Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge releases/v2 into releases/v1 #1362

Merged
merged 28 commits into from
Nov 14, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
5da50dc
Add file baseline information feature
henrymercer Oct 26, 2022
89e1893
Forward file baseline information enablement to CLI
henrymercer Oct 26, 2022
6a5e69e
Update changelog and version after v2.1.31
invalid-email-address Nov 4, 2022
31a2afe
Update checked-in dependencies
invalid-email-address Nov 4, 2022
8aff97f
Merge pull request #1346 from github/mergeback/v2.1.31-to-main-c3b6fce4
aeisenberg Nov 7, 2022
dba70ac
Bump default CodeQL version to 2.11.3
henrymercer Nov 7, 2022
b9b7d9f
Add PR check for file baseline information
henrymercer Nov 7, 2022
029ecc0
Check expected SARIF notification objects
henrymercer Nov 7, 2022
c606252
Merge pull request #1329 from github/henrymercer/file-baseline-info-e…
henrymercer Nov 7, 2022
f9948ff
Improve experience when init fails before generating a config file
henrymercer Nov 7, 2022
0e5b04a
Merge pull request #1349 from github/henrymercer/improve-focus-when-i…
henrymercer Nov 8, 2022
01c4458
use ATM pack v0.4.0 for CLI v2.11.3 and above
kaeluka Nov 8, 2022
73ff862
Merge pull request #1351 from kaeluka/release-atm-v0.4.0
kaeluka Nov 8, 2022
fb3fdd7
add ATM 0.4.0 to changelog
kaeluka Nov 9, 2022
7c9e85e
Merge pull request #1353 from kaeluka/add-ATM-0.4.0-to-changelog
kaeluka Nov 9, 2022
d6f6ef4
Force exit of process if a timeout has occurred
edoardopirovano Nov 9, 2022
006bb00
Merge pull request #1354 from github/edoardo/force-exit-on-timeout
edoardopirovano Nov 10, 2022
9452b6b
Merge branch 'main' into henrymercer/use-codeql-2.11.3
henrymercer Nov 11, 2022
76a7740
Fix Python query identifier in file baseline information PR check
henrymercer Nov 11, 2022
718930b
Pin npm to latest v8 release to address failing PR check
henrymercer Nov 11, 2022
33b10be
Merge pull request #1348 from github/henrymercer/use-codeql-2.11.3
henrymercer Nov 11, 2022
97be623
Update changelog for v2.1.32
invalid-email-address Nov 14, 2022
4238421
Merge pull request #1360 from github/update-v2.1.32-33b10be6
henrymercer Nov 14, 2022
1f97bcf
Revert "Update version and changelog for v1.1.31"
invalid-email-address Nov 14, 2022
27e1772
Revert "Update checked-in dependencies"
invalid-email-address Nov 14, 2022
f405ab8
Merge remote-tracking branch 'origin/releases/v2' into update-v1.1.32…
invalid-email-address Nov 14, 2022
b3d9a91
Update version and changelog for v1.1.32
invalid-email-address Nov 14, 2022
f71b2a3
Update checked-in dependencies
henrymercer Nov 14, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 85 additions & 0 deletions .github/workflows/__export-file-baseline-information.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 6 additions & 3 deletions .github/workflows/script/check-node-modules.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,19 @@ if [ ! -z "$(git status --porcelain)" ]; then
>&2 echo "Failed: Repo should be clean before testing!"
exit 1
fi
sudo npm install --force -g npm@latest
# Pin npm to v8 since v9 doesn't support Node 12.
# When updating this, make sure to update the npm version in
# `.github/workflows/update-dependencies.yml` too.
sudo npm install --force -g npm@^8.19.3
# Reinstall modules and then clean to remove absolute paths
# Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
npm ci
npm run removeNPMAbsolutePaths
# Check that repo is still clean
if [ ! -z "$(git status --porcelain)" ]; then
# If we get a fail here then the PR needs attention
>&2 echo "Failed: node_modules are not up to date. Run 'npm ci && npm run removeNPMAbsolutePaths' on a macOS machine to update. Note it is important this command is run on macOS and not any other operating system as there is one dependency (fsevents) that is needed for macOS and may not be installed if the command is run on a Windows or Linux machine."
>&2 echo "Failed: node_modules are not up to date. Add the 'Update dependencies' label to your PR to update them. Note it is important that node modules are updated on macOS and not any other operating system as there is one dependency (fsevents) that is needed for macOS and may not be installed if dependencies are updated on a Windows or Linux machine."
git status
exit 1
fi
echo "Success: node_modules are up to date"
echo "Success: node_modules are up to date"
5 changes: 4 additions & 1 deletion .github/workflows/update-dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,10 @@ jobs:
run: |
git fetch origin "$BRANCH" --depth=1
git checkout "origin/$BRANCH"
sudo npm install --force -g npm@latest
# Pin npm to v8 since v9 doesn't support Node 12.
# When updating this, make sure to update the npm version in
# `.github/workflows/script/check-node-modules.sh` too.
sudo npm install --force -g npm@^8.19.3
npm install
npm ci
npm run removeNPMAbsolutePaths
Expand Down
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# CodeQL Action Changelog

## 1.1.32 - 14 Nov 2022

- Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
- Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)

## 1.1.31 - 04 Nov 2022

- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)
Expand Down
2 changes: 2 additions & 0 deletions lib/analyze-action.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading