v2.1.33

CodeQL Action Changelog

2.1.33 - 16 Nov 2022

• Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in CodeQL Action version 2.1.27. #1322
• Bump the minimum CodeQL bundle version to 2.6.3. #1358

See the full CHANGELOG.md for more information.

v1.1.33

CodeQL Action Changelog

1.1.33 - 16 Nov 2022

• Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in CodeQL Action version 2.1.27. #1322
• Bump the minimum CodeQL bundle version to 2.6.3. #1358

See the full CHANGELOG.md for more information.

v2.1.32

CodeQL Action Changelog

2.1.32 - 14 Nov 2022

• Update default CodeQL bundle version to 2.11.3. #1348
• Update the ML-powered additional query pack for JavaScript to version 0.4.0. #1351

See the full CHANGELOG.md for more information.

v1.1.32

CodeQL Action Changelog

1.1.32 - 14 Nov 2022

• Update default CodeQL bundle version to 2.11.3. #1348
• Update the ML-powered additional query pack for JavaScript to version 0.4.0. #1351

See the full CHANGELOG.md for more information.

CodeQL Bundle

Bundles CodeQL CLI v2.11.3

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.11.3:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)

v2.1.31

CodeQL Action Changelog

2.1.31 - 04 Nov 2022

• The rb/weak-cryptographic-algorithm Ruby query has been updated to no longer report uses of hash functions such as MD5 and SHA1 even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the github/codeql repository. #1344

See the full CHANGELOG.md for more information.

v1.1.31

CodeQL Action Changelog

1.1.31 - 04 Nov 2022

• The rb/weak-cryptographic-algorithm Ruby query has been updated to no longer report uses of hash functions such as MD5 and SHA1 even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the github/codeql repository. #1344

See the full CHANGELOG.md for more information.

v2.1.30

CodeQL Action Changelog

2.1.30 - 02 Nov 2022

• Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as ubuntu-22.04 that uses glibc version 2.34 and later. #1334

See the full CHANGELOG.md for more information.

v1.1.30

CodeQL Action Changelog

1.1.30 - 02 Nov 2022

• Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as ubuntu-22.04 that uses glibc version 2.34 and later. #1334

See the full CHANGELOG.md for more information.

v2.1.29

CodeQL Action Changelog

2.1.29 - 26 Oct 2022

• Update default CodeQL bundle version to 2.11.2. #1320

See the full CHANGELOG.md for more information.