Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between
v2andv3of the CodeQL Action is the node version they support, withv3running on node 20 while we continue to releasev2to support running on node 16. For example3.22.11was the firstv3release and is functionally identical to2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.[UNRELEASED]
No user facing changes.
3.26.12 - 07 Oct 2024
Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520
If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace
github/codeql-action/*@v3bygithub/codeql-action/*@v3.26.11andgithub/codeql-action/*@v2bygithub/codeql-action/*@v2.26.11in your code scanning workflow to ensure you continue using this version of the CodeQL Action.3.26.11 - 03 Oct 2024
Upcoming breaking change: Add support for using
actions/download-artifact@v4to programmatically consume CodeQL Action debug artifacts.Starting November 30, 2024, GitHub.com customers will no longer be able to use
actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set theCODEQL_ACTION_ARTIFACT_V4_UPGRADEenvironment variable totrueand bumpactions/download-artifact@v3toactions/download-artifact@v4in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped toactions/download-artifact@v3toactions/download-artifact@v4will begin failing then.This change is currently unavailable for GitHub Enterprise Server customers, as
actions/upload-artifact@v4andactions/download-artifact@v4are not yet compatible with GHES.Update default CodeQL bundle version to 2.19.1. #2519
3.26.10 - 30 Sep 2024
- We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502
3.26.9 - 24 Sep 2024
No user facing changes.
3.26.8 - 19 Sep 2024
- Update default CodeQL bundle version to 2.19.0. #2483
3.26.7 - 13 Sep 2024
- Update default CodeQL bundle version to 2.18.4. #2471
3.26.6 - 29 Aug 2024
- Update default CodeQL bundle version to 2.18.3. #2449
3.26.5 - 23 Aug 2024
- Fix an issue where the
csrutilsystem call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441
... (truncated)
c36620d Merge pull request #2529 from github/update-v3.26.12-c9a70ff45570aecb Update changelog for v3.26.12c9a70ff Merge pull request #2526 from github/henrymercer/check-zstd-on-pathd65a176 Rebuildbf2e624 Update src/tar.ts56d1975 Merge pull request #2489 from github/redsun82/rust7cf65a5 Merge pull request #2518 from github/dependabot/npm_and_yarn/npm-88156698cd8a56dd2 Update to @âactions/core 1.11.11532671 Update default bundle to 2.19.1 (#2519)64871a8 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1