From 53c6f9592963d1a73bb2ea188d5687b61b6098a6 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Dec 2024 17:15:25 +0000 Subject: [PATCH 01/15] Update changelog for 2.20.0 --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f80170c..58b1ca9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,20 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> +## Release 2.20.0 (2024-12-09) + +### New features + +- The [`QlBuiltins::BigInt` type](https://codeql.github.com/docs/ql-language-reference/modules/#bigint) of + arbitrary precision integers is generally available and no longer hidden behind the + `--allow-experimental=bigint` CLI feature flag. + +### Miscellaneous + +- Backslashes are now escaped when writing output in the Graphviz DOT format (`--format=dot`). +- The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version + 21.0.5. + ## Release 2.19.4 (2024-12-02) ### Improvements From d83aedf3de84418107b73c51215d699906c605aa Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 10 Dec 2024 14:20:15 +0000 Subject: [PATCH 02/15] Add known issue for Windows exe properties version number --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58b1ca9..f64a0b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,12 @@ --> ## Release 2.20.0 (2024-12-09) +### Known issues + +- The Windows executable for this release is labeled with an incorrect version number + within its properties: the version number should be 2.20.0 rather than 2.19.4. + `codeql version` reports the correct version number. + ### New features - The [`QlBuiltins::BigInt` type](https://codeql.github.com/docs/ql-language-reference/modules/#bigint) of @@ -612,7 +618,7 @@ - Fixed an issue where CodeQL would sometimes incorrectly report that no files were scanned when running on Windows. - This affected the human-readable summary produced by `codeql database analyze` + This affected the human-readable summary produced by `codeql database analyze` and `codeql database interpret-results`, but did not impact the file coverage information produced in the SARIF output and displayed on the tool status page. - When analyzing Swift codebases, CodeQL build tracing will now ignore the From bc44bf68debfbbed6ace465d6636291545cf6b29 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Thu, 9 Jan 2025 16:50:38 -0500 Subject: [PATCH 03/15] Update changelog for 2.20.1 --- CHANGELOG.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f64a0b8..2a1dc7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,19 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> +## Release 2.20.1 (2025-01-09) + +### Improvements + +- Automatic installation of dependencies for C++ autobuild is now supported on Ubuntu 24.04. + +- The CLI will now warn if it detects that it is installed in a + location where it is likely to cause performance issues. This + includes: user home, desktop, downloads, or the file system root. + + You can avoid this warning by setting the `CODEQL_ALLOW_INSTALLATION_ANYWHERE` + environment variable to `true`. + ## Release 2.20.0 (2024-12-09) ### Known issues @@ -618,7 +631,7 @@ - Fixed an issue where CodeQL would sometimes incorrectly report that no files were scanned when running on Windows. - This affected the human-readable summary produced by `codeql database analyze` + This affected the human-readable summary produced by `codeql database analyze` and `codeql database interpret-results`, but did not impact the file coverage information produced in the SARIF output and displayed on the tool status page. - When analyzing Swift codebases, CodeQL build tracing will now ignore the From 1fa874136402ce0bd5ba66d4c0463ef78bd92d4b Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 22 Jan 2025 14:44:29 +0000 Subject: [PATCH 04/15] Update changelog for 2.20.2 --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a1dc7b..af98a2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,23 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> +## Release 2.20.2 (2025-01-22) + +### Improvements + +- `codeql database create` and `codeql database finalize` now write relations to disk in a new, compressed format. As a result, databases will generally take up less space on disk, whether zipped or unzipped. Note that databases in this format can only be read and analyzed using CodeQL version 2.20.1 onwards. Attempting to analyze such a database with CodeQL version 2.20.0 or older will fail, with an error message like the following: + ``` + UnsortedExtensionalError: Tuples that were assumed to be in order are not: [123456777, 777654321, 123456777]<[777654321, 123456777, 777654321] + ``` + +### Enhancements + +- Added the `.bitLength()` method to `QlBuiltins::BigInt`. + +### Bugs Fixed + +- Fixed a bug where CodeQL would crash on rare occasions while merging SARIF files before uploading results. + ## Release 2.20.1 (2025-01-09) ### Improvements From 39038de5c1fe27dd47c17f81bcfc5b74eb1f8a6d Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Fri, 24 Jan 2025 10:48:58 -0500 Subject: [PATCH 05/15] Changelog for 2.20.3 --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index af98a2b..e9edcbd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,19 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> + +## Release 2.20.3 (2025-01-24) + +### Security Updates + +- Resolves a security vulnerability where CodeQL databases or logs produced by the CodeQL CLI may contain the environment variables from the time of + database creation. This includes any secrets stored in an environment variables. For more information, see the + [CodeQL CLI security advisory](https://github.com/github/codeql-cli-binaries/security/advisories/GHSA-gqh3-9prg-j95m). + + All users of CodeQL should follow the advice in the CodeQL advisory mentioned above or upgrade to this version or a later version of CodeQL. + + If you are using the CodeQL Action, also see the related [CodeQL Action security advisory](https://github.com/github/codeql-action/security/advisories/GHSA-vqf5-2xx6-9wfm). + ## Release 2.20.2 (2025-01-22) ### Improvements From 9a8c3477ba83a7925ceda48739e6bd3ee3063ce2 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 6 Feb 2025 12:06:35 +0100 Subject: [PATCH 06/15] Update CHANGELOG.md for 2.20.4 --- CHANGELOG.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9edcbd..5e29033 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,21 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> +## Release 2.20.4 (2025-02-06) + +### New features + +- Using the `actions` language (for analysis of GitHub Actions workflows) no longer requires + the `CODEQL_ENABLE_EXPERIMENTAL_FEATURES` environment variable to be set. Support for analysis + of GitHub Actions workflows remains in public preview. + +### Bugs fixed + +- Fixed a bug where CodeQL for Java would fail with an SSL exception while trying to download `maven`. + +### Miscellaneous + +- The build of the [logback-core](https://logback.qos.ch/) library that is used for logging in the CodeQL CLI has been updated to version 1.3.15. ## Release 2.20.3 (2025-01-24) @@ -661,7 +676,7 @@ - Fixed an issue where CodeQL would sometimes incorrectly report that no files were scanned when running on Windows. - This affected the human-readable summary produced by `codeql database analyze` + This affected the human-readable summary produced by `codeql database analyze` and `codeql database interpret-results`, but did not impact the file coverage information produced in the SARIF output and displayed on the tool status page. - When analyzing Swift codebases, CodeQL build tracing will now ignore the From 90a3e2a1b82757157110c9657fedee362c5d5575 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Thu, 20 Feb 2025 14:30:37 +0000 Subject: [PATCH 07/15] Add 2.20.5 to changelog --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e29033..6192d4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,21 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> +## Release 2.20.5 (2025-02-20) + +### Breaking changes + +- Removed support for `QlBuiltins::BigInt`s in the `avg()` aggregate. + +- A number of breaking changes have been made to the C and C++ CodeQL test environment as used by `codeql test run`: + - The `-Xclang-only=` option is no longer supported by `semmle-extractor-options`. Instead, when either `--clang` or `--clang_version` is specified the option should be replaced by `` only, otherwise the option should be omitted. + - The `--sys_include ` and `--preinclude ` options are no longer supported by `semmle-extractor-options`. Instead, `--edg --edg ` should be specified. + - The `-idirafter ` option is no longer supported by `semmle-extractor-options`. Instead, `--edg --sys_include --edg ` should be specified. + - The `-imacros ` option is no longer supported by `semmle-extractor-options`. Instead, `--edg --preinclude_macros --edg ` should be specified. + - The `/FI ` option is no longer supported by `semmle-extractor-options`. Instead, `--edg --preinclude --edg ` should be specified. + - The `-Wreserved-user-defined-literal`, `-Wno-reserved-user-defined-literal`, `-fwritable-strings`, `/Zc:rvalueCast`, `/Zc:rvalueCast-`, and `/Zc:wchar_t-` options are no longer supported by `semmle-extractor-options`. Instead, `--edg --reserved_user_defined_literal`, `--edg --no-reserved_user_defined_literal`, `--edg --no_const_string_literals`, `--edg --no_preserve_lvalues_with_same_type_casts`, `--edg --preserve_lvalues_with_same_type_casts`, and `--edg --no_wchar_t_keyword` should be specified, respectively. + - The `/Fo ` option is no longer supported by `semmle-extractor-options`. The option should be omitted. + ## Release 2.20.4 (2025-02-06) ### New features From a30bd7afd1834ee18b5b09a9f406cd540c10e3da Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Thu, 6 Mar 2025 07:08:35 -0800 Subject: [PATCH 08/15] Update CHANGELOG.md for 2.20.6 --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6192d4e..45b7404 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,17 @@ checklist for a CLI release, you can edit here. But then you know what to do). --> + +## Release 2.20.6 (2025-03-06) + +### Miscellaneous + +- The CodeQL XML extractor is now able to parse documents in a wider array of + character sets. + +- The build of Eclipse Temurin OpenJDK that is used to run the CodeQL + CLI has been updated to version 21.0.6. + ## Release 2.20.5 (2025-02-20) ### Breaking changes From 87f935dfb392d8fde2421d837f2485fdcfb553ed Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 18 Mar 2025 12:37:27 +0000 Subject: [PATCH 09/15] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45b7404..37710f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ you know what to do). --> +## Release 2.20.7 (2025-03-18) + +- There are no user-facing changes in this release. + ## Release 2.20.6 (2025-03-06) ### Miscellaneous From c22b8bd41dd90bce1a3c38253da287dfb814c59f Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 3 Apr 2025 15:43:41 +0200 Subject: [PATCH 10/15] Update CHANGELOG.md --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37710f2..305cd8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,14 @@ you know what to do). --> +## Release 2.21.0 (2025-04-03) + +### Miscellaneous + +- On macOS the `CODEQL_TRACER_RELOCATION_EXCLUDE` environment variable can now be used to exclude certain paths from the + tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries + to be excluded. + ## Release 2.20.7 (2025-03-18) - There are no user-facing changes in this release. From 518072067ef64dca25185591bf3cddd25acb3aa0 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 22 Apr 2025 12:33:47 +0100 Subject: [PATCH 11/15] Changelog: Update release notes for version 2.21.1 Add details about bug fixes in CodeQL analysis for GitHub Actions. Clarify behavior with `paths-ignore` and `paths` configurations to improve performance on large codebases. --- CHANGELOG.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 305cd8a..c5e2252 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,26 @@ you know what to do). --> +## Release 2.21.1 (2025-04-22) + +### Bugs fixed + +- Fixed a bug in CodeQL analysis for GitHub Actions in the presence + of a code scanning configuration file containing `paths-ignore` + exclusion patterns but not `paths` inclusion patterns. + Previously, such a configuration incorrectly led to all YAML, HTML, + JSON, and JS source files being extracted, + except for those filtered by `paths-ignore`. + This in turn led to performance issues on large codebases. + Now, only workflow and Action metadata YAML files relevant to the + GitHub Actions analysis will be extracted, + except for those filtered by `paths-ignore`. + This matches the default behavior when no configuration file + is provided. + The handling of `paths` inclusion patterns is unchanged: + if provided, only those paths will be considered, + except for those filtered by `paths-ignore`. + ## Release 2.21.0 (2025-04-03) ### Miscellaneous From d1e534e60eafaca3770361ddcfc6b53a06068d91 Mon Sep 17 00:00:00 2001 From: Nick Rolfe Date: Thu, 1 May 2025 13:34:25 +0100 Subject: [PATCH 12/15] Update changelog for 2.21.2 --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5e2252..2a9962a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,13 @@ you know what to do). --> +## Release 2.21.2 (2025-05-01) + +### Bugs fixed + +- `codeql generate log-summary` now correctly includes `dependencies` + maps in predicate events for `COMPUTED_EXTENSIONAL` predicates. + ## Release 2.21.1 (2025-04-22) ### Bugs fixed From 9a367b9f8833da440fdde706789c18cb11f21624 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 15 May 2025 12:41:58 +0100 Subject: [PATCH 13/15] Update changelog for 2.21.3 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a9962a..9f8780a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,12 @@ you know what to do). --> +## Release 2.21.3 (2025-05-15) + +### Miscellaneous + +- Windows binaries for the CodeQL CLI are now built with `/guard:cf`, enabling [Control Flow Guard](https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard). + ## Release 2.21.2 (2025-05-01) ### Bugs fixed From f1c6d0410fc75afe3b3c146bee902cbd83e19fb8 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Mon, 2 Jun 2025 13:43:16 +0200 Subject: [PATCH 14/15] Update CHANGELOG.md --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f8780a..df6571f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,20 @@ you know what to do). --> +## Release 2.21.4 (2025-06-02) + +### Deprecations + +- The `clang_vector_types`, `clang_attributes`, and `flax-vector-conversions` command + line options have been removed from the C/C++ extractor. These options were introduced + as workarounds to frontend limitations in earlier versions of the extractor and are + no longer needed when calling the extractor directly. + +### Miscellaneous + +- The build of Eclipse Temurin OpenJDK that is used to run the CodeQL + CLI has been updated to version 21.0.7. + ## Release 2.21.3 (2025-05-15) ### Miscellaneous From 81e6755f40ec81a3583d4e2ba929819b0b0fc375 Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Wed, 11 Jun 2025 08:40:32 -0700 Subject: [PATCH 15/15] Update CHANGELOG.md for 2.22.0 --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index df6571f..48b2c6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,28 @@ you know what to do). --> +## Release 2.22.0 (2025-06-11) + +### Breaking changes + +- A number of breaking changes have been made to the C and C++ CodeQL test + environment as used by `codeql test run`: + - Options starting with a `/` are no longer supported by + `semmle-extractor-options`. Any option starting with a `/` should be + replaced by the equivalent option starting with a `-`, e.g., `/D` should be + replaced by `-D`. + - Preprocessor command line options of the form `-D#` are no + longer supported by `semmle-extractor-options`. `-D=` should be + used instead. + - The `/Fp` and `-o` options are no longer supported by + `semmle-extractor-options`. The options should be omitted. + - The `-emit-pch`, `-include-pch`, `/Yc`, and `/Yu` options, and the + `--preinclude` option taking a pre-compiled header as its argument, are no + longer supported by `semmle-extractor-options`. Any test that makes use of + this should be replaced by a test that invokes the CodeQL CLI with the + `create database` option and that runs the relevant queries on the created + database. + ## Release 2.21.4 (2025-06-02) ### Deprecations pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy