Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between
v2
andv3
of the CodeQL Action is the node version they support, withv3
running on node 20 while we continue to releasev2
to support running on node 16. For example3.22.11
was the firstv3
release and is functionally identical to2.22.11
. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.[UNRELEASED]
No user facing changes.
3.25.5 - 13 May 2024
- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
- Avoid printing out a warning for a missing
on.push
trigger when the CodeQL Action is triggered via aworkflow_call
event. #2274- The
tools: latest
input to theinit
Action has been renamed totools: linked
. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
- Update default CodeQL bundle version to 2.17.2. #2270
3.25.3 - 25 Apr 2024
- Update default CodeQL bundle version to 2.17.1. #2247
- Workflows running on
macos-latest
using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such asmacos-12
. ARM machines with SIP disabled, including the newestmacos-latest
image, are unsupported for CLI versions before 2.15.1. #22613.25.2 - 22 Apr 2024
No user facing changes.
3.25.1 - 17 Apr 2024
- We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the
autobuild
build mode. #2235- Fix a bug where the
init
Action would fail if--overwrite
was specified inCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224
As a result, the following inputs and environment variables are now ignored:
- The
setup-python-dependencies
input to theinit
Action- The
CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
environment variableWe recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
Automatically overwrite an existing database if found on the filesystem. #2229
Bump the minimum CodeQL bundle version to 2.12.6. #2232
A more relevant log message and a diagnostic are now emitted when the
file
program is not installed on a Linux runner, but is required for Go tracing to succeed. #22343.24.10 - 05 Apr 2024
... (truncated)
b7cec75
Merge pull request #2287
from github/update-v3.25.5-4a51972476778fe4
Update changelog for v3.25.54a51972
Merge pull request #2280
from github/henrymercer/on-demand-ffsa8c32fd
Merge pull request #2283
from github/henrymercer/disable-fail-fastf73b0b7
Disable fail fast for non-generated workflowsc59e052
Disable fail fast in generated workflows33e416c
Comment that legacyApi
is false by default67f8a36
Merge branch 'main' into henrymercer/on-demand-ffs4995c49
Merge pull request #2282
from github/henrymercer/no-build-mode-tracing-improv...def4d2c
Merge pull request #2273
from github/aeisenberg/specify-versions