Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Merge releases/v2 into releases/v1 #1478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
henrymercer merged 52 commits into from
Jan 12, 2023
Merged

Merge releases/v2 into releases/v1 #1478

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
6ac6037
Update changelog and version after v2.1.37
invalid-email-address Dec 14, 2022
04f1897
Update checked-in dependencies
invalid-email-address Dec 14, 2022
0a3f985
Merge pull request #1437 from github/mergeback/v2.1.37-to-main-959cbb74
henrymercer Dec 14, 2022
4778dfb
Set up the Swift version the extractor declares (#1422)
angelapwen Dec 19, 2022
e4818d4
Remove tests with old certifi dependency
henrymercer Dec 20, 2022
579411f
Merge pull request #1441 from github/henrymercer/remove-old-certifi-t…
henrymercer Dec 20, 2022
8d1e008
Check for successful completion rather than SARIF upload
henrymercer Dec 21, 2022
8b9e982
Add a better log message for reusable workflow calls
henrymercer Dec 21, 2022
e9ff99b
Improve error message when workflow file doesn't exist
henrymercer Dec 21, 2022
e09fbf5
Demote upload failed SARIF run info statements to debug
henrymercer Dec 21, 2022
3224214
Improve method naming
henrymercer Dec 22, 2022
59ebabd
Remove redundant log messages
henrymercer Dec 22, 2022
4789c13
Add more tests for uploading failed SARIF
henrymercer Dec 22, 2022
ef21864
Code scanning: Add scheduled trigger to workflow
adityasharad Jan 3, 2023
f837e8e
Code scanning: Add step titles to workflow
adityasharad Jan 3, 2023
484236c
Merge pull request #1460 from github/adityasharad/actions/code-scanni…
adityasharad Jan 3, 2023
ff3337e
Merge pull request #1444 from github/henrymercer/reporting-failed-run…
henrymercer Jan 4, 2023
5eba74a
Refactor CodeQL setup
henrymercer Jan 5, 2023
b2b4782
Improve logging around authorization headers
henrymercer Jan 6, 2023
6ce923c
Use a stream when uploading database contents
robertbrignull Jan 6, 2023
e8f7169
Move database bundling to inside the try-catch
robertbrignull Jan 6, 2023
4e5a06f
Update to CoideQL bundle 20230105 (2.12.0)
Jan 6, 2023
bfbb7ab
Add change note for bundle update
Jan 6, 2023
b4187d6
Add CLI version field and prior release fields to `defaults` file (#1…
angelapwen Jan 6, 2023
b9c859b
Merge branch 'main' into dbartol/bundle-20230105
Jan 6, 2023
f9c9a25
Rebuild
Jan 6, 2023
cf1437a
Merge pull request #1462 from github/henrymercer/refactor-codeql-setup
henrymercer Jan 6, 2023
4023575
Send the external repository token to the CLI
aeisenberg Jan 6, 2023
a9337bc
Close stream after use
robertbrignull Jan 9, 2023
166d98c
Merge pull request #1465 from github/robertbrignull/upload_database_s…
robertbrignull Jan 9, 2023
bac4fe1
Merge branch 'main' into dbartol/bundle-20230105
Jan 10, 2023
620a267
Temporarily disable Kotlin analysis in PR checks
henrymercer Jan 10, 2023
80b12d6
Ensure we don't unset `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN`
henrymercer Jan 10, 2023
9203e31
Improve CodeQL setup test structure and naming
henrymercer Jan 9, 2023
9f8ddbd
Fix GHAE CodeQL setup test
henrymercer Jan 10, 2023
28a9b2d
Add a note regarding the `sinon` workaround
henrymercer Jan 10, 2023
f12f76f
Merge pull request #1473 from github/henrymercer/temporarily-disable-…
henrymercer Jan 10, 2023
272d916
Address comments from PR
aeisenberg Jan 10, 2023
bdc7c5d
Merge pull request #1466 from github/dbartol/bundle-20230105
Jan 10, 2023
70a288d
Merge branch 'main' into henrymercer/fix-ghae-setup-test
henrymercer Jan 10, 2023
e009918
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing
aeisenberg Jan 10, 2023
42d6d35
Merge pull request #1464 from github/aeisenberg/externalRepoTokenConf…
aeisenberg Jan 10, 2023
4a91879
Merge branch 'main' into henrymercer/fix-ghae-setup-test
henrymercer Jan 11, 2023
6ba0a36
Add JSDoc for `mockDownloadApi`
henrymercer Jan 11, 2023
70fdddf
Merge pull request #1474 from github/henrymercer/fix-ghae-setup-test
henrymercer Jan 11, 2023
caa49ae
Update changelog for v2.1.38
invalid-email-address Jan 12, 2023
515828d
Merge pull request #1476 from github/update-v2.1.38-70fdddff
henrymercer Jan 12, 2023
abbff28
Revert "Update version and changelog for v1.1.37"
invalid-email-address Jan 12, 2023
54bf6c6
Revert "Update checked-in dependencies"
invalid-email-address Jan 12, 2023
063077e
Merge remote-tracking branch 'origin/releases/v2' into update-v1.1.38…
invalid-email-address Jan 12, 2023
7ddd7ca
Update version and changelog for v1.1.38
invalid-email-address Jan 12, 2023
6800116
Update checked-in dependencies
invalid-email-address Jan 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "Update version and changelog for v1.1.37" 
This reverts commit 85fac8b.
  • Loading branch information
github-actions[bot] committed Jan 12, 2023
commit abbff2838b8e32069edd07b354d4e1d70439849b
65 changes: 33 additions & 32 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,153 +1,154 @@
# CodeQL Action Changelog

## 1.1.37 - 14 Dec 2022
## 2.1.37 - 14 Dec 2022

- Update default CodeQL bundle version to 2.11.6. [#1433](https://github.com/github/codeql-action/pull/1433)

## 1.1.36 - 08 Dec 2022
## 2.1.36 - 08 Dec 2022

- Update default CodeQL bundle version to 2.11.5. [#1412](https://github.com/github/codeql-action/pull/1412)
- Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. [#1393](https://github.com/github/codeql-action/pull/1393)
- Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify `virtualenvs.in-project = true` in their `poetry.toml`. [#1419](https://github.com/github/codeql-action/pull/1419).

## 1.1.35 - 01 Dec 2022
## 2.1.35 - 01 Dec 2022

No user facing changes.

## 1.1.34 - 25 Nov 2022
## 2.1.34 - 25 Nov 2022

- Update default CodeQL bundle version to 2.11.4. [#1391](https://github.com/github/codeql-action/pull/1391)
- Fixed a bug where some the `init` action and the `analyze` action would have different sets of experimental feature flags enabled. [#1384](https://github.com/github/codeql-action/pull/1384)

## 1.1.33 - 16 Nov 2022
## 2.1.33 - 16 Nov 2022

- Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in [CodeQL Action version 2.1.27](#2127---06-oct-2022). [#1322](https://github.com/github/codeql-action/pull/1322)
- Bump the minimum CodeQL bundle version to 2.6.3. [#1358](https://github.com/github/codeql-action/pull/1358)

## 1.1.32 - 14 Nov 2022
## 2.1.32 - 14 Nov 2022

- Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
- Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)

## 1.1.31 - 04 Nov 2022
## 2.1.31 - 04 Nov 2022

- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)

## 1.1.30 - 02 Nov 2022
## 2.1.30 - 02 Nov 2022

- Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)

## 1.1.29 - 26 Oct 2022
## 2.1.29 - 26 Oct 2022

- Update default CodeQL bundle version to 2.11.2. [#1320](https://github.com/github/codeql-action/pull/1320)

## 1.1.28 - 18 Oct 2022
## 2.1.28 - 18 Oct 2022

- Update default CodeQL bundle version to 2.11.1. [#1294](https://github.com/github/codeql-action/pull/1294)
- Replace uses of GitHub Actions command `set-output` because it is now deprecated. See more information in the [GitHub Changelog](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/). [#1301](https://github.com/github/codeql-action/pull/1301)

## 1.1.27 - 06 Oct 2022
## 2.1.27 - 06 Oct 2022

- We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.

## 1.1.26 - 29 Sep 2022
## 2.1.26 - 29 Sep 2022

- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267)

## 1.1.25 - 21 Sep 2022
## 2.1.25 - 21 Sep 2022

- We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the `trap-caching: false` option to your workflow's `init` step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.
- Add support for Python automatic dependency installation with Poetry 1.2 [#1258](https://github.com/github/codeql-action/pull/1258).

## 1.1.24 - 16 Sep 2022
## 2.1.24 - 16 Sep 2022

No user facing changes.

## 1.1.23 - 14 Sep 2022
## 2.1.23 - 14 Sep 2022

- Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new `registries` input for the `init` action. [#1221](https://github.com/github/codeql-action/pull/1221)
- Update default CodeQL bundle version to 2.10.5. [#1240](https://github.com/github/codeql-action/pull/1240)

## 1.1.22 - 01 Sep 2022
## 2.1.22 - 01 Sep 2022

- Downloading CodeQL packs has been moved to the `init` step. Previously, CodeQL packs were downloaded during the `analyze` step. [#1218](https://github.com/github/codeql-action/pull/1218)
- Update default CodeQL bundle version to 2.10.4. [#1224](https://github.com/github/codeql-action/pull/1224)
- The newly released [Poetry 1.2](https://python-poetry.org/blog/announcing-poetry-1.2.0) is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.

## 1.1.21 - 25 Aug 2022
## 2.1.21 - 25 Aug 2022

- Improve error messages when the code scanning configuration file includes an invalid `queries` block or an invalid `query-filters` block. [#1208](https://github.com/github/codeql-action/pull/1208)
- Fix a bug where Go build tracing could fail on Windows. [#1209](https://github.com/github/codeql-action/pull/1209)

## 1.1.20 - 22 Aug 2022
## 2.1.20 - 22 Aug 2022

No user facing changes.

## 1.1.19 - 17 Aug 2022
## 2.1.19 - 17 Aug 2022

- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
- In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. [#1159](https://github.com/github/codeql-action/pull/1159)
- Update default CodeQL bundle version to 2.10.3. [#1178](https://github.com/github/codeql-action/pull/1178)
- The combination of python2 and Pipenv is no longer supported. [#1181](https://github.com/github/codeql-action/pull/1181)

## 1.1.18 - 03 Aug 2022
## 2.1.18 - 03 Aug 2022

- Update default CodeQL bundle version to 2.10.2. [#1156](https://github.com/github/codeql-action/pull/1156)

## 1.1.17 - 28 Jul 2022
## 2.1.17 - 28 Jul 2022

- Update default CodeQL bundle version to 2.10.1. [#1143](https://github.com/github/codeql-action/pull/1143)

## 1.1.16 - 13 Jul 2022
## 2.1.16 - 13 Jul 2022

- You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. [#1132](https://github.com/github/codeql-action/pull/1132)
- You can now see diagnostic messages produced by the analysis in the logs of the `analyze` Action by enabling debug mode. To enable debug mode, pass `debug: true` to the `init` Action, or [enable step debug logging](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). This feature is available for CodeQL CLI version 2.10.0 and later. [#1133](https://github.com/github/codeql-action/pull/1133)

## 1.1.15 - 28 Jun 2022
## 2.1.15 - 28 Jun 2022

- CodeQL query packs listed in the `packs` configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. [#1116](https://github.com/github/codeql-action/pull/1116)
- The combination of python2 and poetry is no longer supported. See <https://github.com/actions/setup-python/issues/374> for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
- Update default CodeQL bundle version to 2.10.0. [#1123](https://github.com/github/codeql-action/pull/1123)

## 1.1.14 - 22 Jun 2022
## 2.1.14 - 22 Jun 2022

No user facing changes.

## 1.1.13 - 21 Jun 2022
## 2.1.13 - 21 Jun 2022

- Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)

## 1.1.12 - 01 Jun 2022
## 2.1.12 - 01 Jun 2022

- Update default CodeQL bundle version to 2.9.3. [#1084](https://github.com/github/codeql-action/pull/1084)

## 1.1.11 - 17 May 2022
## 2.1.11 - 17 May 2022

- Update default CodeQL bundle version to 2.9.2. [#1074](https://github.com/github/codeql-action/pull/1074)

## 1.1.10 - 10 May 2022
## 2.1.10 - 10 May 2022

- Update default CodeQL bundle version to 2.9.1. [#1056](https://github.com/github/codeql-action/pull/1056)
- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.

## 1.1.9 - 27 Apr 2022
## 2.1.9 - 27 Apr 2022

- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
- Update default CodeQL bundle version to 2.9.0.
- Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)

## 1.1.8 - 08 Apr 2022
## 2.1.8 - 08 Apr 2022

- Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
- Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)

## 1.1.7 - 05 Apr 2022
## 2.1.7 - 05 Apr 2022

- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)

## 1.1.6 - 30 Mar 2022
## 2.1.6 - 30 Mar 2022

- [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
- Update default CodeQL bundle version to 2.8.4. [#990](https://github.com/github/codeql-action/pull/990)
- Fix a bug where an invalid `commit_oid` was being sent to code scanning when a custom checkout path was being used. [#956](https://github.com/github/codeql-action/pull/956)

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "1.1.37",
"version": "2.1.37",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down