Skip to content

Sync Main (autogenerated)#337

Merged
dilanbhalla merged 67 commits intomainfrom
auto/sync-main-pr
Mar 24, 2026
Merged

Sync Main (autogenerated)#337
dilanbhalla merged 67 commits intomainfrom
auto/sync-main-pr

Conversation

@dilanbhalla
Copy link
Copy Markdown
Collaborator

@dilanbhalla dilanbhalla commented Mar 20, 2026

This PR syncs the latest changes from codeql-cli/latest into main.

hvitved and others added 30 commits March 6, 2026 15:33
@hvitved
Rust: Small refactor in TypeMention.qll
4dca9aa
@igfoo
Revert "Bump rules_android from 0.6.4 to 0.7.1"
25a20f7 
This reverts commit c734974.

It was making the build fail
@igfoo
Merge pull request github#21451 from igfoo/igfoo/fix-build
68dfa5c 
Revert "Bump rules_android from 0.6.4 to 0.7.1"
@asgerf
JS: Add browser source kinds
1253553
@asgerf
JS: Add tests in request forgery queries
4a001f9
@hvitved
Merge pull request github#21422 from hvitved/rust/type-mention-refactor
c06d4d2 
Rust: Small refactor in `TypeMention.qll`
@IdrissRio
C/C++ overlay: switch to updated discard strategy
72142b5
@IdrissRio
C/C++ overlay: fix failing header_dependency test
ef6c1a9
@IdrissRio
C/C++ overlay: address review comment
a92d977
@IdrissRio
Apply suggestions from code review
48a03e2 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@igfoo
Merge pull request github#21424 from github/idrissrio/cpp/overlay/dis…
bbd02b8 
…card

C/C++ overlay: update discard mechanism
@mario-campos
Correct comment about AES crypto algorithm strength
6fb1055
@asgerf
JS: Add change note
5db30c9
@mario-campos
Empty commit for missed Green Check
b9b3b3a
@mario-campos
Merge pull request github#21454 from github/mario-campos-patch-1
f2e7dca 
Correct comment about AES crypto algorithm strength
@asgerf
JavaScript extractor: recognise bun and tsx in shebang lines
84d1828 
Update the shebang regexp (renamed NODE_INVOCATION -> JS_INVOCATION) to
also match 'bun' and 'tsx' so that scripts using these runtimes are
correctly identified as JavaScript files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@asgerf
Add QL test for bun/tsx shebang recognition in TypeScript files
b8c44be 
Add test files with #!/usr/bin/env bun, #!/usr/bin/env tsx, and
#!/usr/bin/env node shebangs. The query lists extracted .ts files,
verifying that all three shebangs are recognized and the files are
not skipped by the extractor.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@owen-mc
Expand isTypeExprTopDown
22e012c 
We should be using all subtypes of `FieldBase`. This allows us to find
more type expressions, and is also simpler to evaluate.
@owen-mc
Improve QLDoc for isTypeExprTopDown
39e0382
@owen-mc
Use "database" instead of "snapshot" in QLDocs
a16c438
@owen-mc
Add and use exprRefersToNil predicate
c271755
@jketema
Swift: Disable stack protector pass
ee3674c
@jketema
Swift: Fix formatting
b9c0aca
@owen-mc
Merge pull request github#21466 from owen-mc/go/add-nil-helper-predicate
0bb6ff5 
Go: Add and use `exprRefersToNil` predicate
@jketema
Swift: Limit successfully extracted lines
12e0f3f
@owen-mc
Merge pull request github#21465 from owen-mc/go/small-tweaks
d7d1554 
Go: improve detection of type expressions when database is missing some type information
@jketema
Swift: Rename function
ba3fadb
@jketema
Merge pull request github#21468 from jketema/jketema/swift-lines
b758732 
Swift: Limit successfully extracted lines
@jketema
Merge pull request github#21467 from jketema/jketema/swift-linux
d5f667e 
Swift: Disable stack protector pass
@dependabot
Bump the extractor-dependencies group across 1 directory with 2 updates
c9e0927 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](golang/mod@v0.33.0...v0.34.0)

Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
owen-mc and others added 20 commits March 13, 2026 16:46
@owen-mc
Merge pull request github#21370 from github/owen-mc/go/overlay-annota…
d52e9bc 
…tions

Go: Add overlay annotations from script
@jketema
Swift: Ignore some DB-CHECK results on Linux
f9f1d9e
@aschackmull
C#: Remove splitting-awareness for taint steps.
a5c8a5b
@aschackmull
C#: Remove splitting-awareness for read steps.
2160910
@aschackmull
C#: Remove splitting-awareness for store steps.
bce0a4d
@aschackmull
C#: Remove splitting-awareness in lambda flow.
1e8de05
@aschackmull
C#: Remove splitting-awareness in argumentOf.
659d8e7
@aschackmull
C#: Remove splitting-awareness in ObjectInitializerNode.
c076992
@aschackmull
C#: Remove splitting-awareness for source-to-def steps.
7124cd4
@aschackmull
C#: Remove splitting-awareness for local expression steps.
4c77e0f
@aschackmull
C#: Clean up.
e7edf15
@aschackmull
C#: Accept a few irrelevant taint steps.
db0a3e3
@asgerf
Merge pull request github#21368 from asgerf/browser-sources
22f16dd 
JS: Add 'browser' source kinds
@aschackmull
Merge pull request github#21473 from aschackmull/csharp/dataflow-no-s…
427ccee 
…plit

C#: Remove splitting-awareness from data flow.
@aschackmull
C#: Remove splitting-awareness from Range Analysis.
a929c0b
@jketema
Merge pull request github#21474 from jketema/jketema/swift-linux-2
179a4cd 
Swift: Ignore some DB-CHECK results on Linux
@aschackmull
Merge pull request github#21482 from aschackmull/csharp/rangeanalysis…
c24b43d 
…-no-split

C#: Remove splitting-awareness from Range Analysis.
Release preparation for version 2.25.0
d605575
@oscarsj
Merge pull request github#21483 from github/release-prep/2.25.0
72534e8 
Release preparation for version 2.25.0
@chanel-y
Merge codeql-cli/latest into auto/sync-main-pr
769aacc
Dilan Bhalla and others added 4 commits March 24, 2026 12:50
Restore codeql/dataflowstack dependency in Java and C# qlpacks
c830ac7 
The upstream 2.25.0 release merge dropped codeql/dataflowstack from
codeql/java-all and codeql/csharp-all dependencies. This breaks
TaintTrackingStack.qll and DataFlowStack.qll which import from that pack.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Restore cpp dbscheme overlay types from v2.25.0 release
58c515b 
The merge of codeql-cli/latest (769aacc) brought the updated
Overlay.qll that references @trap_or_tag, @source_file, source_file_name,
trap_uses_tag, and in_trap_or_tag, but kept the reverted dbscheme that
does not define them. This restores the dbscheme to match the v2.25.0
release so it is consistent with Overlay.qll.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
fix expr.qll and dbscheme merge issue
ed72ad5
Revert "Revert upstream commits synced past codeql-cli/v2.24.3"
ba3f298 
This reverts commit fca47c2.
@dilanbhalla dilanbhalla enabled auto-merge March 24, 2026 23:39
@dilanbhalla dilanbhalla merged commit 4f8cfb3 into main Mar 24, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LWSimpkins LWSimpkins LWSimpkins approved these changes

@MathiasVP MathiasVP Awaiting requested review from MathiasVP

@ropwareJB ropwareJB Awaiting requested review from ropwareJB

Assignees

No one assigned

Labels

autogenerated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.