Merge branch 'main' into patch-1

Author: aibaars

.codeqlmanifest.json

@@ -10,7 +10,14 @@
         "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
         "misc/legacy-support/*/qlpack.yml",
         "misc/suite-helpers/qlpack.yml",
-        "ruby/ql/consistency-queries/qlpack.yml",
-        "ruby/extractor-pack/codeql-extractor.yml"
-   ]
-}
+        "ruby/extractor-pack/codeql-extractor.yml",
+        "ruby/ql/consistency-queries/qlpack.yml"
+    ],
+    "versionPolicies": {
+      "default": {
+        "requireChangeNotes": true,
+        "committedPrereleaseSuffix": "dev",
+        "committedVersion": "nextPatchRelease"
+      }
+    }
+}

.github/workflows/ruby-dataset-measure.yml

@@ -24,7 +24,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        repo: [rails/rails, discourse/discourse, spree/spree]
+        repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Build" Version="16.9.0" />
+    <PackageReference Include="Microsoft.Build" Version="16.11.0" />
   </ItemGroup>
 
   <ItemGroup>

cpp/change-notes/2021-11-25-certificate-not-checked.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* A new query `cpp/certificate-not-checked` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries.

cpp/change-notes/2021-11-25-certificate-result-conflation.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* A new query `cpp/certificate-result-conflation` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries.

cpp/ql/lib/CHANGELOG.md

@@ -0,0 +1,7 @@
+## 0.0.4
+
+### New Features
+
+* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
+  `isFromSystemMacroDefinition` for identifying code that originates from a
+  macro outside the project being analyzed.

cpp/ql/lib/change-notes/released/0.0.4.md

@@ -0,0 +1,7 @@
+## 0.0.4
+
+### New Features
+
+* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
+  `isFromSystemMacroDefinition` for identifying code that originates from a
+  macro outside the project being analyzed.

cpp/ql/lib/codeql-pack.release.yml

@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.4

cpp/ql/lib/qlpack.yml

@@ -1,7 +1,8 @@
 name: codeql/cpp-all
-version: 0.0.2
+version: 0.0.5-dev
+groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
 library: true
 dependencies:
-  codeql/cpp-upgrades: 0.0.2
+  codeql/cpp-upgrades: ^0.0.3