From 8571e37b578ea58ce0d7e7c79fa3e39a3fb214ef Mon Sep 17 00:00:00 2001 From: data-douser <70299490+data-douser@users.noreply.github.com> Date: Wed, 4 Mar 2026 01:15:24 +0000 Subject: [PATCH 1/4] Upgrade CodeQL CLI dependency to v2.24.2 --- javascript/frameworks/cap/ext/qlpack.yml | 2 +- .../frameworks/cap/lib/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/cap/lib/qlpack.yml | 2 +- .../frameworks/cap/src/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/cap/src/qlpack.yml | 4 +-- .../frameworks/cap/test/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/cap/test/qlpack.yml | 8 ++--- .../test/codeql-pack.lock.yml | 26 +++++++-------- .../ui5-webcomponents/test/qlpack.yml | 4 +-- javascript/frameworks/ui5/ext/qlpack.yml | 2 +- .../frameworks/ui5/lib/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/ui5/lib/qlpack.yml | 2 +- .../frameworks/ui5/src/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/ui5/src/qlpack.yml | 4 +-- .../frameworks/ui5/test/codeql-pack.lock.yml | 32 +++++++++---------- javascript/frameworks/ui5/test/qlpack.yml | 8 ++--- javascript/frameworks/xsjs/ext/qlpack.yml | 2 +- .../frameworks/xsjs/lib/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/xsjs/lib/qlpack.yml | 2 +- .../frameworks/xsjs/src/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/xsjs/src/qlpack.yml | 4 +-- .../frameworks/xsjs/test/codeql-pack.lock.yml | 26 +++++++-------- javascript/frameworks/xsjs/test/qlpack.yml | 8 ++--- javascript/heuristic-models/ext/qlpack.yml | 2 +- .../tests/codeql-pack.lock.yml | 26 +++++++-------- javascript/heuristic-models/tests/qlpack.yml | 2 +- qlt.conf.json | 6 ++-- 27 files changed, 177 insertions(+), 177 deletions(-) diff --git a/javascript/frameworks/cap/ext/qlpack.yml b/javascript/frameworks/cap/ext/qlpack.yml index 9aa930dfd..fc9dc5568 100644 --- a/javascript/frameworks/cap/ext/qlpack.yml +++ b/javascript/frameworks/cap/ext/qlpack.yml @@ -1,6 +1,6 @@ --- library: true name: advanced-security/javascript-sap-cap-models -version: 2.3.0 +version: 2.24.2 extensionTargets: codeql/javascript-all: "^2.4.0" diff --git a/javascript/frameworks/cap/lib/codeql-pack.lock.yml b/javascript/frameworks/cap/lib/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/cap/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/cap/lib/qlpack.yml b/javascript/frameworks/cap/lib/qlpack.yml index 06b56a070..1d16859f2 100644 --- a/javascript/frameworks/cap/lib/qlpack.yml +++ b/javascript/frameworks/cap/lib/qlpack.yml @@ -1,7 +1,7 @@ --- library: true name: advanced-security/javascript-sap-cap-all -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: diff --git a/javascript/frameworks/cap/src/codeql-pack.lock.yml b/javascript/frameworks/cap/src/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/cap/src/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/cap/src/qlpack.yml b/javascript/frameworks/cap/src/qlpack.yml index 9d4439e11..833f1b5d6 100644 --- a/javascript/frameworks/cap/src/qlpack.yml +++ b/javascript/frameworks/cap/src/qlpack.yml @@ -1,10 +1,10 @@ --- library: false name: advanced-security/javascript-sap-cap-queries -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-cap-all: "^2.3.0" + advanced-security/javascript-sap-cap-all: "^2.24.2" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/cap/test/codeql-pack.lock.yml b/javascript/frameworks/cap/test/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/cap/test/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/test/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/cap/test/qlpack.yml b/javascript/frameworks/cap/test/qlpack.yml index 92d9a60fe..622f885ed 100644 --- a/javascript/frameworks/cap/test/qlpack.yml +++ b/javascript/frameworks/cap/test/qlpack.yml @@ -1,9 +1,9 @@ --- name: advanced-security/javascript-sap-cap-queries-tests -version: 2.3.0 +version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-cap-queries: "^2.3.0" - advanced-security/javascript-sap-cap-models: "^2.3.0" - advanced-security/javascript-sap-cap-all: "^2.3.0" + advanced-security/javascript-sap-cap-queries: "^2.24.2" + advanced-security/javascript-sap-cap-models: "^2.24.2" + advanced-security/javascript-sap-cap-all: "^2.24.2" diff --git a/javascript/frameworks/ui5-webcomponents/test/codeql-pack.lock.yml b/javascript/frameworks/ui5-webcomponents/test/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/ui5-webcomponents/test/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5-webcomponents/test/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml index 0288ba949..d8652fba2 100644 --- a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml +++ b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml @@ -1,6 +1,6 @@ name: advanced-security/javascript-sap-ui5-webcomponents-for-react-test -version: 2.3.0 +version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-ui5-all: "^2.3.0" + advanced-security/javascript-sap-ui5-all: "^2.24.2" diff --git a/javascript/frameworks/ui5/ext/qlpack.yml b/javascript/frameworks/ui5/ext/qlpack.yml index 9e58e6605..b1c491df7 100644 --- a/javascript/frameworks/ui5/ext/qlpack.yml +++ b/javascript/frameworks/ui5/ext/qlpack.yml @@ -1,7 +1,7 @@ --- library: true name: advanced-security/javascript-sap-ui5-models -version: 2.3.0 +version: 2.24.2 extensionTargets: codeql/javascript-all: "^2.4.0" dataExtensions: diff --git a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml b/javascript/frameworks/ui5/lib/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/ui5/lib/qlpack.yml b/javascript/frameworks/ui5/lib/qlpack.yml index e596840d2..07ee632e2 100644 --- a/javascript/frameworks/ui5/lib/qlpack.yml +++ b/javascript/frameworks/ui5/lib/qlpack.yml @@ -1,7 +1,7 @@ --- library: true name: advanced-security/javascript-sap-ui5-all -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: diff --git a/javascript/frameworks/ui5/src/codeql-pack.lock.yml b/javascript/frameworks/ui5/src/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/ui5/src/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/ui5/src/qlpack.yml b/javascript/frameworks/ui5/src/qlpack.yml index 89f008024..73db6ca2f 100644 --- a/javascript/frameworks/ui5/src/qlpack.yml +++ b/javascript/frameworks/ui5/src/qlpack.yml @@ -1,10 +1,10 @@ --- library: false name: advanced-security/javascript-sap-ui5-queries -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-ui5-all: "^2.3.0" + advanced-security/javascript-sap-ui5-all: "^2.24.2" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/ui5/test/codeql-pack.lock.yml b/javascript/frameworks/ui5/test/codeql-pack.lock.yml index e539eecc2..9e87e4580 100644 --- a/javascript/frameworks/ui5/test/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/test/codeql-pack.lock.yml @@ -2,35 +2,35 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/javascript-queries: - version: 2.3.1 + version: 2.3.2 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/suite-helpers: - version: 1.0.41 + version: 1.0.42 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/typos: - version: 1.0.41 + version: 1.0.42 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index cdf7b5a4a..3a4ed44b6 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -1,5 +1,5 @@ name: advanced-security/javascript-sap-ui5-queries-tests -version: 2.3.0 +version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" @@ -7,6 +7,6 @@ dependencies: # no overlap occurs with the SAP UI5 queries. We therefore allow any version # greater than or equal to 1.2.0, as major breaking changes are not a concern. codeql/javascript-queries: ">1.2.0" - advanced-security/javascript-sap-ui5-queries: "^2.3.0" - advanced-security/javascript-sap-ui5-models: "^2.3.0" - advanced-security/javascript-sap-ui5-all: "^2.3.0" + advanced-security/javascript-sap-ui5-queries: "^2.24.2" + advanced-security/javascript-sap-ui5-models: "^2.24.2" + advanced-security/javascript-sap-ui5-all: "^2.24.2" diff --git a/javascript/frameworks/xsjs/ext/qlpack.yml b/javascript/frameworks/xsjs/ext/qlpack.yml index dc1690560..13a02ccf1 100644 --- a/javascript/frameworks/xsjs/ext/qlpack.yml +++ b/javascript/frameworks/xsjs/ext/qlpack.yml @@ -1,7 +1,7 @@ --- library: true name: advanced-security/javascript-sap-xsjs-models -version: 2.3.0 +version: 2.24.2 extensionTargets: codeql/javascript-all: "^2.4.0" dataExtensions: diff --git a/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml b/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/xsjs/lib/qlpack.yml b/javascript/frameworks/xsjs/lib/qlpack.yml index 2e56a7f83..8f85af2bd 100644 --- a/javascript/frameworks/xsjs/lib/qlpack.yml +++ b/javascript/frameworks/xsjs/lib/qlpack.yml @@ -1,7 +1,7 @@ --- library: true name: advanced-security/javascript-sap-xsjs-all -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: diff --git a/javascript/frameworks/xsjs/src/codeql-pack.lock.yml b/javascript/frameworks/xsjs/src/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/xsjs/src/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/xsjs/src/qlpack.yml b/javascript/frameworks/xsjs/src/qlpack.yml index 81316e2a7..2a22a4971 100644 --- a/javascript/frameworks/xsjs/src/qlpack.yml +++ b/javascript/frameworks/xsjs/src/qlpack.yml @@ -1,10 +1,10 @@ --- library: false name: advanced-security/javascript-sap-xsjs-queries -version: 2.3.0 +version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-xsjs-all: "^2.3.0" + advanced-security/javascript-sap-xsjs-all: "^2.24.2" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/xsjs/test/codeql-pack.lock.yml b/javascript/frameworks/xsjs/test/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/frameworks/xsjs/test/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/test/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/frameworks/xsjs/test/qlpack.yml b/javascript/frameworks/xsjs/test/qlpack.yml index 2b7017e6f..6b5ea113b 100644 --- a/javascript/frameworks/xsjs/test/qlpack.yml +++ b/javascript/frameworks/xsjs/test/qlpack.yml @@ -1,9 +1,9 @@ --- name: advanced-security/javascript-sap-xsjs-tests -version: 2.3.0 +version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-xsjs-queries: "^2.3.0" - advanced-security/javascript-sap-xsjs-all: "^2.3.0" - advanced-security/javascript-sap-xsjs-models: "^2.3.0" + advanced-security/javascript-sap-xsjs-queries: "^2.24.2" + advanced-security/javascript-sap-xsjs-all: "^2.24.2" + advanced-security/javascript-sap-xsjs-models: "^2.24.2" diff --git a/javascript/heuristic-models/ext/qlpack.yml b/javascript/heuristic-models/ext/qlpack.yml index 97dc74859..5088db5cd 100644 --- a/javascript/heuristic-models/ext/qlpack.yml +++ b/javascript/heuristic-models/ext/qlpack.yml @@ -2,7 +2,7 @@ library: true warnOnImplicitThis: false name: advanced-security/javascript-heuristic-models -version: 2.3.0 +version: 2.24.2 extensionTargets: codeql/javascript-all: "*" dataExtensions: diff --git a/javascript/heuristic-models/tests/codeql-pack.lock.yml b/javascript/heuristic-models/tests/codeql-pack.lock.yml index 6869bc0cd..f3bb41d1c 100644 --- a/javascript/heuristic-models/tests/codeql-pack.lock.yml +++ b/javascript/heuristic-models/tests/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.15 + version: 0.0.16 codeql/controlflow: - version: 2.0.25 + version: 2.0.26 codeql/dataflow: - version: 2.0.25 + version: 2.0.26 codeql/javascript-all: - version: 2.6.21 + version: 2.6.22 codeql/mad: - version: 1.0.41 + version: 1.0.42 codeql/regex: - version: 1.0.41 + version: 1.0.42 codeql/ssa: - version: 2.0.17 + version: 2.0.18 codeql/threat-models: - version: 1.0.41 + version: 1.0.42 codeql/tutorial: - version: 1.0.41 + version: 1.0.42 codeql/typetracking: - version: 2.0.25 + version: 2.0.26 codeql/util: - version: 2.0.28 + version: 2.0.29 codeql/xml: - version: 1.0.41 + version: 1.0.42 codeql/yaml: - version: 1.0.41 + version: 1.0.42 compiled: false diff --git a/javascript/heuristic-models/tests/qlpack.yml b/javascript/heuristic-models/tests/qlpack.yml index 768b923ae..4808d7848 100644 --- a/javascript/heuristic-models/tests/qlpack.yml +++ b/javascript/heuristic-models/tests/qlpack.yml @@ -1,7 +1,7 @@ library: false warnOnImplicitThis: false name: advanced-security/javascript-heuristic-models-tests -version: 2.3.0 +version: 2.24.2 extractor: javascript dependencies: "codeql/javascript-all": "*" diff --git a/qlt.conf.json b/qlt.conf.json index d595e2c4e..fb60b31cd 100644 --- a/qlt.conf.json +++ b/qlt.conf.json @@ -1,5 +1,5 @@ { - "CodeQLCLI": "2.24.1", - "CodeQLStandardLibrary": "codeql-cli/v2.24.1", - "CodeQLCLIBundle": "codeql-bundle-v2.24.1" + "CodeQLCLI": "2.24.2", + "CodeQLStandardLibrary": "codeql-cli/v2.24.2", + "CodeQLCLIBundle": "codeql-bundle-v2.24.2" } From f16e15286d4ac8d8d4b587d7b9c783982261166f Mon Sep 17 00:00:00 2001 From: Nathan Randall Date: Tue, 3 Mar 2026 22:05:57 -0700 Subject: [PATCH 2/4] Use workspace references for workspace-local qlpacks --- javascript/frameworks/cap/src/qlpack.yml | 2 +- javascript/frameworks/cap/test/qlpack.yml | 6 +++--- javascript/frameworks/ui5-webcomponents/test/qlpack.yml | 2 +- javascript/frameworks/ui5/src/qlpack.yml | 2 +- javascript/frameworks/ui5/test/qlpack.yml | 6 +++--- javascript/frameworks/xsjs/src/qlpack.yml | 2 +- javascript/frameworks/xsjs/test/qlpack.yml | 6 +++--- javascript/heuristic-models/ext/qlpack.yml | 2 +- javascript/heuristic-models/tests/qlpack.yml | 4 ++-- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/javascript/frameworks/cap/src/qlpack.yml b/javascript/frameworks/cap/src/qlpack.yml index 833f1b5d6..b3225a106 100644 --- a/javascript/frameworks/cap/src/qlpack.yml +++ b/javascript/frameworks/cap/src/qlpack.yml @@ -6,5 +6,5 @@ suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-cap-all: "^2.24.2" + advanced-security/javascript-sap-cap-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/cap/test/qlpack.yml b/javascript/frameworks/cap/test/qlpack.yml index 622f885ed..630c2dd93 100644 --- a/javascript/frameworks/cap/test/qlpack.yml +++ b/javascript/frameworks/cap/test/qlpack.yml @@ -4,6 +4,6 @@ version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-cap-queries: "^2.24.2" - advanced-security/javascript-sap-cap-models: "^2.24.2" - advanced-security/javascript-sap-cap-all: "^2.24.2" + advanced-security/javascript-sap-cap-queries: "${workspace}" + advanced-security/javascript-sap-cap-models: "${workspace}" + advanced-security/javascript-sap-cap-all: "${workspace}" diff --git a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml index d8652fba2..cdc4c1820 100644 --- a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml +++ b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml @@ -3,4 +3,4 @@ version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-ui5-all: "^2.24.2" + advanced-security/javascript-sap-ui5-all: "${workspace}" diff --git a/javascript/frameworks/ui5/src/qlpack.yml b/javascript/frameworks/ui5/src/qlpack.yml index 73db6ca2f..4cc9a26a0 100644 --- a/javascript/frameworks/ui5/src/qlpack.yml +++ b/javascript/frameworks/ui5/src/qlpack.yml @@ -6,5 +6,5 @@ suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-ui5-all: "^2.24.2" + advanced-security/javascript-sap-ui5-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index 3a4ed44b6..f012b3d76 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -7,6 +7,6 @@ dependencies: # no overlap occurs with the SAP UI5 queries. We therefore allow any version # greater than or equal to 1.2.0, as major breaking changes are not a concern. codeql/javascript-queries: ">1.2.0" - advanced-security/javascript-sap-ui5-queries: "^2.24.2" - advanced-security/javascript-sap-ui5-models: "^2.24.2" - advanced-security/javascript-sap-ui5-all: "^2.24.2" + advanced-security/javascript-sap-ui5-queries: "${workspace}" + advanced-security/javascript-sap-ui5-models: "${workspace}" + advanced-security/javascript-sap-ui5-all: "${workspace}" diff --git a/javascript/frameworks/xsjs/src/qlpack.yml b/javascript/frameworks/xsjs/src/qlpack.yml index 2a22a4971..76b8312f7 100644 --- a/javascript/frameworks/xsjs/src/qlpack.yml +++ b/javascript/frameworks/xsjs/src/qlpack.yml @@ -6,5 +6,5 @@ suites: codeql-suites extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-xsjs-all: "^2.24.2" + advanced-security/javascript-sap-xsjs-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/xsjs/test/qlpack.yml b/javascript/frameworks/xsjs/test/qlpack.yml index 6b5ea113b..d1813f994 100644 --- a/javascript/frameworks/xsjs/test/qlpack.yml +++ b/javascript/frameworks/xsjs/test/qlpack.yml @@ -4,6 +4,6 @@ version: 2.24.2 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - advanced-security/javascript-sap-xsjs-queries: "^2.24.2" - advanced-security/javascript-sap-xsjs-all: "^2.24.2" - advanced-security/javascript-sap-xsjs-models: "^2.24.2" + advanced-security/javascript-sap-xsjs-queries: "${workspace}" + advanced-security/javascript-sap-xsjs-all: "${workspace}" + advanced-security/javascript-sap-xsjs-models: "${workspace}" diff --git a/javascript/heuristic-models/ext/qlpack.yml b/javascript/heuristic-models/ext/qlpack.yml index 5088db5cd..9707945bf 100644 --- a/javascript/heuristic-models/ext/qlpack.yml +++ b/javascript/heuristic-models/ext/qlpack.yml @@ -4,6 +4,6 @@ warnOnImplicitThis: false name: advanced-security/javascript-heuristic-models version: 2.24.2 extensionTargets: - codeql/javascript-all: "*" + codeql/javascript-all: "^2.4.0" dataExtensions: - "*.model.yml" diff --git a/javascript/heuristic-models/tests/qlpack.yml b/javascript/heuristic-models/tests/qlpack.yml index 4808d7848..4913e02a3 100644 --- a/javascript/heuristic-models/tests/qlpack.yml +++ b/javascript/heuristic-models/tests/qlpack.yml @@ -4,5 +4,5 @@ name: advanced-security/javascript-heuristic-models-tests version: 2.24.2 extractor: javascript dependencies: - "codeql/javascript-all": "*" - "advanced-security/javascript-heuristic-models": 2.3.0 + "codeql/javascript-all": "^2.4.0" + "advanced-security/javascript-heuristic-models": "${workspace}" From 8b33cab2d9b2c4bb6d32f3c573546e9e5df1ada2 Mon Sep 17 00:00:00 2001 From: Nathan Randall Date: Tue, 3 Mar 2026 22:19:52 -0700 Subject: [PATCH 3/4] Update required codeql/javascript-all version in packs Updates the required minimum version of "codeql/javascript-all" pack dependency to improve consistency across qlpack definitions while better reflecting the actual version of the dependency that actually gets installed for the current CodeQL CLI version. --- javascript/frameworks/cap/ext/qlpack.yml | 2 +- javascript/frameworks/cap/lib/qlpack.yml | 2 +- javascript/frameworks/cap/src/qlpack.yml | 2 +- javascript/frameworks/cap/test/qlpack.yml | 2 +- javascript/frameworks/ui5-webcomponents/test/qlpack.yml | 2 +- javascript/frameworks/ui5/ext/qlpack.yml | 2 +- javascript/frameworks/ui5/lib/qlpack.yml | 2 +- javascript/frameworks/ui5/src/qlpack.yml | 2 +- javascript/frameworks/ui5/test/qlpack.yml | 2 +- javascript/frameworks/xsjs/ext/qlpack.yml | 2 +- javascript/frameworks/xsjs/lib/qlpack.yml | 2 +- javascript/frameworks/xsjs/src/qlpack.yml | 2 +- javascript/frameworks/xsjs/test/qlpack.yml | 2 +- javascript/heuristic-models/ext/qlpack.yml | 2 +- javascript/heuristic-models/tests/qlpack.yml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/javascript/frameworks/cap/ext/qlpack.yml b/javascript/frameworks/cap/ext/qlpack.yml index fc9dc5568..d7839e4b5 100644 --- a/javascript/frameworks/cap/ext/qlpack.yml +++ b/javascript/frameworks/cap/ext/qlpack.yml @@ -3,4 +3,4 @@ library: true name: advanced-security/javascript-sap-cap-models version: 2.24.2 extensionTargets: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" diff --git a/javascript/frameworks/cap/lib/qlpack.yml b/javascript/frameworks/cap/lib/qlpack.yml index 1d16859f2..83bec95d1 100644 --- a/javascript/frameworks/cap/lib/qlpack.yml +++ b/javascript/frameworks/cap/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" diff --git a/javascript/frameworks/cap/src/qlpack.yml b/javascript/frameworks/cap/src/qlpack.yml index b3225a106..5c3b2518b 100644 --- a/javascript/frameworks/cap/src/qlpack.yml +++ b/javascript/frameworks/cap/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-cap-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/cap/test/qlpack.yml b/javascript/frameworks/cap/test/qlpack.yml index 630c2dd93..600112aaa 100644 --- a/javascript/frameworks/cap/test/qlpack.yml +++ b/javascript/frameworks/cap/test/qlpack.yml @@ -3,7 +3,7 @@ name: advanced-security/javascript-sap-cap-queries-tests version: 2.24.2 extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-cap-queries: "${workspace}" advanced-security/javascript-sap-cap-models: "${workspace}" advanced-security/javascript-sap-cap-all: "${workspace}" diff --git a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml index cdc4c1820..34d8bd955 100644 --- a/javascript/frameworks/ui5-webcomponents/test/qlpack.yml +++ b/javascript/frameworks/ui5-webcomponents/test/qlpack.yml @@ -2,5 +2,5 @@ name: advanced-security/javascript-sap-ui5-webcomponents-for-react-test version: 2.24.2 extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-ui5-all: "${workspace}" diff --git a/javascript/frameworks/ui5/ext/qlpack.yml b/javascript/frameworks/ui5/ext/qlpack.yml index b1c491df7..d692148db 100644 --- a/javascript/frameworks/ui5/ext/qlpack.yml +++ b/javascript/frameworks/ui5/ext/qlpack.yml @@ -3,6 +3,6 @@ library: true name: advanced-security/javascript-sap-ui5-models version: 2.24.2 extensionTargets: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" dataExtensions: - "*.model.yml" diff --git a/javascript/frameworks/ui5/lib/qlpack.yml b/javascript/frameworks/ui5/lib/qlpack.yml index 07ee632e2..e1f8977d2 100644 --- a/javascript/frameworks/ui5/lib/qlpack.yml +++ b/javascript/frameworks/ui5/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" diff --git a/javascript/frameworks/ui5/src/qlpack.yml b/javascript/frameworks/ui5/src/qlpack.yml index 4cc9a26a0..790258ab6 100644 --- a/javascript/frameworks/ui5/src/qlpack.yml +++ b/javascript/frameworks/ui5/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-ui5-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index f012b3d76..14e59b2ed 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -2,7 +2,7 @@ name: advanced-security/javascript-sap-ui5-queries-tests version: 2.24.2 extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" # We use this dependency to run the standard Log Injection query to ensure that # no overlap occurs with the SAP UI5 queries. We therefore allow any version # greater than or equal to 1.2.0, as major breaking changes are not a concern. diff --git a/javascript/frameworks/xsjs/ext/qlpack.yml b/javascript/frameworks/xsjs/ext/qlpack.yml index 13a02ccf1..cb2b9d721 100644 --- a/javascript/frameworks/xsjs/ext/qlpack.yml +++ b/javascript/frameworks/xsjs/ext/qlpack.yml @@ -3,6 +3,6 @@ library: true name: advanced-security/javascript-sap-xsjs-models version: 2.24.2 extensionTargets: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" dataExtensions: - "*.model.yml" diff --git a/javascript/frameworks/xsjs/lib/qlpack.yml b/javascript/frameworks/xsjs/lib/qlpack.yml index 8f85af2bd..8853e70aa 100644 --- a/javascript/frameworks/xsjs/lib/qlpack.yml +++ b/javascript/frameworks/xsjs/lib/qlpack.yml @@ -5,4 +5,4 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" diff --git a/javascript/frameworks/xsjs/src/qlpack.yml b/javascript/frameworks/xsjs/src/qlpack.yml index 76b8312f7..6aad949f7 100644 --- a/javascript/frameworks/xsjs/src/qlpack.yml +++ b/javascript/frameworks/xsjs/src/qlpack.yml @@ -5,6 +5,6 @@ version: 2.24.2 suites: codeql-suites extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-xsjs-all: "${workspace}" default-suite-file: codeql-suites/javascript-code-scanning.qls diff --git a/javascript/frameworks/xsjs/test/qlpack.yml b/javascript/frameworks/xsjs/test/qlpack.yml index d1813f994..7e638d7cd 100644 --- a/javascript/frameworks/xsjs/test/qlpack.yml +++ b/javascript/frameworks/xsjs/test/qlpack.yml @@ -3,7 +3,7 @@ name: advanced-security/javascript-sap-xsjs-tests version: 2.24.2 extractor: javascript dependencies: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" advanced-security/javascript-sap-xsjs-queries: "${workspace}" advanced-security/javascript-sap-xsjs-all: "${workspace}" advanced-security/javascript-sap-xsjs-models: "${workspace}" diff --git a/javascript/heuristic-models/ext/qlpack.yml b/javascript/heuristic-models/ext/qlpack.yml index 9707945bf..2e7d5c3e2 100644 --- a/javascript/heuristic-models/ext/qlpack.yml +++ b/javascript/heuristic-models/ext/qlpack.yml @@ -4,6 +4,6 @@ warnOnImplicitThis: false name: advanced-security/javascript-heuristic-models version: 2.24.2 extensionTargets: - codeql/javascript-all: "^2.4.0" + codeql/javascript-all: "^2.6.22" dataExtensions: - "*.model.yml" diff --git a/javascript/heuristic-models/tests/qlpack.yml b/javascript/heuristic-models/tests/qlpack.yml index 4913e02a3..e192d1713 100644 --- a/javascript/heuristic-models/tests/qlpack.yml +++ b/javascript/heuristic-models/tests/qlpack.yml @@ -4,5 +4,5 @@ name: advanced-security/javascript-heuristic-models-tests version: 2.24.2 extractor: javascript dependencies: - "codeql/javascript-all": "^2.4.0" + "codeql/javascript-all": "^2.6.22" "advanced-security/javascript-heuristic-models": "${workspace}" From 600004664fe6061cbae9d1d2ad8940a0234690d6 Mon Sep 17 00:00:00 2001 From: Nathan Randall Date: Wed, 4 Mar 2026 14:38:55 -0700 Subject: [PATCH 4/4] Support codeql pack publish --allow-prerelease --- .github/workflows/release-codeql.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-codeql.yml b/.github/workflows/release-codeql.yml index e78f21df5..16a8bdf8b 100644 --- a/.github/workflows/release-codeql.yml +++ b/.github/workflows/release-codeql.yml @@ -107,15 +107,24 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + RELEASE_NAME="${{ steps.version.outputs.release_name }}" + # Read the shared pack list from the job-level environment variable. mapfile -t PUBLISHABLE_PACKS <<< "${PUBLISHABLE_PACKS_LIST}" + # Prerelease versions (containing a hyphen) require --allow-prerelease + PRERELEASE_FLAG="" + if [[ "${RELEASE_NAME}" == *-* ]]; then + PRERELEASE_FLAG="--allow-prerelease" + echo "Detected prerelease version — using ${PRERELEASE_FLAG}" + fi + echo "Publishing CodeQL packs..." for pack_dir in "${PUBLISHABLE_PACKS[@]}"; do if [ -d "${pack_dir}" ]; then pack_name=$(grep -m1 "^name:" "${pack_dir}/qlpack.yml" | awk '{print $2}') echo "📦 Publishing ${pack_name} from ${pack_dir}..." - echo "${GITHUB_TOKEN}" | codeql pack publish --github-auth-stdin --threads=-1 -- "${pack_dir}" + codeql pack publish --threads=-1 ${PRERELEASE_FLAG} -- "${pack_dir}" echo "✅ Published ${pack_name}" else echo "⚠️ Skipping: ${pack_dir} not found"