chore: bump pinned CodeQL CLI to v2.21.4#165
Closed
security-lab-bot[bot] wants to merge 1 commit into
Closed
Conversation
Contributor
|
Closing - another live validation test of #163 (workflow_dispatch against the fix branch again, after fixing the codeql_home vendored-pack exclusion a reviewer caught). Confirmed clean this time: exactly 27 pack directories processed (all 7 languages' real src/lib/ext/ext-library-sources/test dirs), zero from codeql_home/codeql/*/downgrades. Same diff shape as #164. Real 2.21.4 bump PR will be opened against main once #163 merges. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated CLI version bump, requested via the "Update CodeQL CLI Version"
workflow (
workflow_dispatch,codeql_version: 2.21.4).This PR:
.codeqlversionto2.21.4.codeql/<lang>-all/codeql/<lang>-queriesdependency across allqlpack.ymlfiles to the exact version shipped in the official CodeQL Bundlefor this CLI release (see
.github/scripts/pin-codeql-library-versions.sh) -this keeps
codeql pack upgradefrom jumping those libraries toregistry-latest instead of the version this CLI actually ships/tests against.
codeql pack upgrade <dir>for every pack directory to refresh itscodeql-pack.lock.ymlagainst the new CLI and pinned library versions.This PR does not publish anything by itself - no pack
version:field isbumped here, so
publish.yml's version-diff trigger won't fire for it yet.Remaining steps (see CONTRIBUTING.md's "Updating the pinned CodeQL CLI/library
version" section):
API changes. This is usually the hardest part; consider delegating it to a
Copilot coding agent session pointed at this PR/branch.
(
update-release.yml) to bump every pack'sversion:in lockstep via.release.ymland trigger the real batch publish.