Merge branch 'github:main' into felickz/actions-trusted-owner-data-ex…

…tensions
github · Jan 9, 2025 · b144c2f · b144c2f
2 parents 6b3098d + 928c66a
commit b144c2f
Show file tree

Hide file tree

Showing 465 changed files with 27,106 additions and 13,436 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -65,26 +65,92 @@ rust_host_tools.host_tools(
 # deps for python extractor
 # keep in sync by running `misc/bazel/3rdparty/update_cargo_deps.sh`
 py_deps = use_extension("//misc/bazel/3rdparty:py_deps_extension.bzl", "p")
-use_repo(py_deps, "vendor__anyhow-1.0.44", "vendor__cc-1.0.70", "vendor__clap-2.33.3", "vendor__regex-1.5.5", "vendor__smallvec-1.6.1", "vendor__string-interner-0.12.2", "vendor__thiserror-1.0.29", "vendor__tree-sitter-0.20.4", "vendor__tree-sitter-graph-0.7.0")
+use_repo(
+    py_deps,
+    "vendor__anyhow-1.0.44",
+    "vendor__cc-1.0.70",
+    "vendor__clap-2.33.3",
+    "vendor__regex-1.5.5",
+    "vendor__smallvec-1.6.1",
+    "vendor__string-interner-0.12.2",
+    "vendor__thiserror-1.0.29",
+    "vendor__tree-sitter-0.20.4",
+    "vendor__tree-sitter-graph-0.7.0",
+)
 
 # deps for ruby+rust
 # keep in sync by running `misc/bazel/3rdparty/update_cargo_deps.sh`
 tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r")
-use_repo(tree_sitter_extractors_deps, "vendor__anyhow-1.0.94", "vendor__argfile-0.2.1", "vendor__chrono-0.4.39", "vendor__clap-4.5.23", "vendor__dunce-1.0.5", "vendor__either-1.13.0", "vendor__encoding-0.2.33", "vendor__figment-0.10.19", "vendor__flate2-1.0.35", "vendor__glob-0.3.1", "vendor__globset-0.4.15", "vendor__itertools-0.12.1", "vendor__itertools-0.13.0", "vendor__lazy_static-1.5.0", "vendor__log-0.4.22", "vendor__num-traits-0.2.19", "vendor__num_cpus-1.16.0", "vendor__proc-macro2-1.0.92", "vendor__quote-1.0.37", "vendor__ra_ap_base_db-0.0.248", "vendor__ra_ap_cfg-0.0.248", "vendor__ra_ap_hir-0.0.248", "vendor__ra_ap_hir_def-0.0.248", "vendor__ra_ap_hir_expand-0.0.248", "vendor__ra_ap_ide_db-0.0.248", "vendor__ra_ap_intern-0.0.248", "vendor__ra_ap_load-cargo-0.0.248", "vendor__ra_ap_parser-0.0.248", "vendor__ra_ap_paths-0.0.248", "vendor__ra_ap_project_model-0.0.248", "vendor__ra_ap_span-0.0.248", "vendor__ra_ap_stdx-0.0.248", "vendor__ra_ap_syntax-0.0.248", "vendor__ra_ap_vfs-0.0.248", "vendor__rand-0.8.5", "vendor__rayon-1.10.0", "vendor__regex-1.11.1", "vendor__serde-1.0.216", "vendor__serde_json-1.0.133", "vendor__serde_with-3.11.0", "vendor__stderrlog-0.6.0", "vendor__syn-2.0.90", "vendor__tracing-0.1.41", "vendor__tracing-subscriber-0.3.19", "vendor__tree-sitter-0.24.5", "vendor__tree-sitter-embedded-template-0.23.2", "vendor__tree-sitter-json-0.24.8", "vendor__tree-sitter-ql-0.23.1", "vendor__tree-sitter-ruby-0.23.1", "vendor__triomphe-0.1.14", "vendor__ungrammar-1.16.1")
+use_repo(
+    tree_sitter_extractors_deps,
+    "vendor__anyhow-1.0.95",
+    "vendor__argfile-0.2.1",
+    "vendor__chrono-0.4.39",
+    "vendor__clap-4.5.24",
+    "vendor__dunce-1.0.5",
+    "vendor__either-1.13.0",
+    "vendor__encoding-0.2.33",
+    "vendor__figment-0.10.19",
+    "vendor__flate2-1.0.35",
+    "vendor__glob-0.3.2",
+    "vendor__globset-0.4.15",
+    "vendor__itertools-0.14.0",
+    "vendor__lazy_static-1.5.0",
+    "vendor__log-0.4.22",
+    "vendor__mustache-0.9.0",
+    "vendor__num-traits-0.2.19",
+    "vendor__num_cpus-1.16.0",
+    "vendor__proc-macro2-1.0.92",
+    "vendor__quote-1.0.38",
+    "vendor__ra_ap_base_db-0.0.257",
+    "vendor__ra_ap_cfg-0.0.257",
+    "vendor__ra_ap_hir-0.0.257",
+    "vendor__ra_ap_hir_def-0.0.257",
+    "vendor__ra_ap_hir_expand-0.0.257",
+    "vendor__ra_ap_ide_db-0.0.257",
+    "vendor__ra_ap_intern-0.0.257",
+    "vendor__ra_ap_load-cargo-0.0.257",
+    "vendor__ra_ap_parser-0.0.257",
+    "vendor__ra_ap_paths-0.0.257",
+    "vendor__ra_ap_project_model-0.0.257",
+    "vendor__ra_ap_span-0.0.257",
+    "vendor__ra_ap_stdx-0.0.257",
+    "vendor__ra_ap_syntax-0.0.257",
+    "vendor__ra_ap_vfs-0.0.257",
+    "vendor__rand-0.8.5",
+    "vendor__rayon-1.10.0",
+    "vendor__regex-1.11.1",
+    "vendor__serde-1.0.217",
+    "vendor__serde_json-1.0.135",
+    "vendor__serde_with-3.12.0",
+    "vendor__stderrlog-0.6.0",
+    "vendor__syn-2.0.95",
+    "vendor__tracing-0.1.41",
+    "vendor__tracing-subscriber-0.3.19",
+    "vendor__tree-sitter-0.24.6",
+    "vendor__tree-sitter-embedded-template-0.23.2",
+    "vendor__tree-sitter-json-0.24.8",
+    "vendor__tree-sitter-ql-0.23.1",
+    "vendor__tree-sitter-ruby-0.23.1",
+    "vendor__triomphe-0.1.14",
+    "vendor__ungrammar-1.16.1",
+)
 
 http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 # rust-analyzer sources needed by the rust ast-generator (see `rust/ast-generator/README.md`)
+RUST_ANALYZER_SRC_TAG = "2025-01-07"
+
 http_archive(
     name = "rust-analyzer-src",
     build_file = "//rust/ast-generator:BUILD.rust-analyzer-src.bazel",
-    integrity = "sha256-jl4KJmZku+ilMLnuX2NU+qa1v10IauSiDiz23sZo360=",
+    integrity = "sha256-eo8mIaUafZL8LOM65bDIIIXw1rNQ/P/x5RK/XUtgo5g=",
     patch_args = ["-p1"],
     patches = [
         "//rust/ast-generator:patches/rust-analyzer.patch",
     ],
-    strip_prefix = "rust-analyzer-2024-12-16",
-    url = "https://github.com/rust-lang/rust-analyzer/archive/refs/tags/2024-12-16.tar.gz",
+    strip_prefix = "rust-analyzer-%s" % RUST_ANALYZER_SRC_TAG,
+    url = "https://github.com/rust-lang/rust-analyzer/archive/refs/tags/%s.tar.gz" % RUST_ANALYZER_SRC_TAG,
 )
 
 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")

diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md
@@ -0,0 +1,5 @@
+## 0.4.0
+
+### New Features
+
+* Initial public preview release
diff --git a/actions/ql/lib/change-notes/released/0.4.0.md b/actions/ql/lib/change-notes/released/0.4.0.md
@@ -0,0 +1,5 @@
+## 0.4.0
+
+### New Features
+
+* Initial public preview release
diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.4.0
diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.0-dev
+version: 0.4.1-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

diff --git a/...hange-notes/2024-12-19-initial-release.md → actions/ql/src/CHANGELOG.md b/...hange-notes/2024-12-19-initial-release.md → actions/ql/src/CHANGELOG.md
@@ -1,4 +1,5 @@
----
-category: feature
----
+## 0.4.0
+
+### New Queries
+
 * Initial public preview release
diff --git a/...hange-notes/2024-12-19-initial-release.md → ...ons/ql/src/change-notes/released/0.4.0.md b/...hange-notes/2024-12-19-initial-release.md → ...ons/ql/src/change-notes/released/0.4.0.md
@@ -1,4 +1,5 @@
----
-category: newQuery
----
+## 0.4.0
+
+### New Queries
+
 * Initial public preview release
diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.4.0
diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.4.0-dev
+version: 0.4.1-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

diff --git a/config/identical-files.json b/config/identical-files.json
@@ -247,7 +247,8 @@
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
     "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
-    "swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll"
+    "swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll",
+    "rust/ql/lib/codeql/rust/security/internal/SensitiveDataHeuristics.qll"
   ],
   "IncompleteUrlSubstringSanitization": [
     "javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",