github
diff --git a/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 20 additions & 0 deletions b/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎change-notes/1.19/analysis-javascript.md‎
Lines changed: 3 additions & 0 deletions b/‎change-notes/1.19/analysis-javascript.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.qll‎
Lines changed: 1 addition & 0 deletions b/‎cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.qll‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql‎
Lines changed: 1 addition & 0 deletions b/‎cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,20 @@
+# Improvements to C# analysis
+
+## General improvements
+
+* The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead.
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+| *@name of query (Query ID)* | *Tags*    |*Aim of the new query and whether it is enabled by default or not*  |
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+| *@name of query (Query ID)*| *Impact on results*    | *How/why the query has changed*                                  |
+
+
+## Changes to QL libraries
@@ -8,6 +8,8 @@
 
 * Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
   - file system access, for example through [fs-extra](https://github.com/jprichardson/node-fs-extra) or [globby](https://www.npmjs.com/package/globby)
+  - outbound network access, for example through the [fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
+  - the [Google Cloud Spanner](https://cloud.google.com/spanner) database
 
 * The type inference now handles nested imports (that is, imports not appearing at the toplevel). This may yield fewer false-positive results on projects that use this non-standard language feature.
 
@@ -33,6 +35,7 @@
 | Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
 | Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
 | Server-side URL redirect | More results | This rule now recognizes redirection calls in more cases. |
+| User-controlled bypass of security check | Fewer results | This rule no longer flags conditions that guard early returns. The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. | 
 | Whitespace contradicts operator precedence | Fewer false-positive results | This rule no longer flags operators with asymmetric whitespace. |
 
 ## Changes to QL libraries
 
@@ -50,5 +50,6 @@ predicate unsignedGEZero(UnsignedGEZero ugez, string msg) {
     ugez.getLocation().getStartLine() = mi.getLocation().getStartLine() and
     ugez.getLocation().getStartColumn() = mi.getLocation().getStartColumn()
   ) and
+  not ugez.isFromTemplateInstantiation(_) and
   msg = "Pointless comparison of unsigned value to zero."
 }
@@ -7,6 +7,7 @@
  * @id cpp/non-virtual-destructor
  * @problem.severity warning
  * @tags reliability
+ * @deprecated
  */
 
 // This query is deprecated, and replaced by jsf/4.10 Classes/AV Rule 78.ql, which has far fewer false positives on typical code.
Original file line number	Diff line number	Diff line change
`@@ -50,5 +50,6 @@ predicate unsignedGEZero(UnsignedGEZero ugez, string msg) {`
`50`	`50`	`ugez.getLocation().getStartLine() = mi.getLocation().getStartLine() and`
`51`	`51`	`ugez.getLocation().getStartColumn() = mi.getLocation().getStartColumn()`
`52`	`52`	`) and`
	`53`	`+ not ugez.isFromTemplateInstantiation(_) and`
`53`	`54`	`msg = "Pointless comparison of unsigned value to zero."`
`54`	`55`	`}`