Releases: github/codeql-cli-binaries
v2.13.0
Known issues
- We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with
codeql github upload-results
. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1. For more information, see the "Known issues" section for CodeQL 2.12.6.
Potentially breaking changes
- In
codeql pack add
, the dependency that is added to theqlpack.yml
file will now allow any version of the pack that is compatible with the specified version (^version
) in specific cases. - Upper-case variable names are no longer accepted by the QL compiler.
New features
codeql database analyze
and related commands now export file coverage information by default.
Deprecations
- The possibility to omit
override
annotations on class member predicates that override a base class predicate has been deprecated. This is to avoid confusion with shadowing behaviour in the presence of final member predicates.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.0
.
v2.12.7
Bugs fixed
- Fixed a bug in
codeql database upload-results
where the subcommand would fail with "A fatal error occurred: Invalid SARIF.", reporting anInvalidDefinitionException
. This issue occurred when the SARIF file contained certain kinds of diagnostic information.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.7
.
v2.12.6
Known issues
-
We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with
codeql github upload-results
. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.This issue occurs when uploading certain kinds of diagnostic information and causes the subcommand to fail with "A fatal error occurred: Invalid SARIF.", reporting an
InvalidDefinitionException
.Customers who wish to use CodeQL 2.12.6 or 2.13.0 can work around the problem by passing
--no-sarif-include-diagnostics
to any invocations ofcodeql database analyze
orcodeql database interpret-results
.
New features
- Several experimental subcommands have been added in support of the new code scanning tool status page. These include
codeql database add-diagnostic
,codeql database export-diagnostics
, and thecodeql diagnostic add
andcodeql diagnostic export
plumbing subcommands.
Bugs fixed
- Fixed a bug in
codeql database analyze
and related commands where the--max-paths
option was not respected correctly when multiple alerts with the same primary code location were grouped together.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.6
.
v2.12.5
New features
-
The
codeql pack install
command now accepts a--additional-packs
option. This option takes a list of directories to search for locally available packs when resolving which packs to install. Any pack that is found locally through--additional-packs
will override any other version of a pack found in the package registry. Locally resolved packs are not added to the lock file.Because the use of
--additional-packs
when runningcodeql pack install
makes running queries dependent on the local state of the machine initially invokingcodeql pack install
, a warning is emitted if any pack is found outside of the package registry. This warning can be suppressed by using the--no-strict-mode
option.
Bugs fixed
- Fix a bug in
codeql query run
where queries whose path contain colons cannot be run.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.5
.
v2.12.4
Breaking changes
- The default value of the
--mode
switch tocodeql pack install
has changed. The default is now--mode minimal-update
.
Previously, it wasuse-lock
.
New features
- The per-pack compilation cache has been replaced with a global compilation cache
found within~/.codeql
. codeql pack install
now uses a new algorithm to determine which versions of
the pack's dependencies to use, based on the PubGrub
algorithm.- Added a new command,
codeql pack upgrade
. This command is similar tocodeql pack install
,
except that it ignores any existing lock file, installs the latest compatible version of each
dependency, and writes a new lock file. - Added a new command,
codeql pack ci
. This command is similar tocodeql pack install
,
except if the existing lock file is missing, or if it conflicts with the version constraints in
theqlpack.yml
file, the command generates an error.
Deprecations
- The
--freeze
switch forcodeql pack create
,codeql pack bundle
, andcodeql pack publish
is now deprecated and ignored, as there is no longer a cache within a pack. - The
--mode update
switch tocodeql pack resolve-dependencies
is now deprecated. - The
--mode
switch tocodeql pack install
is now deprecated.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.4
.
v2.12.3
New features
- The CodeQL compiler now produces better error messages when it is unable to find a QL library that the query being evaluated depends on.
Bugs fixed
- Fixed a bug where the CLI would refuse to complete database creation if the OS reports less than about 1.5 GB of physical memory.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.3
.
v2.12.2
Bugs fixed
-
Fixed a QL evaluator bug introduced in release 2.12.1 which could in certain rare cases lead to wrong analysis results.
-
Fixed handling of
-Xclang <arg>
arguments passed to theclang
compiler which could cause missing extractions for C++ code bases. -
Fixed a bug where the
--overwrite
option was failing for database clusters.
Miscellaneous
- The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL CLI has been updated to version 17.0.6.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.2
.
v2.12.1
New features
- Added a new command-line flag
--expect-discarded-cache
, which gives a hint to the evaluator that the evaluation cache will be discarded after analysis completes. This allows it to avoid some unnecessary writes to the cache, for predicates that aren't needed by the query/suite being evaluated.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.1
.
v2.12.0
Breaking changes
- The
--[no-]count-lines
option tocodeql database create
and related commands that was
deprecated in 2.11.1 has been removed. Users of this option should instead pass
--[no-]calculate-baseline
.
New features
- Query packs created by
codeql pack create
,codeql pack bundle
, andcodeql pack release
now
contain precompiled queries in a new format that aims to be compatible with future (and, to a
certain extent, past) releases of the CodeQL CLI. Previously the precompiled queries were in a
format specific to each CLI release, and all other releases would need to re-compile queries. - The
codeql database init
command now accepts a PAT that allows you to download queries from
external, private repositories when using the--codescanning-config <config-file>
option. - The baseline information produced by
codeql database init
and
codeql database create
now accounts for
paths
andpaths-ignore
configuration. - In the VS Code extension, recursive calls will be marked with inlay
hints. - The CLI now gives a more helpful error message when asked to run queries on a
database that has not been finalized.
Bugs fixed
- Fixed a bug where the
codeql pack install
command would fail if
a CodeQL configuration file
is used and the--additional-packs
option is specified.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.0
.
v2.11.6
Breaking changes
- Java and Kotlin analyses in this release of the CLI and all earlier releases are incompatible with Kotlin 1.7.30 and later. To prevent code scanning alerts being spuriously dismissed, Java and Kotlin analyses will now fail when using Kotlin 1.7.30 or later.
Bugs fixed
- Fixed a bug where it was not possible to run queries in CodeQL query packs for C# that use the legacy
libraryPathDependencies
property in theirqlpack.yml
file. The associated error message complained about undefined extensional predicates.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.11.6
.