You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. [#1729](https://github.com/github/codeql-action/pull/1729)
- The CodeQL Action repository contains a series of tags `v*` corresponding to versions of the CodeQL Action, as is typical. However it also contains a series of tags `codeql-bundle-*` that correspond to versions of the CodeQL Bundle, an artifact that contains the CodeQL CLI and the standard CodeQL libraries.
- As of version 2.13.4 of the CodeQL CLI, we changed the format of the CodeQL Bundle tag from a date, for example `codeql-bundle-20230613`, to a semantic version, for example `codeql-bundle-v2.13.4`.
- This inadvertently sent out Dependabot upgrades that upgraded users from `v2.3.6` to `codeql-bundle-v2.13.4`.
- To ensure that users who merged this Dependabot upgrade continue to receive updates to the CodeQL Action, we are bumping the Action version to make it greater than 2.13.4.
- To help avoid confusion between the version numbers of the CodeQL Action and the CodeQL CLI, we are introducing some separation and bumping the Action to 2.20.0.
