Skip to content
Compare
Choose a tag to compare

Release 2.10.2 (2022-08-02)

  • The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

Breaking change

  • The option --compiler-spec to codeql database create (and codeql database trace-command) no longer works. It is replaced by
    --extra-tracing-config, which accepts a tracer configuration file in the new, Lua-based tracer configuration format instead.

Potentially breaking changes

  • Versions of the CodeQL extension for Visual Studio Code released before February 2021 may not work correctly with this CLI, in particular if database upgrades are necessary. We recommend keeping your VS Code extension up-to-date.

Deprecation

  • The experimental codeql resolve ml-models command has been deprecated. Advanced users calling this command should use the new codeql resolve extensions command instead.

New features

  • The codeql github upload-sarif command now supports a --merge option. If this option is provided, the command will accept the paths to multiple SARIF files, and will merge those files before uploading them as a single analysis.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.10.2.

6998e5c
Compare
Choose a tag to compare

Release 2.10.1 (2022-07-19)

  • The bundled extractors are updated to match the versions currently
    used on LGTM.com. These are newer than the last release (1.30) of
    LGTM Enterprise. If you plan to upload databases to an LGTM
    Enterprise 1.30 instance, you need to create them with release
    2.7.6.

New features

  • Improved error message from codeql database analyze when a query is
    missing @id or @kind query metadata.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.10.1.

Compare
Choose a tag to compare

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

Breaking changes

  • The --format=stats option of codeql generate log-summary has been renamed to --format=overall. It now produces a richer JSON object that, in addition to the previous statistics about the run (which can be found in the stats property) also records the most expensive predicates in the evaluation run.

Potentially breaking changes

  • The codeql resolve ml-model command now requires one or more query specifications as command line arguments in order to determine the set of starting packs from which to initiate the resolution process.

  • The buildMetadata inside of compiled CodeQL packs no longer contains a creationTime property.

  • The codeql pack download command, when used with the --dir option, now downloads requested packs in directories corresponding to their version numbers.

New features

  • You can now include diagnostic messages in the summary produced by the --print-diagnostics-summary option of the codeql database interpret-results and codeql database analyze commands by running these commands at high verbosity levels.

Bugs fixed

  • Fixed a bug where codeql pack download, when used with the --dir option, would not download a pack that is in the global package cache.

  • Fixed a bug where some versions of a CodeQL package could not be downloaded if there are more than 100 versions of this package in the package registry.

  • Fixed a bug where the --also-match option for codeql resolve files and codeql database index-files does not work with relative paths.

  • Fixed a bug that caused codeql query decompile to ignore the --output option when producing bytecode output (--kind=bytecode), writing only to stdout.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

4ff0d79
Compare
Choose a tag to compare

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

New features

  • Users of CodeQL Packaging Beta can now optionally authenticate to Container registries on GitHub Enterprise Server (GHES) versions 3.6 and later using standard input instead of the CODEQL_REGISTRIES_AUTH environment variable. To authenticate via standard input, pass --registries-auth-stdin. The value you provide will override the value of the CODEQL_REGISTRIES_AUTH environment variable.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

Compare
Choose a tag to compare

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

New features

  • Users can now use CodeQL Packaging Beta to publish and download CodeQL packs on GitHub Enterprise Server (GHES) versions 3.6 and later.

Bugs Fixed

  • Fixed a bug where precompiled CodeQL packages in the CodeQL bundle were being recompiled if they were in a read-only directory.

  • Fixed a bug where new versions of the VS Code extension wouldn't run two queries in parallel against one database.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

77ec3d1
Compare
Choose a tag to compare
  • The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

Features removed

  • The table printed by codeql database analyze to summarize the results of metric queries that were part of the analysis now reports a single row per metric name independently of the verbosity level of the command. Previously, at higher verbosity levels, this table would contain multiple rows for metric names with multiple values.

New features

  • The tables produced by codeql database analyze summarizing the results of any diagnostic and metric queries that were run now exclude the results of queries tagged telemetry.

  • Uploading SARIF results using the codeql github upload-results command now has a timeout of 5 minutes.

  • Downloading CodeQL packs using the codeql pack download, codeql pack install and related commands now have a timeout of 5 minutes and will retry 3 times before failing. Similar behavior has been added to the codeql pack publish command.

  • The codeql generate log-summary command will now print progress updates to stderr.

Bugs fixed

  • Fixed a bug that could make it unpredictable whether the QL compiler reports problems about query metadata tags, and thereby make codeql test run fail spuriously in some cases.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

6d925e2
Compare
Choose a tag to compare

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

Compare
Choose a tag to compare

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

New features

  • codeql database create now supports the --[no-]-count-lines option, which was previously only available with codeql database init.

  • codeql resolve files and codeql database index-files has a new --also-match option, which allows users to specify glob patterns that are applied in conjunction with the existing --include option.

New language features

  • This release introduces experimental support for parameterized QL modules. This language feature is still subject to change and should not be used in production yet.

Bugs fixed

  • Fixed a bug that would prevent resolution of a query suite in a published CodeQL query pack that has a reference to the pack itself.

  • Fixed inaccurate documentation of what the --include-extension option to codeql resolve files and codeql database index-files does. The actual behavior is unchanged.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

74b59f9
Compare
Choose a tag to compare
  • The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

  • There are no user-facing changes in this release.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

339acad
Compare
Choose a tag to compare
  • The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.29) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.29 instance, you need to create them with release 2.6.3.

Bugs fixed

  • Fixed an error where running out of memory during query evaluation would cause codeql to exit with status 34 instead of the 99 that is documented for this condition.

  • Fixed a bug in our handling of Clang's header maps, which caused missing files for Xcode-based projects on macOS (e.g. WebKit).

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.