CLI/Library Upgrade: 2.25.5#363
Merged
Merged
Conversation
…ile contains a clear. This has been fixed.
Go: improve accuracy of overlay annotations
C++: Add `Strsafe.h` models
Before on `neovim`:
```
[2026-04-28 14:54:20] Evaluated non-recursive predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@ac8178o2 in 68ms (size: 20848).
Evaluated relational algebra for predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@ac8178o2 with tuple counts:
21888 ~0% {2} r1 = SCAN switch_case OUTPUT In.2, In.0
21888 ~0% {4} | JOIN WITH #switch_caseMerge_21#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, _, Rhs.1
21888 ~4% {3} | REWRITE WITH Tmp.2 := 1, Out.2 := (In.3 - Tmp.2) KEEPING 3
24091916 ~0% {3} | JOIN WITH switch_case ON FIRST 1 OUTPUT Lhs.2, Rhs.2, Lhs.1
20848 ~2% {2} | JOIN WITH #switch_caseMerge_12#join_rhs ON FIRST 2 OUTPUT Lhs.1, Lhs.2
return r1
```
After:
```
[2026-04-28 15:30:53] Evaluated non-recursive predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@bf9801oj in 0ms (size: 20848).
Evaluated relational algebra for predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@bf9801oj with tuple counts:
21888 ~0% {4} r1 = SCAN switch_case OUTPUT In.0, _, In.2, In.1
21888 ~1% {3} | REWRITE WITH Tmp.1 := 1, Out.1 := (In.3 + Tmp.1) KEEPING 3
20848 ~2% {2} | JOIN WITH switch_case ON FIRST 2 OUTPUT Lhs.2, Rhs.2
return r1
```
The CWE-089/untyped/vercel.ts fixture added in this PR introduces a conn.query(...) call that DatabaseAccesses.ql reports, so its .expected baseline needs the corresponding entry. Output produced by `codeql test accept`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Vercel API handlers more often return JSON than HTML, so res.send is not the only response body sink that matters. Mirror Express's ResponseJsonCall by also matching res.json(...) and res.jsonp(...) on the response (direct and chained), and exercise the new behavior in the library-test fixture. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Same pattern we've seen many times before: a field on an anonymous node gets attached to the parent node instead. I'm not 100% sure this is the right solution, but it seemed wrong to just make `_parenthesized_type` named instead (we don't usually name parentheticals). At the very least, this cleans up the spurious navigation_expression.element and tuple_type_item.element fields.
Same procedure as before -- we change the anonymous node to a named node, and the problem magically goes away.
Hides a bunch of huge unions under (hopefully) sensible supertypes.
…mar-cleanup-phase-1 unified: Swift grammar cleanup part 1
…e-deserialization Shared: improve qhelp for unsafe deserialization queries
…error Shared: Nicer panic message if node kind is missing
…for-rust.rst Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Update CSV framework coverage reports
…models-for-rust docs: Add 'Customizing library models for Rust' documentation
Go: Make version parsing robust in the face of custom Go builds
C++: Fix FP on `cpp/cleartext-transmission`
…ry-for-composite-actions Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
C++: Update test results after extractor changes
Release preparation for version 2.25.5
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
ropwareJB
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.