Skip to content

Merge releases/v2 into releases/v1 #1397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alexet merged 53 commits into from
Nov 25, 2022
Merged

Merge releases/v2 into releases/v1 #1397

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
bfc5662
TRAP Caching: Re-introduce workaround for download timeout
edoardopirovano Nov 16, 2022
a190d38
Rename `TEST_MODE` to specific variable for CodeQL Action
henrymercer Nov 16, 2022
7cdf751
Remove redundant `INTERNAL_CODEQL_ACTION_DEBUG_LOC` variable
henrymercer Nov 16, 2022
ffc2dd6
Enable test mode for `check-codescanning-config` Action
henrymercer Nov 16, 2022
a836d95
Set testing environment for CodeQL workflow
henrymercer Nov 16, 2022
53060aa
Merge pull request #1373 from github/edoardo/workaround-download
edoardopirovano Nov 16, 2022
0f07790
Merge pull request #1374 from github/henrymercer/pass-testing-environ…
henrymercer Nov 16, 2022
e353814
Update changelog and version after v2.1.33
invalid-email-address Nov 16, 2022
55a437c
Add Ruby to README
henrymercer Nov 16, 2022
377b692
Update checked-in dependencies
invalid-email-address Nov 16, 2022
3b8914b
Merge pull request #1376 from github/mergeback/v2.1.33-to-main-678fc3af
marcogario Nov 16, 2022
7694d67
Merge pull request #1378 from github/henrymercer/add-ruby-to-readme
henrymercer Nov 17, 2022
4fddc51
Support Kotlin for public beta (#1370)
angelapwen Nov 17, 2022
c29fca4
Cache feature flags on disk
aeisenberg Nov 21, 2022
da75623
Update changelog
aeisenberg Nov 21, 2022
cfce1c4
Rename
aeisenberg Nov 21, 2022
4ee97e5
Add extra test ensuring env var overrides cached feature flag
aeisenberg Nov 21, 2022
26df9a9
Merge pull request #1384 from github/aeisenberg/feature-flags-disk
aeisenberg Nov 21, 2022
6013661
Update v1 deprecation date
henrymercer Nov 22, 2022
bab5a14
Add Ruby and Swift language autodetect tests (#1369)
angelapwen Nov 22, 2022
e9e73b0
Use Swift version 5.7 in PR checks
henrymercer Nov 22, 2022
b6e17a6
Drop unneeded `CODEQL_ENABLE_EXPERIMENTAL_FEATURES` env var
henrymercer Nov 22, 2022
5dcca8a
Pin the version of `swift-actions/setup-swift@v1`
henrymercer Nov 22, 2022
2ccaddd
Define `swift-version` as a string
henrymercer Nov 22, 2022
c49c05b
Perform the check using `runner.os`
henrymercer Nov 22, 2022
34d91a9
Use runner.os in ML-powered queries tests too
henrymercer Nov 22, 2022
def4f60
Merge pull request #1387 from github/henrymercer/fix-swift-version
henrymercer Nov 22, 2022
93c6b70
Update supported GitHub Enterprise Server versions.
web-flow Nov 23, 2022
33b2045
Merge branch 'main' into henrymercer/update-v1-deprecation-date
henrymercer Nov 23, 2022
09bfd56
Merge pull request #1385 from github/henrymercer/update-v1-deprecatio…
henrymercer Nov 23, 2022
c719ec0
Merge pull request #1389 from github/update-supported-enterprise-serv…
henrymercer Nov 23, 2022
39fe7aa
Remove dead guard for GHES 3.0
henrymercer Nov 23, 2022
bc341c5
Remove fallback logic for GHES 2.22 when determining Action repository
henrymercer Nov 23, 2022
187515b
Merge pull request #1390 from github/henrymercer/remove-dead-code
henrymercer Nov 23, 2022
d52e657
Update default CodeQL bundle version to 2.11.4
Nov 23, 2022
ce90479
Test `latest` and `nightly-latest` against Swift 5.7.1
henrymercer Nov 23, 2022
5b7c9da
Add the bypass_toolcache_kotlin_switft_enabled flag
aeisenberg Nov 23, 2022
909c868
Test Linux against Swift 5.7
henrymercer Nov 23, 2022
f79028a
Add the feature to bypass the toolcache for kotlin and swift
aeisenberg Nov 23, 2022
ad7ca9b
Add some new tests and fix some comments
aeisenberg Nov 24, 2022
c61f4c6
Merge pull request #1391 from github/alexet/update-2.11.4-v2
Nov 24, 2022
ead8da6
Merge branch 'main' into henrymercer/bump-swift-version-to-5.7.1
henrymercer Nov 24, 2022
f0a052e
Merge pull request #1388 from github/henrymercer/bump-swift-version-t…
henrymercer Nov 24, 2022
eb19ecb
Add API call for languages if java in input
aeisenberg Nov 24, 2022
102e01d
Small refactoring of `shouldBypassToolcache`
aeisenberg Nov 24, 2022
7e73ded
Merge pull request #1394 from github/aeisenberg/bypass-toolcache-kotl…
henrymercer Nov 25, 2022
aef0440
Update changelog for v2.1.34
invalid-email-address Nov 25, 2022
312e093
Merge pull request #1395 from github/update-v2.1.34-7e73deda
Nov 25, 2022
014e2f3
Revert "Update version and changelog for v1.1.33"
invalid-email-address Nov 25, 2022
3197042
Revert "Update checked-in dependencies"
invalid-email-address Nov 25, 2022
491881a
Merge remote-tracking branch 'origin/releases/v2' into update-v1.1.34…
invalid-email-address Nov 25, 2022
1b829d6
Update version and changelog for v1.1.34
invalid-email-address Nov 25, 2022
85b8c47
Update checked-in dependencies
invalid-email-address Nov 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "Update version and changelog for v1.1.33" 
This reverts commit 9600345.
  • Loading branch information
github-actions[bot] committed Nov 25, 2022
commit 014e2f305ec529af8f6a50c2a2b7d87267539038
57 changes: 29 additions & 28 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,134 +1,135 @@
# CodeQL Action Changelog

## 1.1.33 - 16 Nov 2022
## 2.1.33 - 16 Nov 2022

- Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in [CodeQL Action version 2.1.27](#2127---06-oct-2022). [#1322](https://github.com/github/codeql-action/pull/1322)
- Bump the minimum CodeQL bundle version to 2.6.3. [#1358](https://github.com/github/codeql-action/pull/1358)

## 1.1.32 - 14 Nov 2022
## 2.1.32 - 14 Nov 2022

- Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
- Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)

## 1.1.31 - 04 Nov 2022
## 2.1.31 - 04 Nov 2022

- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)

## 1.1.30 - 02 Nov 2022
## 2.1.30 - 02 Nov 2022

- Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)

## 1.1.29 - 26 Oct 2022
## 2.1.29 - 26 Oct 2022

- Update default CodeQL bundle version to 2.11.2. [#1320](https://github.com/github/codeql-action/pull/1320)

## 1.1.28 - 18 Oct 2022
## 2.1.28 - 18 Oct 2022

- Update default CodeQL bundle version to 2.11.1. [#1294](https://github.com/github/codeql-action/pull/1294)
- Replace uses of GitHub Actions command `set-output` because it is now deprecated. See more information in the [GitHub Changelog](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/). [#1301](https://github.com/github/codeql-action/pull/1301)

## 1.1.27 - 06 Oct 2022
## 2.1.27 - 06 Oct 2022

- We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.

## 1.1.26 - 29 Sep 2022
## 2.1.26 - 29 Sep 2022

- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267)

## 1.1.25 - 21 Sep 2022
## 2.1.25 - 21 Sep 2022

- We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the `trap-caching: false` option to your workflow's `init` step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.
- Add support for Python automatic dependency installation with Poetry 1.2 [#1258](https://github.com/github/codeql-action/pull/1258).

## 1.1.24 - 16 Sep 2022
## 2.1.24 - 16 Sep 2022

No user facing changes.

## 1.1.23 - 14 Sep 2022
## 2.1.23 - 14 Sep 2022

- Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new `registries` input for the `init` action. [#1221](https://github.com/github/codeql-action/pull/1221)
- Update default CodeQL bundle version to 2.10.5. [#1240](https://github.com/github/codeql-action/pull/1240)

## 1.1.22 - 01 Sep 2022
## 2.1.22 - 01 Sep 2022

- Downloading CodeQL packs has been moved to the `init` step. Previously, CodeQL packs were downloaded during the `analyze` step. [#1218](https://github.com/github/codeql-action/pull/1218)
- Update default CodeQL bundle version to 2.10.4. [#1224](https://github.com/github/codeql-action/pull/1224)
- The newly released [Poetry 1.2](https://python-poetry.org/blog/announcing-poetry-1.2.0) is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.

## 1.1.21 - 25 Aug 2022
## 2.1.21 - 25 Aug 2022

- Improve error messages when the code scanning configuration file includes an invalid `queries` block or an invalid `query-filters` block. [#1208](https://github.com/github/codeql-action/pull/1208)
- Fix a bug where Go build tracing could fail on Windows. [#1209](https://github.com/github/codeql-action/pull/1209)

## 1.1.20 - 22 Aug 2022
## 2.1.20 - 22 Aug 2022

No user facing changes.

## 1.1.19 - 17 Aug 2022
## 2.1.19 - 17 Aug 2022

- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
- In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. [#1159](https://github.com/github/codeql-action/pull/1159)
- Update default CodeQL bundle version to 2.10.3. [#1178](https://github.com/github/codeql-action/pull/1178)
- The combination of python2 and Pipenv is no longer supported. [#1181](https://github.com/github/codeql-action/pull/1181)

## 1.1.18 - 03 Aug 2022
## 2.1.18 - 03 Aug 2022

- Update default CodeQL bundle version to 2.10.2. [#1156](https://github.com/github/codeql-action/pull/1156)

## 1.1.17 - 28 Jul 2022
## 2.1.17 - 28 Jul 2022

- Update default CodeQL bundle version to 2.10.1. [#1143](https://github.com/github/codeql-action/pull/1143)

## 1.1.16 - 13 Jul 2022
## 2.1.16 - 13 Jul 2022

- You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. [#1132](https://github.com/github/codeql-action/pull/1132)
- You can now see diagnostic messages produced by the analysis in the logs of the `analyze` Action by enabling debug mode. To enable debug mode, pass `debug: true` to the `init` Action, or [enable step debug logging](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). This feature is available for CodeQL CLI version 2.10.0 and later. [#1133](https://github.com/github/codeql-action/pull/1133)

## 1.1.15 - 28 Jun 2022
## 2.1.15 - 28 Jun 2022

- CodeQL query packs listed in the `packs` configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. [#1116](https://github.com/github/codeql-action/pull/1116)
- The combination of python2 and poetry is no longer supported. See <https://github.com/actions/setup-python/issues/374> for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
- Update default CodeQL bundle version to 2.10.0. [#1123](https://github.com/github/codeql-action/pull/1123)

## 1.1.14 - 22 Jun 2022
## 2.1.14 - 22 Jun 2022

No user facing changes.

## 1.1.13 - 21 Jun 2022
## 2.1.13 - 21 Jun 2022

- Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)

## 1.1.12 - 01 Jun 2022
## 2.1.12 - 01 Jun 2022

- Update default CodeQL bundle version to 2.9.3. [#1084](https://github.com/github/codeql-action/pull/1084)

## 1.1.11 - 17 May 2022
## 2.1.11 - 17 May 2022

- Update default CodeQL bundle version to 2.9.2. [#1074](https://github.com/github/codeql-action/pull/1074)

## 1.1.10 - 10 May 2022
## 2.1.10 - 10 May 2022

- Update default CodeQL bundle version to 2.9.1. [#1056](https://github.com/github/codeql-action/pull/1056)
- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.

## 1.1.9 - 27 Apr 2022
## 2.1.9 - 27 Apr 2022

- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
- Update default CodeQL bundle version to 2.9.0.
- Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)

## 1.1.8 - 08 Apr 2022
## 2.1.8 - 08 Apr 2022

- Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
- Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)

## 1.1.7 - 05 Apr 2022
## 2.1.7 - 05 Apr 2022

- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)

## 1.1.6 - 30 Mar 2022
## 2.1.6 - 30 Mar 2022

- [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
- Update default CodeQL bundle version to 2.8.4. [#990](https://github.com/github/codeql-action/pull/990)
- Fix a bug where an invalid `commit_oid` was being sent to code scanning when a custom checkout path was being used. [#956](https://github.com/github/codeql-action/pull/956)

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "1.1.33",
"version": "2.1.33",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down