See the releases page for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
[UNRELEASED]
No user facing changes.
3.24.9 - 22 Mar 2024
Update default CodeQL bundle version to 2.16.5. #2203
3.24.8 - 18 Mar 2024
Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. #2195
3.24.7 - 12 Mar 2024
Update default CodeQL bundle version to 2.16.4. #2185
3.24.6 - 29 Feb 2024
No user facing changes.
3.24.5 - 23 Feb 2024
Update default CodeQL bundle version to 2.16.3. #2156
3.24.4 - 21 Feb 2024
Fix an issue where an existing, but empty, /sys/fs/cgroup/cpuset.cpus file always resulted in a single-threaded run. #2151
3.24.3 - 15 Feb 2024
Fix an issue where the CodeQL Action would fail to load a configuration specified by the config input to the init Action. #2147
3.24.2 - 15 Feb 2024
Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. #2141
3.24.1 - 13 Feb 2024
Update default CodeQL bundle version to 2.16.2. #2124
The CodeQL action no longer fails if it can't write to the telemetry api endpoint. #2121
3.24.0 - 02 Feb 2024
CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See release notes for 3.23.0 for more details. #2106
... (truncated)
Commits
1b1aada Merge pull request #2208 from github/update-v3.24.9-09d4101d2
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 3 updates: actions/checkout, actions/setup-node and github/codeql-action.
Updates
actions/checkout
from 4.1.1 to 4.1.2Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
9bb5618
Prep for release of v4.1.2 (#1649)8eb1f6a
Bump@babel/traverse
from 7.20.5 to 7.24.0 (#1642)556e4c3
Bump tough-cookie from 4.0.0 to 4.1.3 (#1406)b32f140
Warn on attempts to publishtest-ubuntu-git
from non-main branch. (#1623)2650dbd
Givetest-ubuntu-git
its ownREADME
(#1620)aadec89
Explicitly disable sparse checkout unless asked for (#1598)df0bcdd
Refine workflow for generatingtest-ubuntu-git
(#1617)473055b
Createtest-ubuntu-git
Docker Container for Proxy Tests (#1616)Updates
actions/setup-node
from 4.0.1 to 4.0.2Release notes
Sourced from actions/setup-node's releases.
Commits
60edb5d
Add support for arm64 Windows (#927)d86ebcd
Add support forvolta.extends
(#921)Updates
github/codeql-action
from 3.24.0 to 3.24.9Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
1b1aada
Merge pull request #2208 from github/update-v3.24.9-09d4101d26505708
Update changelog for v3.24.909d4101
Merge pull request #2203 from github/update-bundle/codeql-bundle-v2.16.5a3ab02e
Merge branch 'main' into update-bundle/codeql-bundle-v2.16.59cf4574
Add changelog note964f5e7
Merge pull request #2207 from github/henrymercer/more-processing-error-catego...9c0c35b
Merge pull request #2206 from github/henrymercer/improved-autobuild-error-wit...c84e4c8
Mark some more processing errors as invalid SARIF upload requests4aca720
Improve error message when using build modes and autobuild fails7f375ae
Wrap configuration errors for all CLI commandsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show