chore: bump pinned CodeQL CLI to v2.21.4#164
Closed
security-lab-bot[bot] wants to merge 1 commit into
Closed
Conversation
Contributor
|
Closing - this was a live validation test of the update-codeql-version.yml fix in #163 (workflow_dispatch run against the fix branch, so it's based on fix/update-codeql-version-packages-read rather than main). It confirmed the fix works end-to-end: all 7 languages (cpp, csharp, go, java, javascript, python, ruby) now correctly pin to their exact CodeQL-Bundle-paired versions (e.g. codeql/go-all@4.2.6 instead of jumping to registry-latest 7.2.0), and ql/hotspots no longer breaks the loop. The real CLI 2.21.4 bump PR will be opened against main once #163 merges. |
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated CLI version bump, requested via the "Update CodeQL CLI Version"
workflow (
workflow_dispatch,codeql_version: 2.21.4).This PR:
.codeqlversionto2.21.4.codeql/<lang>-all/codeql/<lang>-queriesdependency across allqlpack.ymlfiles to the exact version shipped in the official CodeQL Bundlefor this CLI release (see
.github/scripts/pin-codeql-library-versions.sh) -this keeps
codeql pack upgradefrom jumping those libraries toregistry-latest instead of the version this CLI actually ships/tests against.
codeql pack upgrade <dir>for every pack directory to refresh itscodeql-pack.lock.ymlagainst the new CLI and pinned library versions.This PR does not publish anything by itself - no pack
version:field isbumped here, so
publish.yml's version-diff trigger won't fire for it yet.Remaining steps (see CONTRIBUTING.md's "Updating the pinned CodeQL CLI/library
version" section):
API changes. This is usually the hardest part; consider delegating it to a
Copilot coding agent session pointed at this PR/branch.
(
update-release.yml) to bump every pack'sversion:in lockstep via.release.ymland trigger the real batch publish.