Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: github/codeql-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.28.11
Choose a base ref
...
head repository: github/codeql-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.28.12
Choose a head ref
8 contributors

Commits on Mar 7, 2025

  1. Update changelog and version after v3.28.11

    @github-actions
    github-actions[bot] committed Mar 7, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    d1b3f74 View commit details

  2. Update checked-in dependencies

    @github-actions
    github-actions[bot] committed Mar 7, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    ff91c9d View commit details

  3. Merge pull request #2799 from github/mergeback/v3.28.11-to-main-6bb031af 

    Mergeback v3.28.11 refs/heads/releases/v3 into main
    @cklin
    cklin authored Mar 7, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b2e6519 View commit details

  4. Minimally remove micromatch

    @aeisenberg
    aeisenberg committed Mar 7, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    88676f2 View commit details

Commits on Mar 10, 2025

  1. Do not set --expect-discarded-cache on "cleanup-level: overlay" 

    When a user specifies "cleanup-level: overlay", it suggests that the
user wishes to preserve the evaluation cache for future use. So in this
case we should not set --expect-discarded-cache when running queries.
    @cklin
    cklin committed Mar 10, 2025
    Copy the full SHA
    d76f393 View commit details

  2. build(deps-dev): bump the npm group with 3 updates 

    Bumps the npm group with 3 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `@eslint/js` from 9.21.0 to 9.22.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.22.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.26.0 to 8.26.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.26.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.26.0 to 8.26.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.26.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Mar 10, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    248ab9b View commit details

  3. Update checked-in dependencies

    @github-actions
    github-actions[bot] committed Mar 10, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    053e218 View commit details

  4. build(deps): bump ruby/setup-ruby in the actions group 

    Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.221.0 to 1.222.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@32110d4...277ba2a)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Mar 10, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    aecf015 View commit details

  5. Merge pull request #2803 from github/dependabot/npm_and_yarn/npm-129f… 

    …0c3752

build(deps-dev): bump the npm group with 3 updates
    @henrymercer
    henrymercer authored Mar 10, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b46b37a View commit details

  6. Update pr-check

    @aeisenberg
    aeisenberg committed Mar 10, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    d376269 View commit details

  7. Pass overlay mode into databaseInitCluster() 

    This commit adds a OverlayDatabaseMode parameter to
databaseInitCluster(). The parameter controls the "codeql database init"
flags concerning overlay database creation.

There is no behavior change in this commit because we always pass
OverlayDatabaseMode.None to databaseInitCluster(). That will change in
the next commit.
    @cklin
    cklin committed Mar 10, 2025
    Copy the full SHA
    270886f View commit details

  8. Support overlay database creation 

    This commit adds support for creating overlay-base and overlay
databases, controlled via the CODEQL_OVERLAY_DATABASE_MODE environment
variable.
    @cklin
    cklin committed Mar 10, 2025
    Copy the full SHA
    ff5f0b9 View commit details

  9. build: refresh js files

    @cklin
    cklin committed Mar 10, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    0efe12d View commit details

Commits on Mar 11, 2025

  1. Merge pull request #2801 from github/cklin/overlay-databases 

    Basic support for overlay databases
    @cklin
    cklin authored Mar 11, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    13f2f96 View commit details

  2. Merge pull request #2804 from github/dependabot/github_actions/action… 

    …s-96d25c356e

build(deps): bump ruby/setup-ruby from 1.221.0 to 1.222.0 in the actions group
    @aeisenberg
    aeisenberg authored Mar 11, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7254660 View commit details

  3. Merge pull request #2800 from github/aeisenberg/remove-minimatch 

    Minimally remove micromatch
    @aeisenberg
    aeisenberg authored Mar 11, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    dc49dca View commit details

Commits on Mar 13, 2025

  1. Set and cache dependency directory for Java build-mode: none

    @mbg
    mbg committed Mar 13, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    mbg Michael B. Gale
    GPG key ID: FF5E2765BD00628F
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f8367fb View commit details

  2. Add more documentation

    @mbg
    mbg committed Mar 13, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    mbg Michael B. Gale
    GPG key ID: FF5E2765BD00628F
    Verified
    Learn about vigilant mode
    Copy the full SHA
    afa3ed3 View commit details

  3. Update changelog

    @mbg
    mbg committed Mar 13, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    mbg Michael B. Gale
    GPG key ID: FF5E2765BD00628F
    Verified
    Learn about vigilant mode
    Copy the full SHA
    251c7fd View commit details

  4. git-utils: deleted unused functions

    @cklin
    cklin committed Mar 13, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    c31f6c8 View commit details

  5. Merge pull request #2806 from github/cklin/delete-unused-git-utils 

    git-utils: deleted unused functions
    @cklin
    cklin authored Mar 13, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f338ec8 View commit details

Commits on Mar 14, 2025

  1. Fix dependabot errors 

    I explicitly had to downgrade "@octokit/plugin-retry" to "^6.0.0". Other
dependencies were upgraded.
    @aeisenberg
    aeisenberg committed Mar 14, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    5f98c40 View commit details

  2. Merge pull request #2808 from github/aeisenberg/fix-dependabot 

    Fix dependabot errors
    @aeisenberg
    aeisenberg authored Mar 14, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    70df9de View commit details

Commits on Mar 17, 2025

  1. Remove temporary dependency directory in analyze post action

    @mbg
    mbg committed Mar 17, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    mbg Michael B. Gale
    GPG key ID: FF5E2765BD00628F
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4c409a5 View commit details

  2. build(deps): bump ruby/setup-ruby in the actions group 

    Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.222.0 to 1.226.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@277ba2a...922ebc4)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Mar 17, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    611289e View commit details

  3. Manually bump workflow to match autogenerated file

    @angelapwen
    angelapwen committed Mar 17, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    7866bcd View commit details

  4. Merge pull request #2811 from github/dependabot/github_actions/action… 

    …s-c2c311daa1

build(deps): bump ruby/setup-ruby from 1.222.0 to 1.226.0 in the actions group
    @angelapwen
    angelapwen authored Mar 17, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6a151cd View commit details

Commits on Mar 18, 2025

  1. Merge pull request #2802 from github/mbg/dependency-caching/java-buil… 

    …dless

Set and cache dependency directory for Java `build-mode: none`
    @mbg
    mbg authored Mar 18, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    55f0237 View commit details

  2. Update default bundle to codeql-bundle-v2.20.7

    @github-actions @smowton
    github-actions[bot] authored and smowton committed Mar 18, 2025
    Copy the full SHA
    4e3a534 View commit details

  3. Add changelog note

    @github-actions @smowton
    github-actions[bot] authored and smowton committed Mar 18, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    d7d03fd View commit details

  4. Merge pull request #2810 from github/update-bundle/codeql-bundle-v2.20.7 

    Update default bundle to 2.20.7
    @smowton
    smowton authored Mar 18, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6349095 View commit details

Commits on Mar 19, 2025

  1. Update changelog for v3.28.12

    @github-actions
    github-actions[bot] committed Mar 19, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    bb59f77 View commit details

  2. Merge pull request #2814 from github/update-v3.28.12-6349095d1 

    Merge main into releases/v3
    @smowton
    smowton authored Mar 19, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5f8171a View commit details
Showing 1,686 changed files with 168,650 additions and 540,444 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/__rubocop-multi-language.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,11 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 3.28.12 - 19 Mar 2025

- Dependency caching should now cache more dependencies for Java `build-mode: none` extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
- Update default CodeQL bundle version to 2.20.7. [#2810](https://github.com/github/codeql-action/pull/2810)

## 3.28.11 - 07 Mar 2025

- Update default CodeQL bundle version to 2.20.6. [#2793](https://github.com/github/codeql-action/pull/2793)
14 changes: 14 additions & 0 deletions lib/analyze-action-post.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action-post.js.map
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions lib/analyze-action.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading