Update to `codeql-cli/latest`. by ropwareJB · Pull Request #333 · microsoft/codeql

ropwareJB · 2026-03-11T08:54:37Z

Importing from upstream - conflicts in Leap year queries resolved:

CONFLICT (content): Merge conflict in cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll
  CONFLICT (content): Merge conflict in cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
  CONFLICT (content): Merge conflict in cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
  CONFLICT (content): Merge conflict in cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected
  CONFLICT (content): Merge conflict in cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected
  CONFLICT (content): Merge conflict in cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Update changelog documentation site

…too look for both when checking whether a body is available.

Bumps [zstd](https://github.com/facebook/zstd) from 1.5.5.bcr.1 to 1.5.7.bcr.1. - [Release notes](https://github.com/facebook/zstd/releases) - [Changelog](https://github.com/facebook/zstd/blob/dev/CHANGELOG) - [Commits](https://github.com/facebook/zstd/commits) --- updated-dependencies: - dependency-name: zstd dependency-version: 1.5.7.bcr.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [abseil-cpp](https://github.com/abseil/abseil-cpp) from 20240116.1 to 20260107.1. - [Release notes](https://github.com/abseil/abseil-cpp/releases) - [Commits](abseil/abseil-cpp@20240116.1...20260107.1) --- updated-dependencies: - dependency-name: abseil-cpp dependency-version: '20260107.1' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [rules_python](https://github.com/bazel-contrib/rules_python) from 0.40.0 to 1.9.0. - [Release notes](https://github.com/bazel-contrib/rules_python/releases) - [Changelog](https://github.com/bazel-contrib/rules_python/blob/main/CHANGELOG.md) - [Commits](bazel-contrib/rules_python@0.40.0...1.9.0) --- updated-dependencies: - dependency-name: rules_python dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

…thon-1.9.0 Bump rules_python from 0.40.0 to 1.9.0

….7.bcr.1 Bump zstd from 1.5.5.bcr.1 to 1.5.7.bcr.1

…pp-20260107.1 Bump abseil-cpp from 20240116.1 to 20260107.1

…mplify C#: Disentangle SwitchStmt AST and CFG.

…-summary-models C++: Add model validation for constructor summary models

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Bumps [rules_android](https://github.com/bazelbuild/rules_android) from 0.6.4 to 0.7.1. - [Release notes](https://github.com/bazelbuild/rules_android/releases) - [Commits](bazelbuild/rules_android@v0.6.4...v0.7.1) --- updated-dependencies: - dependency-name: rules_android dependency-version: 0.7.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [googletest](https://github.com/google/googletest) from 1.14.0.bcr.1 to 1.17.0.bcr.2. - [Release notes](https://github.com/google/googletest/releases) - [Commits](https://github.com/google/googletest/commits) --- updated-dependencies: - dependency-name: googletest dependency-version: 1.17.0.bcr.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [rules_shell](https://github.com/bazelbuild/rules_shell) from 0.5.0 to 0.6.1. - [Release notes](https://github.com/bazelbuild/rules_shell/releases) - [Commits](bazelbuild/rules_shell@v0.5.0...v0.6.1) --- updated-dependencies: - dependency-name: rules_shell dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Cfg: Share more code for switch statements.

Add `/rerun` slash command for failed internal checks

…un-slash-command Revert "Add `/rerun` slash command for failed internal checks"

…droid-0.7.1 Bump rules_android from 0.6.4 to 0.7.1

C++: Small simplification

…ell-0.6.1 Bump rules_shell from 0.5.0 to 0.6.1

…st-1.17.0.bcr.2 Bump googletest from 1.14.0.bcr.1 to 1.17.0.bcr.2

…thod-call-order Python: Fix bad join in method call order computation

csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs

-            var getter = BodyDeclaringSymbol.GetMethod;
-            var setter = BodyDeclaringSymbol.SetMethod;
+            var getter = Symbol.GetMethod;
+            var setter = Symbol.SetMethod;


In general, to fix a “local variable shadows member” issue, rename the local variable or parameter so it no longer has the same name as the field or property, and then update all its references accordingly. This preserves behavior while removing ambiguity about which symbol is being referenced.

Here, the member field is type (backing the Type property), and the local variable var type = Type; is only used within Populate for the property trap and for TypeMention.Create. The simplest fix is to rename the local variable to something like propertyType (or resolvedType) and update both of its uses:

Line 42: change var type = Type; to var propertyType = Type;.

Line 43: change type.TypeRef to propertyType.TypeRef.

Line 108: change the last argument type to propertyType.

No imports or new methods are needed; this is purely a local rename within Populate. This will remove the shadowing and make it clear when the code is accessing the cached Type versus the Lazy<Type> field.

aschackmull and others added 30 commits February 23, 2026 15:10

Java: Accept revised CFG.

eb37c41

Java: Remove obsolete tests - false successors are no longer special.

352b371

Java: Enable Cfg consistency checks.

f7317b6

Java: Adjust switch case guards test.

d4873dd

Java: Add change note.

0d0711f

Java: Handle missing throws clauses.

bdbbd45

Java: Add nullness test covering known FP.

2b8e719

Guards: Improve join-order.

94121f1

C#: Add a partial method example with a body.

a83c53e

C#: Update partial method test to count the number of extracted bodies.

0e543a9

C#: Add data flow test for partial method.

7d7bbf2

update codeql documentation

532e1fe

Update codeql-cli-2.19.1.rst

9773775

Fix formatting in Kotlin version support note

2969fee

Fix formatting for Kotlin version support note

d546b85

Promote CORS configuration query to default suite

af0bfe0

Apply suggestion from @Copilot

8719072

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Fix syntax error with '=' in format specifier

79ac95d

Fix formatting in codeql-cli-2.23.1.rst

365bae1

Merge branch 'main' into codeql-spark-run-22317536589

e14b4f1

Merge pull request github#21357 from github/codeql-spark-run-22317536589

0151e84

Update changelog documentation site

Rust: Define neutralElement in the shared data flow input.

6b7f339

Rust: Autoformat.

e951156

C#: Cache the Block and ExpressionBody and streamline implementation …

e8427a5

…too look for both when checking whether a body is available.

C#: Extract partial method declaration.

d3fcc2a

C#: Update test expected output.

03a54bf

C#: Streamline the partial implementation for properties and events.

003b539

C#: Update test expected output.

a255b4f

C#: Add change note.

7de476a

python: add tests for guards compared to booleans

8488039

dependabot bot and others added 26 commits March 9, 2026 15:25

Merge pull request github#21436 from github/dependabot/bazel/rules_py…

fde51e0

…thon-1.9.0 Bump rules_python from 0.40.0 to 1.9.0

Merge pull request github#21432 from github/dependabot/bazel/zstd-1.5…

a7e426d

….7.bcr.1 Bump zstd from 1.5.5.bcr.1 to 1.5.7.bcr.1

Merge pull request github#21433 from github/dependabot/bazel/abseil-c…

afb2243

…pp-20260107.1 Bump abseil-cpp from 20240116.1 to 20260107.1

C++: Small simplification

dbb8bb8

Merge pull request github#21430 from aschackmull/csharp/switch-ast-si…

219fe03

…mplify C#: Disentangle SwitchStmt AST and CFG.

Cfg: Move getCaseControlFlowOrder to shared code.

35ac66d

Merge pull request github#21426 from owen-mc/cpp/validate-constructor…

0215ea3

…-summary-models C++: Add model validation for constructor summary models

Cfg: Move Case.getBodyElement to shared code.

edf88b3

Cfg: Update fallsThrough default.

77d4f5a

Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll

efa797a

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Merge pull request github#21441 from aschackmull/cfg/switch-sharing

6a6bb5e

Cfg: Share more code for switch statements.

Merge pull request github#21414 from github/redsun82/rerun-slash-command

017b6f2

Add `/rerun` slash command for failed internal checks

Revert "Add /rerun slash command for failed internal checks"

a5f23ad

Merge pull request github#21447 from github/revert-21414-redsun82/rer…

9bf1072

…un-slash-command Revert "Add `/rerun` slash command for failed internal checks"

Merge pull request github#21443 from github/dependabot/bazel/rules_an…

3c3c58b

…droid-0.7.1 Bump rules_android from 0.6.4 to 0.7.1

Merge pull request github#21437 from igfoo/igfoo/onemk

341059d

C++: Small simplification

Merge pull request github#21445 from github/dependabot/bazel/rules_sh…

267a46d

…ell-0.6.1 Bump rules_shell from 0.5.0 to 0.6.1

Merge pull request github#21444 from github/dependabot/bazel/googlete…

79499c2

…st-1.17.0.bcr.2 Bump googletest from 1.14.0.bcr.1 to 1.17.0.bcr.2

Merge pull request github#21429 from github/tausbn/fix-bad-join-in-me…

5a65282

…thod-call-order Python: Fix bad join in method call order computation

Manual merge of codeql-cli/latest

097e96c

ropwareJB self-assigned this Mar 11, 2026

github-advanced-security bot found potential problems Mar 11, 2026

View reviewed changes

dilanbhalla approved these changes Mar 11, 2026

View reviewed changes

dilanbhalla merged commit b4f81e7 into main Mar 11, 2026
16 checks passed

@@ -39,8 +39,8 @@
                         PopulateNullability(trapFile, Symbol.GetAnnotatedType());
                         PopulateRefKind(trapFile, Symbol.RefKind);
-                        var type = Type;
-                        trapFile.properties(this, Symbol.GetName(), ContainingType!, type.TypeRef, Create(Context, Symbol.OriginalDefinition));
+                        var propertyType = Type;
+                        trapFile.properties(this, Symbol.GetName(), ContainingType!, propertyType.TypeRef, Create(Context, Symbol.OriginalDefinition));
                         var getter = Symbol.GetMethod;
                         var setter = Symbol.SetMethod;
@@ -105,7 +105,7 @@
                             }
                             foreach (var syntax in declSyntaxReferences)
-                                TypeMention.Create(Context, syntax.Type, this, type);
+                                TypeMention.Create(Context, syntax.Type, this, propertyType);
                         }
                     }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to `codeql-cli/latest`.#333

Update to `codeql-cli/latest`.#333
dilanbhalla merged 471 commits intomainfrom
jb1/update-submodule

ropwareJB commented Mar 11, 2026

Uh oh!

Check notice

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

16 participants

Conversation

ropwareJB commented Mar 11, 2026

Uh oh!

Check notice

Uh oh!

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

16 participants