Closed NotMyFault closed 11 months ago
weisun10
commented
1 year ago @NotMyFault is the change on hold? Current codeql version defined in jenkins-security-scan is "v2.12.2". It only supports Kotlin up to 1.8.10. We'd like to use Kotlin 1.9.x. Is it possible to update codeql to 2.14.3?
NotMyFault
commented
1 year ago NotMyFault is the change on hold? Current codeql version defined in jenkins-security-scan is "v2.12.2". It only supports Kotlin up to 1.8.10. We'd like to use Kotlin 1.9.x. Is it possible to update codeql to 2.14.3?
I'm not a maintainer of this tool. I discovered this blocker some time ago and decided to file a PR to mitigate it.
Likely, @daniel-beck knows more about it than me 😅
You can check the roadmap to track Java 21 in CodeQL.
weisun10
commented
1 year ago @NotMyFault thanks! Yes, it's a good idea to wait until CodeQL has the support on Java 21 (LTS). It's not a blocker for me. For now, Jenkins Security Scan action is disabled in my repository and directly uses the "github/codeql-action/analyze@v2" to do the scanning.
daniel-beck
commented
1 year ago I expect I'll have the time to look into this later this week next week.
daniel-beck
commented
11 months ago
In conjunction with https://github.com/jenkins-infra/jenkins-codeql/pull/28
The versions defined don't support Java versions beyond 19 plus the binary fails due to outdated ASM not supporting newer Java versions. Support for JDK 20 comes with 0.5.4, yet I updated them to newer versions, preventing further updates.
The change proposed mitigates both limitations.