack.yml +++ b/javascript/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-javascript-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/javascript-all: '2.6.9' + codeql/javascript-all: '2.6.19' diff --git a/javascript/src/codeql-pack.lock.yml b/javascript/src/codeql-pack.lock.yml index e2c921b1..2fc85485 100644 --- a/javascript/src/codeql-pack.lock.yml +++ b/javascript/src/codeql-pack.lock.yml @@ -2,27 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/javascript-all: - version: 2.6.9 + version: 2.6.19 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/javascript/src/qlpack.yml b/javascript/src/qlpack.yml index 03e926c6..0bf1408e 100644 --- a/javascript/src/qlpack.yml +++ b/javascript/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-javascript-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/javascript.qls dependencies: - codeql/javascript-all: '2.6.9' + codeql/javascript-all: '2.6.19' githubsecuritylab/codeql-javascript-libs: '*' diff --git a/javascript/test/codeql-pack.lock.yml b/javascript/test/codeql-pack.lock.yml index e2c921b1..2fc85485 100644 --- a/javascript/test/codeql-pack.lock.yml +++ b/javascript/test/codeql-pack.lock.yml @@ -2,27 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/javascript-all: - version: 2.6.9 + version: 2.6.19 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/javascript/test/qlpack.yml b/javascript/test/qlpack.yml index bd57485e..8f2badf0 100644 --- a/javascript/test/qlpack.yml +++ b/javascript/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecuritylab/codeql-javascript-tests groups: [javascript, test] dependencies: - codeql/javascript-all: "2.6.9" + codeql/javascript-all: "2.6.19" githubsecuritylab/codeql-javascript-queries: "*" extractor: javascript diff --git a/python/ext/qlpack.yml b/python/ext/qlpack.yml index 57037ba0..8d8701e8 100644 --- a/python/ext/qlpack.yml +++ b/python/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-python-extensions -version: 0.3.0 +version: 0.4.0 extensionTargets: - codeql/python-all: '4.0.13' + codeql/python-all: '5.0.4' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/python/lib/codeql-pack.lock.yml b/python/lib/codeql-pack.lock.yml index 0359080a..f47fb087 100644 --- a/python/lib/codeql-pack.lock.yml +++ b/python/lib/codeql-pack.lock.yml @@ -2,27 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/python-all: - version: 4.0.13 + version: 5.0.4 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/python/lib/qlpack.yml b/python/lib/qlpack.yml index cbba8b06..9d942cdc 100644 --- a/python/lib/qlpack.yml +++ b/python/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-python-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/python-all: '4.0.13' + codeql/python-all: '5.0.4' diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml index 0359080a..f47fb087 100644 --- a/python/src/codeql-pack.lock.yml +++ b/python/src/codeql-pack.lock.yml @@ -2,27 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/python-all: - version: 4.0.13 + version: 5.0.4 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/python/src/qlpack.yml b/python/src/qlpack.yml index 321b959e..2c1289f4 100644 --- a/python/src/qlpack.yml +++ b/python/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-python-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/python.qls dependencies: - codeql/python-all: '4.0.13' + codeql/python-all: '5.0.4' githubsecuritylab/codeql-python-libs: '*' diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml index e5371739..eca1aeaf 100644 --- a/python/test/codeql-pack.lock.yml +++ b/python/test/codeql-pack.lock.yml @@ -2,31 +2,33 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 + codeql/controlflow: + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/python-all: - version: 4.0.13 + version: 5.0.4 codeql/python-queries: - version: 1.6.3 + version: 1.7.4 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/threat-models: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 codeql/xml: - version: 1.0.29 + version: 1.0.39 codeql/yaml: - version: 1.0.29 + version: 1.0.39 compiled: false diff --git a/python/test/qlpack.yml b/python/test/qlpack.yml index ce892d4f..663f8754 100644 --- a/python/test/qlpack.yml +++ b/python/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-python-tests groups: [python, test] dependencies: - codeql/python-all: '4.0.13' - codeql/python-queries: '1.6.3' + codeql/python-all: '5.0.4' + codeql/python-queries: '1.7.4' githubsecuritylab/codeql-python-queries: '*' githubsecuritylab/codeql-python-libs: '*' extractor: python diff --git a/ruby/lib/codeql-pack.lock.yml b/ruby/lib/codeql-pack.lock.yml index 35ee2805..f5619ce6 100644 --- a/ruby/lib/codeql-pack.lock.yml +++ b/ruby/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ruby-all: - version: 5.0.2 + version: 5.1.7 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/ruby/lib/qlpack.yml b/ruby/lib/qlpack.yml index 20408505..f51a22fa 100644 --- a/ruby/lib/qlpack.yml +++ b/ruby/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-ruby-libs -version: 0.3.0 +version: 0.4.0 dependencies: - codeql/ruby-all: '5.0.2' + codeql/ruby-all: '5.1.7' diff --git a/ruby/src/codeql-pack.lock.yml b/ruby/src/codeql-pack.lock.yml index 35ee2805..f5619ce6 100644 --- a/ruby/src/codeql-pack.lock.yml +++ b/ruby/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ruby-all: - version: 5.0.2 + version: 5.1.7 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/ruby/src/qlpack.yml b/ruby/src/qlpack.yml index 5b74c703..eae02d0c 100644 --- a/ruby/src/qlpack.yml +++ b/ruby/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-ruby-queries -version: 0.3.0 +version: 0.4.0 suites: suites defaultSuiteFile: suites/ruby.qls dependencies: - codeql/ruby-all: '5.0.2' + codeql/ruby-all: '5.1.7' githubsecuritylab/codeql-ruby-libs: '*' diff --git a/ruby/test/codeql-pack.lock.yml b/ruby/test/codeql-pack.lock.yml index 35256c5a..5922bcf9 100644 --- a/ruby/test/codeql-pack.lock.yml +++ b/ruby/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.3 + version: 0.0.13 codeql/controlflow: - version: 2.0.13 + version: 2.0.23 codeql/dataflow: - version: 2.0.13 + version: 2.0.23 codeql/mad: - version: 1.0.29 + version: 1.0.39 codeql/regex: - version: 1.0.29 + version: 1.0.39 codeql/ruby-all: - version: 5.0.2 + version: 5.1.7 codeql/ruby-queries: - version: 1.4.3 + version: 1.5.4 codeql/ssa: - version: 2.0.5 + version: 2.0.15 codeql/suite-helpers: - version: 1.0.29 + version: 1.0.39 codeql/tutorial: - version: 1.0.29 + version: 1.0.39 codeql/typetracking: - version: 2.0.13 + version: 2.0.23 codeql/util: - version: 2.0.16 + version: 2.0.26 compiled: false diff --git a/ruby/test/qlpack.yml b/ruby/test/qlpack.yml index 9c1d8b7d..17f227e9 100644 --- a/ruby/test/qlpack.yml +++ b/ruby/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-ruby-tests groups: [ruby, test] dependencies: - codeql/ruby-all: '5.0.2' - codeql/ruby-queries: '1.4.3' + codeql/ruby-all: '5.1.7' + codeql/ruby-queries: '1.5.4' githubsecuritylab/codeql-ruby-queries: '*' githubsecuritylab/codeql-ruby-libs: '*' extractor: ruby From 6a5ee1dd2b151fec10a6b5e627ae9b85e67cd2bf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 10 Jul 2026 23:45:12 +0000 Subject: [PATCH 2/2] Fix CodeQL 2.23.9 CI regressions Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- csharp/src/security/CWE-918/RequestForgery.qll | 8 ++++---- python/lib/ghsl/InsecurelyStoredPassword.qll | 3 ++- python/src/audit/CWE-502/XMLLocalFileAudit.ql | 2 +- ruby/src/security/CWE-770/UserControlledMaxIterations.ql | 3 +-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/csharp/src/security/CWE-918/RequestForgery.qll b/csharp/src/security/CWE-918/RequestForgery.qll index 6d06ca5f..abb7d353 100644 --- a/csharp/src/security/CWE-918/RequestForgery.qll +++ b/csharp/src/security/CWE-918/RequestForgery.qll @@ -131,14 +131,14 @@ module RequestForgery { * to be a guard for Server Side Request Forgery(SSRF) Vulnerabilities. * This guard considers all checks as valid. */ - private predicate baseUriGuard(Guard g, Expr e, AbstractValue v) { + private predicate baseUriGuard(Guard g, Expr e, GuardValue v) { g.(MethodCall).getTarget().hasFullyQualifiedName("System", "Uri", "IsBaseOf") and // we consider any checks against the tainted value to sainitize the taint. // This implies any check such as shown below block the taint flow. // Uri url = new Uri("whitelist.com") // if (url.isBaseOf(`taint1)) (e = g.(MethodCall).getArgument(0) or e = g.(MethodCall).getQualifier()) and - v.(AbstractValues::BooleanValue).getValue() = true + v.asBooleanValue() = true } private class BaseUriBarrier extends Barrier { @@ -150,14 +150,14 @@ module RequestForgery { * to be a guard for Server Side Request Forgery(SSRF) Vulnerabilities. * This guard considers all checks as valid. */ - private predicate stringStartsWithGuard(Guard g, Expr e, AbstractValue v) { + private predicate stringStartsWithGuard(Guard g, Expr e, GuardValue v) { g.(MethodCall).getTarget().hasFullyQualifiedName("System", "String", "StartsWith") and // Any check such as the ones shown below // "https://myurl.com/".startsWith(`taint`) // `taint`.startsWith("https://myurl.com/") // are assumed to sainitize the taint (e = g.(MethodCall).getQualifier() or g.(MethodCall).getArgument(0) = e) and - v.(AbstractValues::BooleanValue).getValue() = true + v.asBooleanValue() = true } private class StringStartsWithBarrier extends Barrier { diff --git a/python/lib/ghsl/InsecurelyStoredPassword.qll b/python/lib/ghsl/InsecurelyStoredPassword.qll index c89f3ccb..44cd23b8 100644 --- a/python/lib/ghsl/InsecurelyStoredPassword.qll +++ b/python/lib/ghsl/InsecurelyStoredPassword.qll @@ -3,6 +3,7 @@ private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.TaintTracking private import semmle.python.ApiGraphs private import semmle.python.dataflow.new.RemoteFlowSources +private import LegacyPointsTo private import semmle.python.pointsto.CallGraph class User extends ClassDef { @@ -16,7 +17,7 @@ class User extends ClassDef { this.getDefinedClass() = class_ and class_.getName() = name and class_.getABase() = base and - base.pointsTo(ref) and + base.getAFlowNode().(ControlFlowNodeWithPointsTo).pointsTo(ref) and ( ref.getName() = "UserMixin" and password_variable = "password" diff --git a/python/src/audit/CWE-502/XMLLocalFileAudit.ql b/python/src/audit/CWE-502/XMLLocalFileAudit.ql index ee74d59a..068c089c 100644 --- a/python/src/audit/CWE-502/XMLLocalFileAudit.ql +++ b/python/src/audit/CWE-502/XMLLocalFileAudit.ql @@ -25,4 +25,4 @@ where sink = call ) select sink, "Unsafe parsing of XML from fixed file name $@.", source, - source.asExpr().(StringLiteral).getLiteralValue().toString() + source.asExpr().(StringLiteral).getText() diff --git a/ruby/src/security/CWE-770/UserControlledMaxIterations.ql b/ruby/src/security/CWE-770/UserControlledMaxIterations.ql index 4a4ebae1..0557005e 100644 --- a/ruby/src/security/CWE-770/UserControlledMaxIterations.ql +++ b/ruby/src/security/CWE-770/UserControlledMaxIterations.ql @@ -18,7 +18,6 @@ import codeql.ruby.dataflow.RemoteFlowSources import codeql.ruby.dataflow.BarrierGuards import codeql.ruby.AST import codeql.ruby.controlflow.CfgNodes as CfgNodes -import codeql.ruby.CFG import codeql.ruby.dataflow.internal.DataFlowPublic import codeql.ruby.InclusionTests @@ -31,7 +30,7 @@ import codeql.ruby.InclusionTests * 3. A comparison operation node with a greater than or greater than or equal operator and the branch is false * 4. A comparison operation node with a less than or less than or equal operator and the branch is false */ -predicate underAValue(CfgNodes::AstCfgNode g, CfgNode node, boolean branch) { +predicate underAValue(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { exists(CfgNodes::ExprNodes::ComparisonOperationCfgNode cn | cn = g | exists(string op | (