[krishnprakash/codeql] 4b5ff0: Python: Support unpacking in comprehensions in `tr...
0 views
Skip to first unread message
Phileco
Apr 20, 2026, 11:15:52 PM (7 days ago) Apr 20
to philecodi...@googlegroups.com
Branch: refs/heads/main
Home: https://github.com/krishnprakash/codeql
Commit: 4b5ff0b89ee4e220f3bf4bd2e77b2b6426da3752
https://github.com/krishnprakash/codeql/commit/4b5ff0b89ee4e220f3bf4bd2e77b2b6426da3752
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/tsp/grammar.js
Log Message:
-----------
Python: Support unpacking in comprehensions in `tree-sitter-python`
This is the easy part -- we just allow `dictionary_splat` or
`list_splat` to appear in the same place as the expression.
Commit: 97086c3cc90da92156c765c97697c654813e13f5
https://github.com/krishnprakash/codeql/commit/97086c3cc90da92156c765c97697c654813e13f5
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
Log Message:
-----------
Python: Regenerate parser files
Commit: 91d4cf662436a7f22cb4e16382974a9c176ca7f7
https://github.com/krishnprakash/codeql/commit/91d4cf662436a7f22cb4e16382974a9c176ca7f7
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/python.tsg
Log Message:
-----------
Python: Update `python.tsg`
First, we extend the various location overriding hacks to also accept
list and dict splats in various places. Having done this, we then have
to tackle how to actually desugar these new comprehension forms (as this
is what we currently do for the old forms).
As a reminder, a list comprehension like `[x for x in y]` currently gets
desugared into a small local function, something like
```python
def listcomp(a):
for x in a:
yield x
listcomp(y)
```
For `[*x for x in y]`, the behaviour we want is that we unpack `x`
before yielding its elements in turn. This is essentially what we would
get if we were to use `yield from x` instead of `yield x` in the above
desugaring, so that's what we do. This also works for set
comprehensions.
For dict comprehensions, it's slightly more complicated. Here, the
generator function instead yields a stream of `(key, value)` tuples.
(And apparently the old parser got this wrong and emitted `(value, key)`
pairs instead, which we faithfully recreated in the new parser as well.
We fix that bug in both parsers while we're at it). So, a bare `yield
from` is not enough, we also need a `.items()` call to get the
double-starred expression to emit its items as a stream of tuples (that
we then `yield from`.
To make this (hopefully) less verbose in the implementation, we defer
the decision of whether to use `yield` or `yield from` by introducing a
`yield_kind` scoped variable that determines the type of the actual AST
node. And of course for dict comprehensions with unpacking we need to
synthesise the extra machinery mentioned above.
On the plus side, this means we don't have to mess with control-flow, as
the existing machinery should be able to handle the desugared syntax
just fine.
Commit: 90b64616f79b77f1a3f9de6e4f43090a561fe3f0
https://github.com/krishnprakash/codeql/commit/90b64616f79b77f1a3f9de6e4f43090a561fe3f0
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/semmle/python/parser/ast.py
Log Message:
-----------
Python: Also fix `(value, key)` bug in old parser
Commit: fc5b3562c395680208879fb82e58589cbe558707
https://github.com/krishnprakash/codeql/commit/fc5b3562c395680208879fb82e58589cbe558707
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
Log Message:
-----------
Python: Add parser test for comprehensions with unpacking
Commit: de900fc3b5b72edaa9af96f3353929c69d16b86a
https://github.com/krishnprakash/codeql/commit/de900fc3b5b72edaa9af96f3353929c69d16b86a
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
Log Message:
-----------
Python: Add QL test for comprehensions with unpacking
Commit: 15790aa00cc8241416630e1fbe378343b1241aea
https://github.com/krishnprakash/codeql/commit/15790aa00cc8241416630e1fbe378343b1241aea
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
Log Message:
-----------
Python: Add change note
Commit: 8b1ecf05c950eb68f1b0eea314bac25fb88ddc79
https://github.com/krishnprakash/codeql/commit/8b1ecf05c950eb68f1b0eea314bac25fb88ddc79
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/ql/test/library-tests/comprehensions/Flow.expected
Log Message:
-----------
Python: Update test output
This change reflects the `(value, key)` to `(key, value)` fix in an
earlier commit.
Commit: efddfab564ee42f4dbf1da92f09c5cdd31ae5eef
https://github.com/krishnprakash/codeql/commit/efddfab564ee42f4dbf1da92f09c5cdd31ae5eef
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-16 (Thu, 16 Apr 2026)
Changed paths:
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
Log Message:
-----------
Swift: Expose the generic arguments of `BuiltinFixedArray`s
Commit: 6c675fcede8cac3eb3362ee7765a3c96c11c3631
https://github.com/krishnprakash/codeql/commit/6c675fcede8cac3eb3362ee7765a3c96c11c3631
Author: Taus <tau...@github.com>
Date: 2026-04-16 (Thu, 16 Apr 2026)
Changed paths:
M python/extractor/tsg-python/python.tsg
Log Message:
-----------
Python: Consolidate duplicated code
Commit: dd2440086f15e1a45be2f11360c94bc968467d4c
https://github.com/krishnprakash/codeql/commit/dd2440086f15e1a45be2f11360c94bc968467d4c
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
Log Message:
-----------
Swift: Add change note
Commit: e3b88cbad3548e52cfeede7e32a7ffe4ccff3c11
https://github.com/krishnprakash/codeql/commit/e3b88cbad3548e52cfeede7e32a7ffe4ccff3c11
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M swift/ql/lib/change-notes/2026-04-17-fixed-array.md
Log Message:
-----------
Swift: Fix change note
Commit: dc3660974313160236464e7bbb68f2bd2a13ac15
https://github.com/krishnprakash/codeql/commit/dc3660974313160236464e7bbb68f2bd2a13ac15
Author: Taus <tau...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M python/ql/test/library-tests/dataflow/coverage/test.py
Log Message:
-----------
Python: Add data-flow tests
Alas, all these demonstrate is that we already don't fully support the
desugared `yield from` form.
Commit: ac23e1678607d03c8409e14de5f9348171ecb287
https://github.com/krishnprakash/codeql/commit/ac23e1678607d03c8409e14de5f9348171ecb287
Author: Taus <tau...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
M python/ql/test/library-tests/dataflow/coverage/test.py
Log Message:
-----------
Python: Move Python 3.15 data-flow tests to a separate file
We won't be able to run these tests until Python 3.15 is actually out
(and our CI is using it), so it seemed easiest to just put them in their
own test directory.
Commit: dca7046d8c94b1d4a3989981e404eb807c24fbe9
https://github.com/krishnprakash/codeql/commit/dca7046d8c94b1d4a3989981e404eb807c24fbe9
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-18 (Sat, 18 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Make inline expectation comments specify query
Commit: 63d20a54d46c2b87190f3631f1606075215f22f5
https://github.com/krishnprakash/codeql/commit/63d20a54d46c2b87190f3631f1606075215f22f5
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Use inline expectations with second test
Co-authored-by: Copilot <cop...@github.com>
Commit: 6099c5d034c28bed9dfe1ff46e5bc63f42aae5dd
https://github.com/krishnprakash/codeql/commit/6099c5d034c28bed9dfe1ff46e5bc63f42aae5dd
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Add SPURIOUS test for `+= File.separator`
Commit: 6d4a3974ced27ce770b2d0864801adb813079b9e
https://github.com/krishnprakash/codeql/commit/6d4a3974ced27ce770b2d0864801adb813079b9e
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Fix bug so `+= File.separator` is recognized
Commit: c6f641eac4ef37ba8a6edcdc11c62ae57dd4f12a
https://github.com/krishnprakash/codeql/commit/c6f641eac4ef37ba8a6edcdc11c62ae57dd4f12a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
Log Message:
-----------
Add change note
Co-authored-by: Copilot <cop...@github.com>
Commit: 9f310c20f3902909f5b302f5274cf383903bb14d
https://github.com/krishnprakash/codeql/commit/9f310c20f3902909f5b302f5274cf383903bb14d
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Merge pull request #21734 from owen-mc/java/fix-partial-path-traversal
Java: fix bug in partial path traversal
Commit: b108e173a543316dcd8584442900afab1b6aee35
https://github.com/krishnprakash/codeql/commit/b108e173a543316dcd8584442900afab1b6aee35
Author: Taus <tau...@github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
M python/extractor/semmle/python/parser/ast.py
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
M python/extractor/tsg-python/python.tsg
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
M python/ql/test/library-tests/comprehensions/Flow.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
Log Message:
-----------
Merge pull request #21695 from github/tausbn/python-add-support-for-pep-798
Python: Add support for PEP-798
Commit: d5ded932d3f67c0e02ae217454f1a06a40c1687d
https://github.com/krishnprakash/codeql/commit/d5ded932d3f67c0e02ae217454f1a06a40c1687d
Author: Jeroen Ketema <93738568...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
Log Message:
-----------
Merge pull request #21723 from jketema/swift-fixed-array
Swift: Expose the generic arguments of `BuiltinFixedArrayType`s
Commit: abd08440a1134447a16523adfdda1ad561c78290
https://github.com/krishnprakash/codeql/commit/abd08440a1134447a16523adfdda1ad561c78290
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Swift: Update to Swift 6.3.1
Commit: 7f2a13bc7a7ec56dd5463669b2bd3e09b8217432
https://github.com/krishnprakash/codeql/commit/7f2a13bc7a7ec56dd5463669b2bd3e09b8217432
Author: Jeroen Ketema <93738568...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Merge pull request #21728 from jketema/jketema/swift-6.3.1
Swift: Update to Swift 6.3.1
Commit: 7dc459ad3a1b85c3c7829de0758e978effe4c596
https://github.com/krishnprakash/codeql/commit/7dc459ad3a1b85c3c7829de0758e978effe4c596
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-04-21 (Tue, 21 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
M python/extractor/semmle/python/parser/ast.py
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
M python/extractor/tsg-python/python.tsg
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
M python/ql/test/library-tests/comprehensions/Flow.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/d02213bd6e5c...7dc459ad3a1b
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Home: https://github.com/krishnprakash/codeql
Commit: 4b5ff0b89ee4e220f3bf4bd2e77b2b6426da3752
https://github.com/krishnprakash/codeql/commit/4b5ff0b89ee4e220f3bf4bd2e77b2b6426da3752
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/tsp/grammar.js
Log Message:
-----------
Python: Support unpacking in comprehensions in `tree-sitter-python`
This is the easy part -- we just allow `dictionary_splat` or
`list_splat` to appear in the same place as the expression.
Commit: 97086c3cc90da92156c765c97697c654813e13f5
https://github.com/krishnprakash/codeql/commit/97086c3cc90da92156c765c97697c654813e13f5
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
Log Message:
-----------
Python: Regenerate parser files
Commit: 91d4cf662436a7f22cb4e16382974a9c176ca7f7
https://github.com/krishnprakash/codeql/commit/91d4cf662436a7f22cb4e16382974a9c176ca7f7
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/tsg-python/python.tsg
Log Message:
-----------
Python: Update `python.tsg`
First, we extend the various location overriding hacks to also accept
list and dict splats in various places. Having done this, we then have
to tackle how to actually desugar these new comprehension forms (as this
is what we currently do for the old forms).
As a reminder, a list comprehension like `[x for x in y]` currently gets
desugared into a small local function, something like
```python
def listcomp(a):
for x in a:
yield x
listcomp(y)
```
For `[*x for x in y]`, the behaviour we want is that we unpack `x`
before yielding its elements in turn. This is essentially what we would
get if we were to use `yield from x` instead of `yield x` in the above
desugaring, so that's what we do. This also works for set
comprehensions.
For dict comprehensions, it's slightly more complicated. Here, the
generator function instead yields a stream of `(key, value)` tuples.
(And apparently the old parser got this wrong and emitted `(value, key)`
pairs instead, which we faithfully recreated in the new parser as well.
We fix that bug in both parsers while we're at it). So, a bare `yield
from` is not enough, we also need a `.items()` call to get the
double-starred expression to emit its items as a stream of tuples (that
we then `yield from`.
To make this (hopefully) less verbose in the implementation, we defer
the decision of whether to use `yield` or `yield from` by introducing a
`yield_kind` scoped variable that determines the type of the actual AST
node. And of course for dict comprehensions with unpacking we need to
synthesise the extra machinery mentioned above.
On the plus side, this means we don't have to mess with control-flow, as
the existing machinery should be able to handle the desugared syntax
just fine.
Commit: 90b64616f79b77f1a3f9de6e4f43090a561fe3f0
https://github.com/krishnprakash/codeql/commit/90b64616f79b77f1a3f9de6e4f43090a561fe3f0
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/extractor/semmle/python/parser/ast.py
Log Message:
-----------
Python: Also fix `(value, key)` bug in old parser
Commit: fc5b3562c395680208879fb82e58589cbe558707
https://github.com/krishnprakash/codeql/commit/fc5b3562c395680208879fb82e58589cbe558707
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
Log Message:
-----------
Python: Add parser test for comprehensions with unpacking
Commit: de900fc3b5b72edaa9af96f3353929c69d16b86a
https://github.com/krishnprakash/codeql/commit/de900fc3b5b72edaa9af96f3353929c69d16b86a
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
Log Message:
-----------
Python: Add QL test for comprehensions with unpacking
Commit: 15790aa00cc8241416630e1fbe378343b1241aea
https://github.com/krishnprakash/codeql/commit/15790aa00cc8241416630e1fbe378343b1241aea
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
Log Message:
-----------
Python: Add change note
Commit: 8b1ecf05c950eb68f1b0eea314bac25fb88ddc79
https://github.com/krishnprakash/codeql/commit/8b1ecf05c950eb68f1b0eea314bac25fb88ddc79
Author: Taus <tau...@github.com>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M python/ql/test/library-tests/comprehensions/Flow.expected
Log Message:
-----------
Python: Update test output
This change reflects the `(value, key)` to `(key, value)` fix in an
earlier commit.
Commit: efddfab564ee42f4dbf1da92f09c5cdd31ae5eef
https://github.com/krishnprakash/codeql/commit/efddfab564ee42f4dbf1da92f09c5cdd31ae5eef
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-16 (Thu, 16 Apr 2026)
Changed paths:
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
Log Message:
-----------
Swift: Expose the generic arguments of `BuiltinFixedArray`s
Commit: 6c675fcede8cac3eb3362ee7765a3c96c11c3631
https://github.com/krishnprakash/codeql/commit/6c675fcede8cac3eb3362ee7765a3c96c11c3631
Author: Taus <tau...@github.com>
Date: 2026-04-16 (Thu, 16 Apr 2026)
Changed paths:
M python/extractor/tsg-python/python.tsg
Log Message:
-----------
Python: Consolidate duplicated code
Commit: dd2440086f15e1a45be2f11360c94bc968467d4c
https://github.com/krishnprakash/codeql/commit/dd2440086f15e1a45be2f11360c94bc968467d4c
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
Log Message:
-----------
Swift: Add change note
Commit: e3b88cbad3548e52cfeede7e32a7ffe4ccff3c11
https://github.com/krishnprakash/codeql/commit/e3b88cbad3548e52cfeede7e32a7ffe4ccff3c11
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M swift/ql/lib/change-notes/2026-04-17-fixed-array.md
Log Message:
-----------
Swift: Fix change note
Commit: dc3660974313160236464e7bbb68f2bd2a13ac15
https://github.com/krishnprakash/codeql/commit/dc3660974313160236464e7bbb68f2bd2a13ac15
Author: Taus <tau...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M python/ql/test/library-tests/dataflow/coverage/test.py
Log Message:
-----------
Python: Add data-flow tests
Alas, all these demonstrate is that we already don't fully support the
desugared `yield from` form.
Commit: ac23e1678607d03c8409e14de5f9348171ecb287
https://github.com/krishnprakash/codeql/commit/ac23e1678607d03c8409e14de5f9348171ecb287
Author: Taus <tau...@github.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
M python/ql/test/library-tests/dataflow/coverage/test.py
Log Message:
-----------
Python: Move Python 3.15 data-flow tests to a separate file
We won't be able to run these tests until Python 3.15 is actually out
(and our CI is using it), so it seemed easiest to just put them in their
own test directory.
Commit: dca7046d8c94b1d4a3989981e404eb807c24fbe9
https://github.com/krishnprakash/codeql/commit/dca7046d8c94b1d4a3989981e404eb807c24fbe9
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-18 (Sat, 18 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Make inline expectation comments specify query
Commit: 63d20a54d46c2b87190f3631f1606075215f22f5
https://github.com/krishnprakash/codeql/commit/63d20a54d46c2b87190f3631f1606075215f22f5
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Use inline expectations with second test
Co-authored-by: Copilot <cop...@github.com>
Commit: 6099c5d034c28bed9dfe1ff46e5bc63f42aae5dd
https://github.com/krishnprakash/codeql/commit/6099c5d034c28bed9dfe1ff46e5bc63f42aae5dd
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Add SPURIOUS test for `+= File.separator`
Commit: 6d4a3974ced27ce770b2d0864801adb813079b9e
https://github.com/krishnprakash/codeql/commit/6d4a3974ced27ce770b2d0864801adb813079b9e
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Fix bug so `+= File.separator` is recognized
Commit: c6f641eac4ef37ba8a6edcdc11c62ae57dd4f12a
https://github.com/krishnprakash/codeql/commit/c6f641eac4ef37ba8a6edcdc11c62ae57dd4f12a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
Log Message:
-----------
Add change note
Co-authored-by: Copilot <cop...@github.com>
Commit: 9f310c20f3902909f5b302f5274cf383903bb14d
https://github.com/krishnprakash/codeql/commit/9f310c20f3902909f5b302f5274cf383903bb14d
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
Log Message:
-----------
Merge pull request #21734 from owen-mc/java/fix-partial-path-traversal
Java: fix bug in partial path traversal
Commit: b108e173a543316dcd8584442900afab1b6aee35
https://github.com/krishnprakash/codeql/commit/b108e173a543316dcd8584442900afab1b6aee35
Author: Taus <tau...@github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
M python/extractor/semmle/python/parser/ast.py
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
M python/extractor/tsg-python/python.tsg
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
M python/ql/test/library-tests/comprehensions/Flow.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
Log Message:
-----------
Merge pull request #21695 from github/tausbn/python-add-support-for-pep-798
Python: Add support for PEP-798
Commit: d5ded932d3f67c0e02ae217454f1a06a40c1687d
https://github.com/krishnprakash/codeql/commit/d5ded932d3f67c0e02ae217454f1a06a40c1687d
Author: Jeroen Ketema <93738568...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
Log Message:
-----------
Merge pull request #21723 from jketema/swift-fixed-array
Swift: Expose the generic arguments of `BuiltinFixedArrayType`s
Commit: abd08440a1134447a16523adfdda1ad561c78290
https://github.com/krishnprakash/codeql/commit/abd08440a1134447a16523adfdda1ad561c78290
Author: Jeroen Ketema <jke...@github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Swift: Update to Swift 6.3.1
Commit: 7f2a13bc7a7ec56dd5463669b2bd3e09b8217432
https://github.com/krishnprakash/codeql/commit/7f2a13bc7a7ec56dd5463669b2bd3e09b8217432
Author: Jeroen Ketema <93738568...@users.noreply.github.com>
Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths:
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Merge pull request #21728 from jketema/jketema/swift-6.3.1
Swift: Update to Swift 6.3.1
Commit: 7dc459ad3a1b85c3c7829de0758e978effe4c596
https://github.com/krishnprakash/codeql/commit/7dc459ad3a1b85c3c7829de0758e978effe4c596
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-04-21 (Tue, 21 Apr 2026)
Changed paths:
A java/ql/lib/change-notes/2026-04-18-partial-path-traversal-fix.md
M java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.qlref
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
M java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
M python/extractor/semmle/python/parser/ast.py
A python/extractor/tests/parser/unpacking_in_comprehensions_new.expected
A python/extractor/tests/parser/unpacking_in_comprehensions_new.py
M python/extractor/tsg-python/python.tsg
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
A python/ql/lib/change-notes/2026-04-10-support-comprehension-unpacking.md
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.expected
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.py
A python/ql/test/3/extractor-tests/unpacking-comprehensions/test.ql
M python/ql/test/library-tests/comprehensions/Flow.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.expected
A python/ql/test/library-tests/dataflow/coverage-pep798/NormalDataflowTest.ql
A python/ql/test/library-tests/dataflow/coverage-pep798/test.py
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/builtin_fixed_array_types.ql
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/old.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/swift.dbscheme
A swift/downgrades/5738be6bb04742c424efdbf9f4de11f0b10fa37d/upgrade.properties
M swift/extractor/translators/TypeTranslator.cpp
M swift/ql/.generated.list
M swift/ql/.gitattributes
A swift/ql/lib/change-notes/2026-04-17-fixed-array.md
A swift/ql/lib/change-notes/2026-04-20-swift-6.3.1.md
M swift/ql/lib/codeql/swift/elements/type/BuiltinFixedArrayType.qll
M swift/ql/lib/codeql/swift/generated/Raw.qll
M swift/ql/lib/codeql/swift/generated/type/BuiltinFixedArrayType.qll
M swift/ql/lib/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/old.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/swift.dbscheme
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.properties
A swift/ql/lib/upgrades/ee3053b673c901a325b361b18c50b18342752bf8/upgrade.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.expected
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/BuiltinFixedArrayType.ql
A swift/ql/test/extractor-tests/generated/type/BuiltinFixedArrayType/fixed_array.swift
M swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected
R swift/ql/test/extractor-tests/generated/type/BuiltinType/fixed_array.swift
M swift/schema.py
M swift/third_party/resources/resource-dir-linux.zip
M swift/third_party/resources/resource-dir-macos.zip
M swift/third_party/resources/swift-prebuilt-linux.tar.zst
M swift/third_party/resources/swift-prebuilt-macos.tar.zst
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/d02213bd6e5c...7dc459ad3a1b
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Reply all
Reply to author
Forward
0 new messages