Merge pull request #2192 from github/update-v3.24.7-5e882999f

* Update changelog and version after v3.24.6 * Update checked-in dependencies * Bump the npm group with 3 updates (#2183) * Bump the npm group with 3 updates Bumps the npm group with 3 updates: [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser), [eslint-plugin-github](https://github.com/github/eslint-plugin-github) and [nock](https://github.com/nock/nock). Updates `@typescript-eslint/parser` from 7.1.0 to 7.1.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.1.1/packages/parser) Updates `eslint-plugin-github` from 4.10.1 to 4.10.2 - [Release notes](https://github.com/github/eslint-plugin-github/releases) - [Commits](github/eslint-plugin-github@v4.10.1...v4.10.2) Updates `nock` from 13.5.3 to 13.5.4 - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](nock/nock@v13.5.3...v13.5.4) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: eslint-plugin-github dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: nock dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> * Update checked-in dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update supported GitHub Enterprise Server versions * Update `languages` help Recommend using a matrix build * Remove experimental qualifiers from build mode input * Escape named value in input description * Fail `analyze` step by passing an invalid option to `database finalize` (#2189) As the `ram: 1` trick won't work anymore with updates to the CLI. * Update default bundle to 2.16.4 (#2185) * Update default bundle to codeql-bundle-v2.16.4 * Add changelog note --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Angela P Wen <angelapwen@github.com> * Use the `--sarif-include-query-help` option when supported * Bump the npm group with 2 updates (#2190) * Bump the npm group with 2 updates Bumps the npm group with 2 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [typescript](https://github.com/Microsoft/TypeScript). Updates `@typescript-eslint/eslint-plugin` from 7.1.0 to 7.1.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.1.1/packages/eslint-plugin) Updates `typescript` from 5.3.3 to 5.4.2 - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.3.3...v5.4.2) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> * Rebuild sources --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> * Update changelog for v3.24.7 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Angela P Wen <angelapwen@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Henry Mercer <henrymercer@github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
github · Mar 12, 2024 · 3ab4101 · 3ab4101
2 parents 8a470fd + a006adf
commit 3ab4101
Show file tree

Hide file tree

Showing 3,439 changed files with 13,734 additions and 136,539 deletions.
diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml
@@ -50,9 +50,11 @@ jobs:
         run: ./build.sh
       - uses: ./../action/analyze
         id: analysis
+        env: 
+          # Forces a failure in this step.
+          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
         with:
           expect-error: true
-          ram: 1
   download-and-check-artifacts:
     name: Download and check debug artifacts after failure in analyze
     needs: upload-artifacts

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.24.7 - 12 Mar 2024
+
+- Update default CodeQL bundle version to 2.16.4. [#2185](https://github.com/github/codeql-action/pull/2185)
+
 ## 3.24.6 - 29 Feb 2024
 
 No user facing changes.

diff --git a/init/action.yml b/init/action.yml
@@ -7,25 +7,33 @@ inputs:
     required: false
     # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
-    description: |
-      A comma-separated value of the languages to be analysed e.g. python,javascript
+    description: >-
+      A comma-separated list of CodeQL languages to analyze.
+
+      Due to the performance benefit of parallelizing builds, we recommend specifying languages to
+      analyze using a matrix and providing `\$\{{ matrix.language }}` as this input.
+
+      For more information, see
+      https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed.
     required: false
   build-mode:
     description: >-
-      [Experimental, for internal testing only] The build mode that will be used to analyze the language.
-      This input is only available in single-language analyses.
+      The build mode that will be used to analyze the language. This input is only available when
+      analyzing a single CodeQL language per job, for example using a matrix.
 
       Available build modes will differ based on the language being analyzed. One of: 
 
-      - none:      The database will be created without building the source code.
-                   Available for all interpreted languages and some compiled languages.
-      - autobuild: The database will be created by attempting to automatically build the source code.
-                   To use this build mode, ensure that your workflow calls the `autobuild` action
-                   between the `init` and `analyze` steps.
-                   Available for all compiled languages.
-      - manual:    The database will be created by building the source code using a manually specified
-                   build command. To use this build mode, specify manual build steps in your workflow
-                   between the `init` and `analyze` steps. Available for all compiled languages.
+      - `none`:      The database will be created without building the source code.
+                     Available for all interpreted languages and some compiled languages.
+      - `autobuild`: The database will be created by attempting to automatically build the source
+                     code.
+                     To use this build mode, ensure that your workflow calls the `autobuild` action
+                     between the `init` and `analyze` steps.
+                     Available for all compiled languages.
+      - `manual`:   The database will be created by building the source code using a manually
+                     specified build command. To use this build mode, specify manual build steps in
+                     your workflow between the `init` and `analyze` steps. Available for all
+                     compiled languages.
     required: false
   token:
     description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.

diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json
@@ -1 +1 @@
-{ "maximumVersion": "3.12", "minimumVersion": "3.8" }
+{ "maximumVersion": "3.13", "minimumVersion": "3.8" }
diff --git a/lib/codeql.js b/lib/codeql.js
diff --git a/lib/codeql.js.map b/lib/codeql.js.map
diff --git a/lib/defaults.json b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.3",
-    "cliVersion": "2.16.3",
-    "priorBundleVersion": "codeql-bundle-v2.16.2",
-    "priorCliVersion": "2.16.2"
+    "bundleVersion": "codeql-bundle-v2.16.4",
+    "cliVersion": "2.16.4",
+    "priorBundleVersion": "codeql-bundle-v2.16.3",
+    "priorCliVersion": "2.16.3"
 }
diff --git a/lib/trap-caching.js b/lib/trap-caching.js
diff --git a/lib/trap-caching.js.map b/lib/trap-caching.js.map
diff --git a/lib/trap-caching.test.js b/lib/trap-caching.test.js