v2.13.5

New Features

• The Swift extractor now supports Swift 5.8.1.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.5.

v2.13.4

New features

• Temporary files and folders created by the CodeQL CLI will now be cleaned up when each CLI command (and its internal JVM) shuts down normally.

Bugs fixed

• Fixed an issue where indirect build tracing did not work in Azure DevOps pipeline jobs in Windows containers. To use indirect build tracing in such environments, ensure both the --begin-tracing and --trace-process-name=CExecSvc.exe arguments are passed to codeql database init.
• Improved the error message for the codeql pack create command when the pack being published has a dependency with no scope in its name.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.4.

v2.13.3

New features

• This release enhances our preliminary Swift support, setting the stage for the upcoming public beta.

• The codeql database bundle command now supports the --[no]-include-temp option. When enabled, this option will include the temp folder of the database directory in the zip file of the bundled database.

• The structured log produced by codeql generate log-summary now includes a Boolean isCached field for predicate events.

Bugs fixed

• Fixed a bug that could cause the compiler to infer incorrect binding sets for non-direct calls to overriding member predicates.

• Fixed a bug that could have caused the compiler to incorrectly infer that a class matched a type signature.

• Fixed a bug where a query could not be run from VS Code when there were packs nested within sibling directories of the query.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.3.

v2.13.1

Bugs fixed

• Fixed a bug in codeql database upload-results where the subcommand
  would fail with "A fatal error occurred: Invalid SARIF.", reporting
  an InvalidDefinitionException. This issue occurred when the SARIF
  file contained certain kinds of diagnostic information.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL
  CLI has been updated to version 17.0.7.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.1.

v2.13.0

Known issues

• We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with codeql github upload-results. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1. For more information, see the "Known issues" section for CodeQL 2.12.6.

Potentially breaking changes

• In codeql pack add, the dependency that is added to the qlpack.yml file will now allow any version of the pack that is compatible with the specified version (^version) in specific cases.
• Upper-case variable names are no longer accepted by the QL compiler.

New features

• codeql database analyze and related commands now export file coverage information by default.

Deprecations

• The possibility to omit override annotations on class member predicates that override a base class predicate has been deprecated. This is to avoid confusion with shadowing behaviour in the presence of final member predicates.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.0.

v2.12.7

Bugs fixed

• Fixed a bug in codeql database upload-results where the subcommand would fail with "A fatal error occurred: Invalid SARIF.", reporting an InvalidDefinitionException. This issue occurred when the SARIF file contained certain kinds of diagnostic information.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.7.

v2.12.6

Known issues

• We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with codeql github upload-results. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.

  This issue occurs when uploading certain kinds of diagnostic information and causes the subcommand to fail with "A fatal error occurred: Invalid SARIF.", reporting an InvalidDefinitionException.

  Customers who wish to use CodeQL 2.12.6 or 2.13.0 can work around the problem by passing --no-sarif-include-diagnostics to any invocations of codeql database analyze or codeql database interpret-results.

New features

• Several experimental subcommands have been added in support of the new code scanning tool status page. These include codeql database add-diagnostic, codeql database export-diagnostics, and the codeql diagnostic add and codeql diagnostic export plumbing subcommands.

Bugs fixed

• Fixed a bug in codeql database analyze and related commands where the --max-paths option was not respected correctly when multiple alerts with the same primary code location were grouped together.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.6.

v2.12.5

New features

• The codeql pack install command now accepts a --additional-packs option. This option takes a list of directories to search for locally available packs when resolving which packs to install. Any pack that is found locally through --additional-packs will override any other version of a pack found in the package registry. Locally resolved packs are not added to the lock file.

  Because the use of --additional-packs when running codeql pack install makes running queries dependent on the local state of the machine initially invoking codeql pack install, a warning is emitted if any pack is found outside of the package registry. This warning can be suppressed by using the --no-strict-mode option.

Bugs fixed

• Fix a bug in codeql query run where queries whose path contain colons cannot be run.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.5.

v2.12.4

Breaking changes

• The default value of the --mode switch to codeql pack install has changed. The default is now --mode minimal-update.
  Previously, it was use-lock.

New features

• The per-pack compilation cache has been replaced with a global compilation cache
  found within ~/.codeql.
• codeql pack install now uses a new algorithm to determine which versions of
  the pack's dependencies to use, based on the PubGrub
  algorithm.
• Added a new command, codeql pack upgrade. This command is similar to codeql pack install,
  except that it ignores any existing lock file, installs the latest compatible version of each
  dependency, and writes a new lock file.
• Added a new command, codeql pack ci. This command is similar to codeql pack install,
  except if the existing lock file is missing, or if it conflicts with the version constraints in
  the qlpack.yml file, the command generates an error.

Deprecations

• The --freeze switch for codeql pack create, codeql pack bundle, and codeql pack publish
  is now deprecated and ignored, as there is no longer a cache within a pack.
• The --mode update switch to codeql pack resolve-dependencies is now deprecated.
• The --mode switch to codeql pack install is now deprecated.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.4.

v2.12.3

New features

• The CodeQL compiler now produces better error messages when it is unable to find a QL library that the query being evaluated depends on.

Bugs fixed

• Fixed a bug where the CLI would refuse to complete database creation if the OS reports less than about 1.5 GB of physical memory.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.3.