github · oscarsj · Mar 16, 2026 · Mar 16, 2026
@@ -1,3 +1,7 @@
+## 0.4.30
+
+No user-facing changes.
+
 ## 0.4.29
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.30
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.29
+lastReleaseVersion: 0.4.30
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.30-dev
+version: 0.4.30
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.22
+
+No user-facing changes.
+
 ## 0.6.21
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.6.22
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.21
+lastReleaseVersion: 0.6.22
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.22-dev
+version: 0.6.22
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,9 @@
+## 8.0.1
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+
 ## 8.0.0
 
 ### Breaking Changes

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 8.0.1
+
+### Minor Analysis Improvements
+
 * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 8.0.0
+lastReleaseVersion: 8.0.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 8.0.1-dev
+version: 8.0.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,7 @@
+## 1.5.13
+
+No user-facing changes.
+
 ## 1.5.12
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.5.13
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.12
+lastReleaseVersion: 1.5.13
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.13-dev
+version: 1.5.13
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.61
+
+No user-facing changes.
+
 ## 1.7.60
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.61
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.60
+lastReleaseVersion: 1.7.61
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.61-dev
+version: 1.7.61
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.61
+
+No user-facing changes.
+
 ## 1.7.60
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.61
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.60
+lastReleaseVersion: 1.7.61
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.61-dev
+version: 1.7.61
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,13 @@
+## 5.4.9
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source.
+* Added reverse taint flow from implicit conversion operator calls to their arguments.
+* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments.
+* C# 14: Added support for partial constructors.
+
 ## 5.4.8
 
 ### Minor Analysis Improvements

@@ -0,0 +1,9 @@
+## 5.4.9
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source.
+* Added reverse taint flow from implicit conversion operator calls to their arguments.
+* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments.
+* C# 14: Added support for partial constructors.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.8
+lastReleaseVersion: 5.4.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.4.9-dev
+version: 5.4.9
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,7 @@
+## 1.6.4
+
+No user-facing changes.
+
 ## 1.6.3
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.6.4
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.3
+lastReleaseVersion: 1.6.4
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.6.4-dev
+version: 1.6.4
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.44
+
+No user-facing changes.
+
 ## 1.0.43
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.44
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.43
+lastReleaseVersion: 1.0.44
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.44-dev
+version: 1.0.44
 groups:
   - go
   - queries

@@ -1,3 +1,9 @@
+## 7.0.2
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+
 ## 7.0.1
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 7.0.2
+
+### Minor Analysis Improvements
+
 * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.0.1
+lastReleaseVersion: 7.0.2
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.0.2-dev
+version: 7.0.2
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,7 @@
+## 1.5.8
+
+No user-facing changes.
+
 ## 1.5.7
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.5.8
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.7
+lastReleaseVersion: 1.5.8
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.5.8-dev
+version: 1.5.8
 groups:
   - go
   - queries

@@ -1,3 +1,26 @@
+## 9.0.0
+
+### Breaking Changes
+
+* The Java control flow graph (CFG) implementation has been completely
+  rewritten. The CFG now includes additional nodes to more accurately represent
+  certain constructs. This also means that any existing code that implicitly
+  relies on very specific details about the CFG may need to be updated.
+  The CFG now only includes the nodes that are reachable from the entry point.
+  Additionally, the following breaking changes have been made:
+  - `ControlFlowNode.asCall` has been removed - use `Call.getControlFlowNode` instead.
+  - `ControlFlowNode.getEnclosingStmt` has been removed.
+  - `ControlFlow::ExprNode` has been removed.
+  - `ControlFlow::StmtNode` has been removed.
+  - `ControlFlow::Node` has been removed - this was merely an alias of
+    `ControlFlowNode`, which is still available.
+  - Previously deprecated predicates on `BasicBlock` have been removed.
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment.
+
 ## 8.1.1
 
 ### Minor Analysis Improvements

@@ -1,6 +1,7 @@
----
-category: breaking
----
+## 9.0.0
+
+### Breaking Changes
+
 * The Java control flow graph (CFG) implementation has been completely
   rewritten. The CFG now includes additional nodes to more accurately represent
   certain constructs. This also means that any existing code that implicitly
@@ -14,3 +15,8 @@ category: breaking
   - `ControlFlow::Node` has been removed - this was merely an alias of
     `ControlFlowNode`, which is still available.
   - Previously deprecated predicates on `BasicBlock` have been removed.
+
+### Minor Analysis Improvements
+
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 8.1.1
+lastReleaseVersion: 9.0.0
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 8.1.2-dev
+version: 9.0.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,7 @@
+## 1.10.9
+
+No user-facing changes.
+
 ## 1.10.8
 
 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 1.10.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.8
+lastReleaseVersion: 1.10.9
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.9-dev
+version: 1.10.9
 groups:
   - java
   - queries

@@ -1,3 +1,10 @@
+## 2.6.24
+
+### Minor Analysis Improvements
+
+* Added support for browser-specific source kinds (`browser`, `browser-url-query`, `browser-url-fragment`, `browser-url-path`, `browser-url`, `browser-window-name`, `browser-message-event`) that can be used in data extensions to model sources in browser environments.
+* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol.
+
 ## 2.6.23
 
 ### Minor Analysis Improvements