Skip to content

Update changelog documentation site for codeql-cli-2.25.3#21785

Merged
redsun82 merged 2 commits intomainfrom
codeql-spark-run-25308467256
May 4, 2026
Merged

Update changelog documentation site for codeql-cli-2.25.3#21785
redsun82 merged 2 commits intomainfrom
codeql-spark-run-25308467256

Conversation

@codeql-ci
Copy link
Copy Markdown
Collaborator

@codeql-ci codeql-ci commented May 4, 2026

This pull request was automatically generated to synchronize the CodeQL changelog documentation based on recent changes to CodeQL.

Overview

  • Ensures that the documentation remains current with the source Markdown changelogs.
    • Incorporates any detected changes in the CodeQL CLI changelog.
    • Incorporates any detected changes in the CodeQL languages' changelogs.
    • Regenerates the formatted changelog documentation.

Next Steps

  • Please review the rendered docs and verify that the changelog content is correct. Edit as necessary.
  • Once you're satisfied with the changes, please merge this PR.

@codeql-ci codeql-ci requested a review from redsun82 May 4, 2026 08:19
@codeql-ci codeql-ci requested a review from a team as a code owner May 4, 2026 08:19
Copilot AI review requested due to automatic review settings May 4, 2026 08:19
redsun82
redsun82 previously approved these changes May 4, 2026
View reviewed changes
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Synchronizes the rendered CodeQL changelog documentation site for the CodeQL CLI 2.25.3 release by adding the new release page and linking it from the changelog index.

Changes:

  • Added a new changelog page for CodeQL CLI 2.25.3 with release notes across CLI, query packs, and language libraries.
  • Updated the changelog index to include the 2.25.3 entry in the toctree.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
docs/codeql/codeql-overview/codeql-changelog/index.rst Adds codeql-cli-2.25.3 to the changelog toctree so the new page is included in navigation.
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.3.rst Introduces the rendered changelog content for the 2.25.3 release.

Comment thread docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.3.rst Outdated
* The "Multiplication result converted to larger type" (:code:`cpp/integer-multiplication-cast-to-long`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
* The "Suspicious add with sizeof" (:code:`cpp/suspicious-add-sizeof`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
* The "Wrong type of arguments to formatting function" (:code:`cpp/wrong-type-format-argument`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
* The "Implicit function declaration" (:code:`cpp/implicit-function-declaration`) query has been upgraded to :code:`high` precision. However, for :code:`build mode: none` databases, it no longer produces any results. The results in this mode were found to be very noisy and fundamentally imprecise.
Comment thread docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.3.rst
GitHub Actions
""""""""""""""

* Fixed alert messages in :code:`actions/artifact-poisoning/critical` and :code:`actions/artifact-poisoning/medium` as they previously included a redundant placeholder in the alert message that would on occasion contain a long block of yml that makes the alert difficult to understand. Also improved the wording to make it clearer that it is not the artifact that is being poisoned, but instead a potentially untrusted artifact that is consumed. Finally, changed the alert location to be the source, to align more with other queries reporting an artifact (e.g. zipslip) which is more useful.
@redsun82 redsun82 requested review from a team as code owners May 4, 2026 08:27
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 4, 2026

QHelp previews:

cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.qhelp

Implicit function declaration

A function is called without a prior function declaration or definition. When this happens, the compiler generates an implicit declaration of the function, specifying an integer return type and no parameters. If the implicit declaration does not match the true signature of the function, the function may behave unpredictably.

This may indicate a misspelled function name, or that the required header containing the function declaration has not been included.

Note: This query is not compatible with build-mode: none databases, and produces no results on those databases.

Recommendation

Provide an explicit declaration of the function before invoking it.

Example

/* '#include <stdlib.h>' was forgotten */

int main(void) {
	/* 'int malloc()' assumed */
	unsigned char *p = malloc(100);
	*p = 'a';
	return 0;
}

References

1 similar comment
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 4, 2026

QHelp previews:

cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.qhelp

Implicit function declaration

A function is called without a prior function declaration or definition. When this happens, the compiler generates an implicit declaration of the function, specifying an integer return type and no parameters. If the implicit declaration does not match the true signature of the function, the function may behave unpredictably.

This may indicate a misspelled function name, or that the required header containing the function declaration has not been included.

Note: This query is not compatible with build-mode: none databases, and produces no results on those databases.

Recommendation

Provide an explicit declaration of the function before invoking it.

Example

/* '#include <stdlib.h>' was forgotten */

int main(void) {
	/* 'int malloc()' assumed */
	unsigned char *p = malloc(100);
	*p = 'a';
	return 0;
}

References

@redsun82 redsun82 merged commit 77cdafd into main May 4, 2026
38 of 49 checks passed
@redsun82 redsun82 deleted the codeql-spark-run-25308467256 branch May 4, 2026 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@redsun82 redsun82 redsun82 approved these changes

Assignees

@redsun82 redsun82

Labels

C# C++ documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codeql-ci @redsun82