Closed NotMyFault closed 11 months ago
@NotMyFault is the change on hold? Current codeql version defined in jenkins-security-scan is "v2.12.2". It only supports Kotlin up to 1.8.10. We'd like to use Kotlin 1.9.x. Is it possible to update codeql to 2.14.3?
NotMyFault is the change on hold? Current codeql version defined in jenkins-security-scan is "v2.12.2". It only supports Kotlin up to 1.8.10. We'd like to use Kotlin 1.9.x. Is it possible to update codeql to 2.14.3?
I'm not a maintainer of this tool. I discovered this blocker some time ago and decided to file a PR to mitigate it.
Likely, @daniel-beck knows more about it than me 😅
You can check the roadmap to track Java 21 in CodeQL.
@NotMyFault thanks! Yes, it's a good idea to wait until CodeQL has the support on Java 21 (LTS). It's not a blocker for me. For now, Jenkins Security Scan action is disabled in my repository and directly uses the "github/codeql-action/analyze@v2" to do the scanning.
I expect I'll have the time to look into this later this week next week.
In conjunction with https://github.com/jenkins-infra/jenkins-codeql/pull/28
The versions defined don't support Java versions beyond 19 plus the binary fails due to outdated ASM not supporting newer Java versions. Support for JDK 20 comes with 0.5.4, yet I updated them to newer versions, preventing further updates.
The change proposed mitigates both limitations.