17 Pull requests merged by 6 people

• JS: Generate legacy flow steps for all flow summaries

  #20169 merged Aug 6, 2025

• Rust: Improve handling of where clauses in type inference and path resolution

  #20177 merged Aug 6, 2025

• Rust: Update SqlxQuery, SqlxExecute to use getCanonicalPath

  #19802 merged Aug 6, 2025

• Rust: Add predicate for certain type information

  #20155 merged Aug 6, 2025

• Rust: Remove restriction in PathTypeMention

  #20173 merged Aug 6, 2025

• Rust: Clean up some odds and ends

  #20167 merged Aug 5, 2025

• Java: document nullness false negative as qltest

  #20171 merged Aug 5, 2025

• Java: Improve a couple of join-orders

  #20127 merged Aug 5, 2025

• Java: Assume normal termination in post-dominance.

  #20163 merged Aug 5, 2025

• C#: Include constructors in ValueOrRefType.hasCallable

  #20158 merged Aug 5, 2025

• Rust: Fix bad join

  #20164 merged Aug 5, 2025

• Post-release preparation for codeql-cli-2.22.3

  #20166 merged Aug 4, 2025

• Release preparation for version 2.22.3

  #20165 merged Aug 4, 2025

• Rust: Fix two bad joins introduced by magic

  #20161 merged Aug 4, 2025

• Rust: Add type inference test cases resembling missing call targets in SQLx.

  #20160 merged Aug 4, 2025

• C++: Static variables are initialized to zero or null by compiler

  #20129 merged Aug 4, 2025

• Rust: Add metric for DCA and debug predicates for type that reach the length limit

  #20147 merged Aug 4, 2025

5 Pull requests opened by 3 people

• Python: Add jump steps for global variable nested field access

  #20162 opened Aug 4, 2025

• Shared: Use `final` aliases in `ConcentsShared.qll`

  #20172 opened Aug 5, 2025

• Bump actions/download-artifact from 4 to 5

  #20175 opened Aug 6, 2025

• Java: Added new query `java/visible-for-testing-abuse`

  #20178 opened Aug 6, 2025

• Rust: Generalize certain type inference logic

  #20179 opened Aug 6, 2025

2 Issues closed by 2 people

• CodeQL cannot parse HTTP annotations in decompiled C# code.

  #20170 closed Aug 6, 2025

• github-recovery-codes.txt.

  #20157 closed Aug 4, 2025

3 Issues opened by 3 people

• Query: increase size of code-snippet context exported in SARIF?

  #20176 opened Aug 6, 2025

• False positive in python/ql/src/Security/CWE-312/CleartextLogging.ql

  #20168 opened Aug 4, 2025

• How to write CodeQL rules?

  #20159 opened Aug 4, 2025

13 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Fix #19294, Ruby NetHttpRequest improvements

  #20101 commented on Aug 4, 2025 • 2 new comments

• Experiment: Make all data flow incremental

  #20028 commented on Aug 6, 2025 • 1 new comment

• False positives for py/file-not-closed even when using `with` statements

  #20152 commented on Aug 4, 2025 • 0 new comments

• CWE 134

  #20131 commented on Aug 4, 2025 • 0 new comments

• False positive "use of implicit PendingIntents" alert

  #20153 commented on Aug 5, 2025 • 0 new comments

• python false positive Clear-text logging of sensitive information

  #13538 commented on Aug 5, 2025 • 0 new comments

• Rust: upgrade to rust 1.88 and rust-analyzer 0.0.294

  #20055 commented on Aug 5, 2025 • 0 new comments

• Python: Modernize Unexpected Raise In Special Method query

  #20120 commented on Aug 4, 2025 • 0 new comments

• Rust: Support blanket implementations

  #20133 commented on Aug 4, 2025 • 0 new comments

• Rust: New Query rust/cleartext-storage-database

  #20137 commented on Aug 6, 2025 • 0 new comments

• Rust: Don't use constraint implementations for type parameters

  #20143 commented on Aug 4, 2025 • 0 new comments

• Rust: Update BadCtorInitialization.ql to use getCanonicalPath.

  #20150 commented on Aug 4, 2025 • 0 new comments

• C++: Value numbering for casts that only modify specifiers

  #20156 commented on Aug 4, 2025 • 0 new comments