v2.10.2

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.30) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.30 instance, you need to create them with release 2.7.6.

Breaking change

• The option --compiler-spec to codeql database create (and codeql database trace-command) no longer works. It is replaced by --extra-tracing-config, which accepts a tracer configuration file in the new, Lua-based tracer configuration format instead.

Potentially breaking changes

• Versions of the CodeQL extension for Visual Studio Code released before February 2021 may not work correctly with this CLI, in particular if database upgrades are necessary. We recommend keeping your VS Code extension up-to-date.

Deprecation

• The experimental codeql resolve ml-models command has been deprecated. Advanced users calling this command should use the new codeql resolve extensions command instead.

New features

• The codeql github upload-sarif command now supports a --merge option. If this option is provided, the command will accept the paths to multiple SARIF files, and will merge those files before uploading them as a single analysis.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.10.2.

(The Windows and all-platform release assets were updated on 2022-08-15 to correct missing digital signatures in the original release assets.)