Sourced from github/codeql-action's\r\nchangelog.
\r\n\r\n\r\nCodeQL Action Changelog
\r\nSee the releases\r\npage for the relevant changes to the CodeQL CLI and language\r\npacks.
\r\nNote that the only difference between
\r\nv2
and\r\nv3
of the CodeQL Action is the node version they support,\r\nwithv3
running on node 20 while we continue to release\r\nv2
to support running on node 16. For example\r\n3.22.11
was the firstv3
release and is\r\nfunctionally identical to2.22.11
. This approach ensures an\r\neasy way to track exactly which features are included in different\r\nversions, indicated by the minor and patch version numbers.[UNRELEASED]
\r\nNo user facing changes.
\r\n3.25.6 - 20 May 2024
\r\n\r\n
\r\n- Update default CodeQL bundle version to 2.17.3. #2295
\r\n3.25.5 - 13 May 2024
\r\n\r\n
\r\n- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\r\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\r\n#2273
\r\n- Avoid printing out a warning for a missing
\r\non.push
\r\ntrigger when the CodeQL Action is triggered via a\r\nworkflow_call
event. #2274- The
\r\ntools: latest
input to theinit
Action\r\nhas been renamed totools: linked
. This option specifies\r\nthat the Action should use the tools shipped at the same time as the\r\nAction. The old name will continue to work for backwards compatibility,\r\nbut we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
\r\n\r\n
\r\n- Update default CodeQL bundle version to 2.17.2. #2270
\r\n3.25.3 - 25 Apr 2024
\r\n\r\n
\r\n- Update default CodeQL bundle version to 2.17.1. #2247
\r\n- Workflows running on
\r\nmacos-latest
using CodeQL CLI\r\nversions before v2.15.1 will need to either upgrade their CLI version to\r\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\r\nasmacos-12
. ARM machines with SIP disabled, including the\r\nnewestmacos-latest
image, are unsupported for CLI versions\r\nbefore 2.15.1. #22613.25.2 - 22 Apr 2024
\r\nNo user facing changes.
\r\n3.25.1 - 17 Apr 2024
\r\n\r\n
\r\n- We are rolling out a feature in April/May 2024 that improves the\r\nreliability and performance of analyzing code when analyzing a compiled\r\nlanguage with the
\r\nautobuild
build\r\nmode. #2235- Fix a bug where the
\r\ninit
Action would fail if\r\n--overwrite
was specified in\r\nCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
\r\n\r\n
\r\n\r\n- \r\n
\r\nThe deprecated feature for extracting dependencies for a Python\r\nanalysis has been removed. #2224
\r\nAs a result, the following inputs and environment variables are now\r\nignored:
\r\n\r\n
\r\n- The
\r\nsetup-python-dependencies
input to the\r\ninit
Action- The\r\n
\r\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
\r\nenvironment variableWe recommend removing any references to these from your workflows.\r\nFor more information, see the release notes for CodeQL Action v3.23.0\r\nand v2.23.0.
\r\n- \r\n
\r\nAutomatically overwrite an existing database if found on the\r\nfilesystem. #2229
\r\n- \r\n
\r\nBump the minimum CodeQL bundle version to 2.12.6. #2232
\r\n
... (truncated)
\r\n9fdb3e4
\r\nMerge pull request #2300\r\nfrom github/update-v3.25.6-63d519c0a00792ab
\r\nUpdate changelog for v3.25.663d519c
\r\nMerge pull request #2295\r\nfrom github/update-bundle/codeql-bundle-v2.17.30d9161c
\r\nMerge pull request #2293\r\nfrom github/henrymercer/update-build-mode-autobuild-...e9e2729
\r\nAdd changelog notede1ac31
\r\nUpdate default bundle to codeql-bundle-v2.17.3a57c67b
\r\nMerge pull request #2286\r\nfrom github/koesie10/ghec-dr-db-uploadb7ef64e
\r\nMerge pull request #2294\r\nfrom github/dependabot/npm_and_yarn/npm-d3285d5234e54dea2
\r\nUpdate checked-in dependencies3b42294
\r\nBump the npm group across 1 directory with 4 updatesSourced from github/codeql-action's\r\nchangelog.
\r\n\r\n\r\nCodeQL Action Changelog
\r\nSee the releases\r\npage for the relevant changes to the CodeQL CLI and language\r\npacks.
\r\nNote that the only difference between
\r\nv2
and\r\nv3
of the CodeQL Action is the node version they support,\r\nwithv3
running on node 20 while we continue to release\r\nv2
to support running on node 16. For example\r\n3.22.11
was the firstv3
release and is\r\nfunctionally identical to2.22.11
. This approach ensures an\r\neasy way to track exactly which features are included in different\r\nversions, indicated by the minor and patch version numbers.[UNRELEASED]
\r\nNo user facing changes.
\r\n3.25.5 - 13 May 2024
\r\n\r\n
\r\n- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\r\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\r\n#2273
\r\n- Avoid printing out a warning for a missing
\r\non.push
\r\ntrigger when the CodeQL Action is triggered via a\r\nworkflow_call
event. #2274- The
\r\ntools: latest
input to theinit
Action\r\nhas been renamed totools: linked
. This option specifies\r\nthat the Action should use the tools shipped at the same time as the\r\nAction. The old name will continue to work for backwards compatibility,\r\nbut we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
\r\n\r\n
\r\n- Update default CodeQL bundle version to 2.17.2. #2270
\r\n3.25.3 - 25 Apr 2024
\r\n\r\n
\r\n- Update default CodeQL bundle version to 2.17.1. #2247
\r\n- Workflows running on
\r\nmacos-latest
using CodeQL CLI\r\nversions before v2.15.1 will need to either upgrade their CLI version to\r\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\r\nasmacos-12
. ARM machines with SIP disabled, including the\r\nnewestmacos-latest
image, are unsupported for CLI versions\r\nbefore 2.15.1. #22613.25.2 - 22 Apr 2024
\r\nNo user facing changes.
\r\n3.25.1 - 17 Apr 2024
\r\n\r\n
\r\n- We are rolling out a feature in April/May 2024 that improves the\r\nreliability and performance of analyzing code when analyzing a compiled\r\nlanguage with the
\r\nautobuild
build\r\nmode. #2235- Fix a bug where the
\r\ninit
Action would fail if\r\n--overwrite
was specified in\r\nCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
\r\n\r\n
\r\n- \r\n
\r\nThe deprecated feature for extracting dependencies for a Python\r\nanalysis has been removed. #2224
\r\nAs a result, the following inputs and environment variables are now\r\nignored:
\r\n\r\n
\r\n- The
\r\nsetup-python-dependencies
input to the\r\ninit
Action- The\r\n
\r\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
\r\nenvironment variableWe recommend removing any references to these from your workflows.\r\nFor more information, see the release notes for CodeQL Action v3.23.0\r\nand v2.23.0.
\r\n- \r\n
\r\nAutomatically overwrite an existing database if found on the\r\nfilesystem. #2229
\r\n- \r\n
\r\nBump the minimum CodeQL bundle version to 2.12.6. #2232
\r\n- \r\n
\r\nA more relevant log message and a diagnostic are now emitted when the\r\n
\r\nfile
program is not installed on a Linux runner, but is\r\nrequired for Go tracing to succeed. #22343.24.10 - 05 Apr 2024
\r\n\r\n
... (truncated)
\r\nb7cec75
\r\nMerge pull request #2287\r\nfrom github/update-v3.25.5-4a51972476778fe4
\r\nUpdate changelog for v3.25.54a51972
\r\nMerge pull request #2280\r\nfrom github/henrymercer/on-demand-ffsa8c32fd
\r\nMerge pull request #2283\r\nfrom github/henrymercer/disable-fail-fastf73b0b7
\r\nDisable fail fast for non-generated workflowsc59e052
\r\nDisable fail fast in generated workflows33e416c
\r\nComment that legacyApi
is false by default67f8a36
\r\nMerge branch 'main' into henrymercer/on-demand-ffs4995c49
\r\nMerge pull request #2282\r\nfrom github/henrymercer/no-build-mode-tracing-improv...def4d2c
\r\nMerge pull request #2273\r\nfrom github/aeisenberg/specify-versionsSourced from ossf/scorecard-action's\r\nreleases.
\r\n\r\n\r\nv2.3.3
\r\n\r\n\r\n[!NOTE]
\r\n
\r\nThere is no v2.3.2 release as a step was skipped in the release process.\r\nThis was fixed and re-released under the v2.3.3 tagWhat's Changed
\r\n\r\n
\r\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1366- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1374- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1377For a full changelist of what these include, see the v5.0.0-rc1\r\nand v5.0.0-rc2\r\nrelease notes.
\r\nDocumentation
\r\n\r\n
\r\n- :book: Move token discussion out of main README. by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1279- :book: link to
\r\nossf/scorecard
workflow instead of\r\nmaintaining an example by@spencerschrock
\r\nin ossf/scorecard-action#1352- :book: update api links to new scorecard.dev site by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1376Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
\r\n
dc50aa9
\r\n:seedling: Bump docker tag for v2.3.3 release (#1368)8ff5700
\r\n:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0....8ba5e73
\r\nupdate api links to new scorecard.dev site (#1376)92ddde3
\r\nBump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)6c55905
\r\n:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)09bb953
\r\n:seedling: Bump distroless/base in the docker-images group (#1372)1511e13
\r\n:seedling: Bump the github-actions group across 1 directory with 6\r\nupdates (#...df66cd8
\r\n:seedling: Bump the docker-images group with 2 updates (#1370)fad9a3c
\r\n:seedling: Bump distroless/base in the docker-images group (#1364)1e01a30
\r\n:seedling: Bump the github-actions group with 3 updates (#1365)Sourced from actions/checkout's\r\nreleases.
\r\n\r\n\r\nv4.1.4
\r\nWhat's Changed
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4
\r\n
Sourced from actions/checkout's\r\nchangelog.
\r\n\r\n\r\nChangelog
\r\nv4.1.4
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643v4.1.3
\r\n\r\n
\r\n- Check git version before attempting to disable\r\n
\r\nsparse-checkout
by@jww3
in actions/checkout#1656- Add SSH user parameter by
\r\n@cory-miller
in\r\nactions/checkout#1685- Update
\r\nactions/checkout
version in\r\nupdate-main-version.yml
by@jww3
in actions/checkout#1650v4.1.2
\r\n\r\n
\r\n- Fix: Disable sparse checkout whenever
\r\nsparse-checkout
\r\noption is not present@dscho
in actions/checkout#1598v4.1.1
\r\n\r\n
\r\n- Correct link to GitHub Docs by
\r\n@peterbe
in actions/checkout#1511- Link to release page from what's new section by
\r\n@cory-miller
in\r\nactions/checkout#1514v4.1.0
\r\n\r\nv4.0.0
\r\n\r\nv3.6.0
\r\n\r\n
\r\n- Fix: Mark\r\ntest scripts with Bash'isms to be run via Bash
\r\n- Add\r\noption to fetch tags even if fetch-depth > 0
\r\nv3.5.3
\r\n\r\n
\r\n- Fix:\r\nCheckout fail in self-hosted runners when faulty submodule are\r\nchecked-in
\r\n- Fix\r\ntypos found by codespell
\r\n- Add\r\nsupport for sparse checkouts
\r\nv3.5.2
\r\n\r\n
\r\n- Fix\r\napi endpoint for GHES
\r\nv3.5.1
\r\n\r\n
\r\n- Fix\r\nslow checkout on Windows
\r\nv3.5.0
\r\n\r\nv3.4.0
\r\n\r\n\r\n
... (truncated)
\r\n0ad4b8f
\r\nPrep Release v4.1.4 (#1704)43045ae
\r\nDisable extensions.worktreeConfig
when disabling\r\nsparse-checkout
(#1692)37b0821
\r\nBump the minor-actions-dependencies group with 2 updates (#1693)9839dc1
\r\nAdd dependabot config (#1688)9b4c13b
\r\nBump word-wrap from 1.2.3 to 1.2.5 (#1643)