fix: update-release-version.sh for explicit versions

The update_internal_deps function was missing two YAML dependency formats
used in qlpack.yml files:

- Quoted exact versions without caret: `pack-name: "2.25.0"`
- Quoted pack names: `"pack-name": "2.25.0"`

This caused internal dependency references to remain at the old version
when running a version bump, while only the `version:` fields updated.

Author: data-douser

javascript/frameworks/cap/src/qlpack.yml

@@ -6,5 +6,5 @@ suites: codeql-suites
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-cap-all: "2.25.0"
+  advanced-security/javascript-sap-cap-all: "2.25.1"
 default-suite-file: codeql-suites/javascript-code-scanning.qls

javascript/frameworks/cap/test/qlpack.yml

@@ -4,6 +4,6 @@ version: 2.25.1
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-cap-queries: "2.25.0"
-  advanced-security/javascript-sap-cap-models: "2.25.0"
-  advanced-security/javascript-sap-cap-all: "2.25.0"
+  advanced-security/javascript-sap-cap-queries: "2.25.1"
+  advanced-security/javascript-sap-cap-models: "2.25.1"
+  advanced-security/javascript-sap-cap-all: "2.25.1"

javascript/frameworks/ui5-webcomponents/test/qlpack.yml

@@ -3,4 +3,4 @@ version: 2.25.1
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-ui5-all: "2.25.0"
+  advanced-security/javascript-sap-ui5-all: "2.25.1"

javascript/frameworks/ui5/src/qlpack.yml

@@ -6,5 +6,5 @@ suites: codeql-suites
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-ui5-all: "2.25.0"
+  advanced-security/javascript-sap-ui5-all: "2.25.1"
 default-suite-file: codeql-suites/javascript-code-scanning.qls

javascript/frameworks/ui5/test/qlpack.yml

@@ -7,6 +7,6 @@ dependencies:
   # no overlap occurs with the SAP UI5 queries. We therefore allow any version
   # greater than or equal to 1.2.0, as major breaking changes are not a concern.
   codeql/javascript-queries: ">1.2.0"
-  advanced-security/javascript-sap-ui5-queries: "2.25.0"
-  advanced-security/javascript-sap-ui5-models: "2.25.0"
-  advanced-security/javascript-sap-ui5-all: "2.25.0"
+  advanced-security/javascript-sap-ui5-queries: "2.25.1"
+  advanced-security/javascript-sap-ui5-models: "2.25.1"
+  advanced-security/javascript-sap-ui5-all: "2.25.1"

javascript/frameworks/xsjs/src/qlpack.yml

@@ -6,5 +6,5 @@ suites: codeql-suites
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-xsjs-all: "2.25.0"
+  advanced-security/javascript-sap-xsjs-all: "2.25.1"
 default-suite-file: codeql-suites/javascript-code-scanning.qls

javascript/frameworks/xsjs/test/qlpack.yml

@@ -4,6 +4,6 @@ version: 2.25.1
 extractor: javascript
 dependencies:
   codeql/javascript-all: "^2.6.24"
-  advanced-security/javascript-sap-xsjs-queries: "2.25.0"
-  advanced-security/javascript-sap-xsjs-all: "2.25.0"
-  advanced-security/javascript-sap-xsjs-models: "2.25.0"
+  advanced-security/javascript-sap-xsjs-queries: "2.25.1"
+  advanced-security/javascript-sap-xsjs-all: "2.25.1"
+  advanced-security/javascript-sap-xsjs-models: "2.25.1"

javascript/heuristic-models/tests/qlpack.yml

@@ -5,4 +5,4 @@ version: 2.25.1
 extractor: javascript
 dependencies:
   "codeql/javascript-all": "^2.6.24"
-  "advanced-security/javascript-heuristic-models": "2.25.0"
+  advanced-security/javascript-heuristic-models: "2.25.1"

scripts/update-release-version.sh

@@ -258,9 +258,11 @@ update_qlt_config() {
 }
 
 ## Update internal dependency references in a qlpack.yml file
-## e.g., advanced-security/javascript-sap-cap-models: "^2.3.0" -> "^2.4.0"
-## e.g., advanced-security/javascript-sap-cap-models: "^2.3.0" -> "^2.4.0-alpha"
-## and   advanced-security/javascript-heuristic-models: 2.3.0 -> 2.4.0
+## Handles all YAML key-value formats used across qlpack files:
+## e.g., advanced-security/javascript-sap-cap-models: "^2.3.0"  -> "^2.4.0"
+## e.g., advanced-security/javascript-sap-cap-models: "2.3.0"   -> "2.4.0"
+## e.g., "advanced-security/javascript-heuristic-models": "2.3.0" -> ... (quoted key)
+## and   advanced-security/javascript-heuristic-models: 2.3.0    -> 2.4.0
 update_internal_deps() {
   local file="$1"
   local old_version="$2"
@@ -271,11 +273,14 @@ update_internal_deps() {
   escaped_old_version=$(printf '%s' "${old_version}" | sed 's/\./\\./g')
 
   for pack_name in "${INTERNAL_PACKS[@]}"; do
-    # Update quoted caret-prefixed versions: "^X.Y.Z"
-    sed -i.bak "s|${pack_name}: \"\\^${escaped_old_version}\"|${pack_name}: \"^${new_version}\"|g" "${file}"
+    # Update quoted caret-prefixed versions: "^X.Y.Z" (pack name optionally quoted)
+    sed -i.bak "s|\"\\{0,1\\}${pack_name}\"\\{0,1\\}: \"\\^${escaped_old_version}\"|${pack_name}: \"^${new_version}\"|g" "${file}"
     rm -f "${file}.bak"
-    # Update unquoted exact versions: X.Y.Z
-    sed -i.bak "s|${pack_name}: ${escaped_old_version}$|${pack_name}: ${new_version}|g" "${file}"
+    # Update quoted exact versions: "X.Y.Z" (pack name optionally quoted)
+    sed -i.bak "s|\"\\{0,1\\}${pack_name}\"\\{0,1\\}: \"${escaped_old_version}\"|${pack_name}: \"${new_version}\"|g" "${file}"
+    rm -f "${file}.bak"
+    # Update unquoted exact versions: X.Y.Z (pack name optionally quoted)
+    sed -i.bak "s|\"\\{0,1\\}${pack_name}\"\\{0,1\\}: ${escaped_old_version}$|${pack_name}: ${new_version}|g" "${file}"
     rm -f "${file}.bak"
   done
 }