Sourced from ossf/scorecard-action's\nreleases.
\n\n\nv2.3.3
\n\n\n[!NOTE]
\n
\nThere is no v2.3.2 release as a step was skipped in the release process.\nThis was fixed and re-released under the v2.3.3 tagWhat's Changed
\n\n
\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by
\n@spencerschrock
\nin ossf/scorecard-action#1366- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\nv5.0.0-rc2 by
\n@spencerschrock
\nin ossf/scorecard-action#1374- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\nv5.0.0-rc2.0.20240509182734-7ce860946928 by
\n@spencerschrock
\nin ossf/scorecard-action#1377For a full changelist of what these include, see the v5.0.0-rc1\nand v5.0.0-rc2\nrelease notes.
\nDocumentation
\n\n
\n- :book: Move token discussion out of main README. by
\n@spencerschrock
\nin ossf/scorecard-action#1279- :book: link to
\nossf/scorecard
workflow instead of\nmaintaining an example by@spencerschrock
\nin ossf/scorecard-action#1352- :book: update api links to new scorecard.dev site by
\n@spencerschrock
\nin ossf/scorecard-action#1376Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
\n
dc50aa9
\n:seedling: Bump docker tag for v2.3.3 release (#1368)8ff5700
\n:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\nv5.0.0-rc2.0....8ba5e73
\nupdate api links to new scorecard.dev site (#1376)92ddde3
\nBump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)6c55905
\n:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)09bb953
\n:seedling: Bump distroless/base in the docker-images group (#1372)1511e13
\n:seedling: Bump the github-actions group across 1 directory with 6\nupdates (#...df66cd8
\n:seedling: Bump the docker-images group with 2 updates (#1370)fad9a3c
\n:seedling: Bump distroless/base in the docker-images group (#1364)1e01a30
\n:seedling: Bump the github-actions group with 3 updates (#1365)Sourced from ossf/scorecard-action's\nreleases.
\n\n\nv2.3.3
\n\n\n[!NOTE]
\n
\nThere is no v2.3.2 release as a step was skipped in the release process.\nThis was fixed and re-released under the v2.3.3 tagWhat's Changed
\n\n
\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by
\n@spencerschrock
\nin ossf/scorecard-action#1366- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\nv5.0.0-rc2 by
\n@spencerschrock
\nin ossf/scorecard-action#1374- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\nv5.0.0-rc2.0.20240509182734-7ce860946928 by
\n@spencerschrock
\nin ossf/scorecard-action#1377For a full changelist of what these include, see the v5.0.0-rc1\nand v5.0.0-rc2\nrelease notes.
\nDocumentation
\n\n
\n- :book: Move token discussion out of main README. by
\n@spencerschrock
\nin ossf/scorecard-action#1279- :book: link to
\nossf/scorecard
workflow instead of\nmaintaining an example by@spencerschrock
\nin ossf/scorecard-action#1352- :book: update api links to new scorecard.dev site by
\n@spencerschrock
\nin ossf/scorecard-action#1376Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
\n
dc50aa9
\n:seedling: Bump docker tag for v2.3.3 release (#1368)8ff5700
\n:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\nv5.0.0-rc2.0....8ba5e73
\nupdate api links to new scorecard.dev site (#1376)92ddde3
\nBump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)6c55905
\n:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)09bb953
\n:seedling: Bump distroless/base in the docker-images group (#1372)1511e13
\n:seedling: Bump the github-actions group across 1 directory with 6\nupdates (#...df66cd8
\n:seedling: Bump the docker-images group with 2 updates (#1370)fad9a3c
\n:seedling: Bump distroless/base in the docker-images group (#1364)1e01a30
\n:seedling: Bump the github-actions group with 3 updates (#1365)Sourced from github/codeql-action's\nreleases.
\n\n\nCodeQL Bundle v2.17.4
\nBundles CodeQL CLI v2.17.4
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.4
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.3
\nBundles CodeQL CLI v2.17.3
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.3
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.2
\nBundles CodeQL CLI v2.17.2
\n\nIncludes the following CodeQL language packs from
\n\n\ngithub/codeql@codeql-cli/v2.17.2
:
... (truncated)
\nSourced from github/codeql-action's\nchangelog.
\n\n\nCodeQL Action Changelog
\nSee the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.
\nNote that the only difference between
\nv2
and\nv3
of the CodeQL Action is the node version they support,\nwithv3
running on node 20 while we continue to release\nv2
to support running on node 16. For example\n3.22.11
was the firstv3
release and is\nfunctionally identical to2.22.11
. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.[UNRELEASED]
\nNo user facing changes.
\n3.25.7 - 31 May 2024
\n\n
\n- We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
\n3.25.6 - 20 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.3. #2295
\n3.25.5 - 13 May 2024
\n\n
\n- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
\n- Avoid printing out a warning for a missing
\non.push
\ntrigger when the CodeQL Action is triggered via a\nworkflow_call
event. #2274- The
\ntools: latest
input to theinit
Action\nhas been renamed totools: linked
. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.2. #2270
\n3.25.3 - 25 Apr 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.1. #2247
\n- Workflows running on
\nmacos-latest
using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nasmacos-12
. ARM machines with SIP disabled, including the\nnewestmacos-latest
image, are unsupported for CLI versions\nbefore 2.15.1. #22613.25.2 - 22 Apr 2024
\nNo user facing changes.
\n3.25.1 - 17 Apr 2024
\n\n
\n- We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the
\nautobuild
build\nmode. #2235- Fix a bug where the
\ninit
Action would fail if\n--overwrite
was specified in\nCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
\n\n
\n\n- \n
\nThe deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224
\nAs a result, the following inputs and environment variables are now\nignored:
\n\n
\n- The
\nsetup-python-dependencies
input to the\ninit
Action- The\n
\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
\nenvironment variable
... (truncated)
\nf079b84
\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1e1a4268
\nUpdate changelog for v3.25.7a095bf2
\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...bbd4e19
\nRevert "Update default bundle to 2.17.4"9ab5d16
\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4028346e
\nAdd changelog note5fe0847
\nUpdate default bundle to codeql-bundle-v2.17.49550da9
\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error6548a4d
\nAdd configuration error for missing auth to package registry7927df0
\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)Sourced from github/codeql-action's\nreleases.
\n\n\nCodeQL Bundle v2.17.4
\nBundles CodeQL CLI v2.17.4
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.4
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.3
\nBundles CodeQL CLI v2.17.3
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.3
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.2
\nBundles CodeQL CLI v2.17.2
\n\nIncludes the following CodeQL language packs from
\n\n\ngithub/codeql@codeql-cli/v2.17.2
:
... (truncated)
\nSourced from github/codeql-action's\nchangelog.
\n\n\nCodeQL Action Changelog
\nSee the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.
\nNote that the only difference between
\nv2
and\nv3
of the CodeQL Action is the node version they support,\nwithv3
running on node 20 while we continue to release\nv2
to support running on node 16. For example\n3.22.11
was the firstv3
release and is\nfunctionally identical to2.22.11
. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.[UNRELEASED]
\nNo user facing changes.
\n3.25.7 - 31 May 2024
\n\n
\n- We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
\n3.25.6 - 20 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.3. #2295
\n3.25.5 - 13 May 2024
\n\n
\n- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
\n- Avoid printing out a warning for a missing
\non.push
\ntrigger when the CodeQL Action is triggered via a\nworkflow_call
event. #2274- The
\ntools: latest
input to theinit
Action\nhas been renamed totools: linked
. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.2. #2270
\n3.25.3 - 25 Apr 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.1. #2247
\n- Workflows running on
\nmacos-latest
using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nasmacos-12
. ARM machines with SIP disabled, including the\nnewestmacos-latest
image, are unsupported for CLI versions\nbefore 2.15.1. #22613.25.2 - 22 Apr 2024
\nNo user facing changes.
\n3.25.1 - 17 Apr 2024
\n\n
\n- We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the
\nautobuild
build\nmode. #2235- Fix a bug where the
\ninit
Action would fail if\n--overwrite
was specified in\nCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
\n\n
\n\n- \n
\nThe deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224
\nAs a result, the following inputs and environment variables are now\nignored:
\n\n
\n- The
\nsetup-python-dependencies
input to the\ninit
Action- The\n
\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
\nenvironment variable
... (truncated)
\nf079b84
\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1e1a4268
\nUpdate changelog for v3.25.7a095bf2
\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...bbd4e19
\nRevert "Update default bundle to 2.17.4"9ab5d16
\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4028346e
\nAdd changelog note5fe0847
\nUpdate default bundle to codeql-bundle-v2.17.49550da9
\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error6548a4d
\nAdd configuration error for missing auth to package registry7927df0
\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)Sourced from github/codeql-action's\nreleases.
\n\n\nCodeQL Bundle v2.17.4
\nBundles CodeQL CLI v2.17.4
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.4
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.3
\nBundles CodeQL CLI v2.17.3
\n\nIncludes the following CodeQL language packs from
\ngithub/codeql@codeql-cli/v2.17.3
:\n
\n- \n
codeql/cpp-queries
(changelog,\nsource)- \n
codeql/cpp-all
(changelog,\nsource)- \n
codeql/csharp-queries
(changelog,\nsource)- \n
codeql/csharp-all
(changelog,\nsource)- \n
codeql/go-queries
(changelog,\nsource)- \n
codeql/go-all
(changelog,\nsource)- \n
codeql/java-queries
(changelog,\nsource)- \n
codeql/java-all
(changelog,\nsource)- \n
codeql/javascript-queries
(changelog,\nsource)- \n
codeql/javascript-all
(changelog,\nsource)- \n
codeql/python-queries
(changelog,\nsource)- \n
codeql/python-all
(changelog,\nsource)- \n
codeql/ruby-queries
(changelog,\nsource)- \n
codeql/ruby-all
(changelog,\nsource)- \n
codeql/swift-queries
(changelog,\nsource)- \n
codeql/swift-all
(changelog,\nsource)CodeQL Bundle v2.17.2
\nBundles CodeQL CLI v2.17.2
\n\nIncludes the following CodeQL language packs from
\n\n\ngithub/codeql@codeql-cli/v2.17.2
:
... (truncated)
\nSourced from github/codeql-action's\nchangelog.
\n\n\nCodeQL Action Changelog
\nSee the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.
\nNote that the only difference between
\nv2
and\nv3
of the CodeQL Action is the node version they support,\nwithv3
running on node 20 while we continue to release\nv2
to support running on node 16. For example\n3.22.11
was the firstv3
release and is\nfunctionally identical to2.22.11
. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.[UNRELEASED]
\nNo user facing changes.
\n3.25.7 - 31 May 2024
\n\n
\n- We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
\n3.25.6 - 20 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.3. #2295
\n3.25.5 - 13 May 2024
\n\n
\n- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
\n- Avoid printing out a warning for a missing
\non.push
\ntrigger when the CodeQL Action is triggered via a\nworkflow_call
event. #2274- The
\ntools: latest
input to theinit
Action\nhas been renamed totools: linked
. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #22813.25.4 - 08 May 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.2. #2270
\n3.25.3 - 25 Apr 2024
\n\n
\n- Update default CodeQL bundle version to 2.17.1. #2247
\n- Workflows running on
\nmacos-latest
using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nasmacos-12
. ARM machines with SIP disabled, including the\nnewestmacos-latest
image, are unsupported for CLI versions\nbefore 2.15.1. #22613.25.2 - 22 Apr 2024
\nNo user facing changes.
\n3.25.1 - 17 Apr 2024
\n\n
\n- We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the
\nautobuild
build\nmode. #2235- Fix a bug where the
\ninit
Action would fail if\n--overwrite
was specified in\nCODEQL_ACTION_EXTRA_OPTIONS
. #22453.25.0 - 15 Apr 2024
\n\n
\n\n- \n
\nThe deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224
\nAs a result, the following inputs and environment variables are now\nignored:
\n\n
\n- The
\nsetup-python-dependencies
input to the\ninit
Action- The\n
\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION
\nenvironment variable
... (truncated)
\nf079b84
\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1e1a4268
\nUpdate changelog for v3.25.7a095bf2
\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...bbd4e19
\nRevert "Update default bundle to 2.17.4"9ab5d16
\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4028346e
\nAdd changelog note5fe0847
\nUpdate default bundle to codeql-bundle-v2.17.49550da9
\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error6548a4d
\nAdd configuration error for missing auth to package registry7927df0
\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)