22 Pull requests merged by 9 people

• Rust: Fill some gaps in our database models.

  #20208 merged Aug 13, 2025

• Fix #19294, Ruby NetHttpRequest improvements

  #20101 merged Aug 12, 2025

• Cargo: align rust toolchain version with internal repository

  #20207 merged Aug 12, 2025

• Rust: Generalize certain type inference logic

  #20179 merged Aug 12, 2025

• Fix indentation in the "Supported languages and frameworks" page

  #20196 merged Aug 11, 2025

• Actions: clarify doc for untrusted checkout

  #20204 merged Aug 11, 2025

• Rust: Remove source/library deduplication in path resolution

  #20192 merged Aug 11, 2025

• Rust: New Query rust/cleartext-storage-database

  #20137 merged Aug 11, 2025

• C++: Fix missing global variable flow

  #20126 merged Aug 11, 2025

• C++: Fix FP in cpp/overflow-buffer

  #20193 merged Aug 11, 2025

• Rust: Add rust/diagnostics/type-inference-consistency-counts.

  #20185 merged Aug 11, 2025

• Rust: Update BadCtorInitialization.ql to use getCanonicalPath.

  #20150 merged Aug 11, 2025

• C++: Value numbering for casts that only modify specifiers

  #20156 merged Aug 11, 2025

• C++: Fix missing bool -> int conversions in C code

  #20145 merged Aug 11, 2025

• Shared: Use final aliases in ConcentsShared.qll

  #20172 merged Aug 11, 2025

• Java: use java 17 in no-wrapper tests

  #20194 merged Aug 8, 2025

• Java: use java 17 in no-wrapper tests

  #20189 merged Aug 8, 2025

• Ruby: Diff-informed queries: phase 3 (non-trivial locations)

  #20080 merged Aug 7, 2025

• Guards: Improve support for wrapped guards

  #20121 merged Aug 7, 2025

• JS: Generate legacy flow steps for all flow summaries

  #20169 merged Aug 6, 2025

• Rust: Improve handling of where clauses in type inference and path resolution

  #20177 merged Aug 6, 2025

• Rust: Update SqlxQuery, SqlxExecute to use getCanonicalPath

  #19802 merged Aug 6, 2025

12 Pull requests opened by 8 people

• Rust: Unify type inference for tuple indexing expressions

  #20182 opened Aug 7, 2025

• Java: Enable BarrierGuard wrappers

  #20183 opened Aug 7, 2025

• Doc: Fix link to `warnOnImplicitThis` GitHub docs

  #20184 opened Aug 7, 2025

• Bump the extractor-dependencies group in /go/extractor with 2 updates

  #20188 opened Aug 8, 2025

• Java: Enhance `java/jvm-exit` query and add to quality

  #20190 opened Aug 8, 2025

• Rust: Distinguish internal/external items in path resolution

  #20191 opened Aug 8, 2025

• Rust: Handle chained `let` expressions

  #20203 opened Aug 11, 2025

• Java: port quality query `java/mocking-all-non-private-methods-means-unit-test-is-too-big`

  #20205 opened Aug 11, 2025

• Python extractor: overlay support

  #20206 opened Aug 11, 2025

• Go: Update Go version to 1.25.0

  #20210 opened Aug 12, 2025

• Bump rayon from 1.10.0 to 1.11.0 in /ql

  #20212 opened Aug 13, 2025

• Rust: regenerate bazel files

  #20215 opened Aug 13, 2025

6 Issues closed by 4 people

• The “--buildmode none” not work for cpp in version 2.22.3

  #20214 closed Aug 13, 2025

• [JS] js qlpacks are not segregated and it creates a bit of an issue during rebundling/customization

  #20209 closed Aug 12, 2025

• Ruby NetHttpRequest improvements

  #19294 closed Aug 12, 2025

• Unable to generate graph with prinAst.ql and CodeQL CLI

  #20202 closed Aug 12, 2025

• C++: request for support more C++ features to avoid failures in CodeQL compile

  #16652 closed Aug 11, 2025

• CodeQL cannot parse HTTP annotations in decompiled C# code.

  #20170 closed Aug 6, 2025

4 Issues opened by 3 people

• Codeql pack create warning - is not an extension target of xxx

  #20211 opened Aug 12, 2025

• [Rust] Unused variable false positive in compound conditional statements

  #20201 opened Aug 10, 2025

• [Docs] Consistently refer to either `codeql-pack.yml` or `qlpack.yml`

  #20187 opened Aug 7, 2025

• Should `qlpack.yml` `compileForOverlayEval` be documented?

  #20186 opened Aug 7, 2025

12 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Rust: upgrade to rust-analyzer 0.0.300

  #20055 commented on Aug 12, 2025 • 4 new comments

• Java: Added new query `java/visible-for-testing-abuse`

  #20178 commented on Aug 8, 2025 • 3 new comments

• Experiment: Make all data flow incremental

  #20028 commented on Aug 7, 2025 • 2 new comments

• Shared: Overhaul the AlertFiltering QLDoc

  #20047 commented on Aug 13, 2025 • 2 new comments

• Java: Add `previous-id` and adjust tags for `java/garbage-collection` and `java/run-finalizers-on-exit`

  #20095 commented on Aug 12, 2025 • 2 new comments

• Python: Add jump steps for global variable nested field access

  #20162 commented on Aug 11, 2025 • 2 new comments

• General issue - CodeQL exiting with exit code 2

  #14866 commented on Aug 7, 2025 • 0 new comments

• [Rust] macro expansion failed warnings

  #19966 commented on Aug 12, 2025 • 0 new comments

• Just: introduce common "verbs"

  #19978 commented on Aug 11, 2025 • 0 new comments

• C#: Diff-informed queries: phase 3 (non-trivial locations)

  #20074 commented on Aug 13, 2025 • 0 new comments

• JS: Exclude environment variables from `js/regex-injection` query by default

  #20148 commented on Aug 13, 2025 • 0 new comments

• JS: Enhance command injection detection for CLI argument parsing libraries

  #20151 commented on Aug 13, 2025 • 0 new comments