v2.14.2

Breaking changes

• The functionality provided by the codeql execute query-server subcommand has been removed. The subcommand now responds to all JSON RPC requests with an error response. Correspondingly, this release is no longer compatible with versions of the CodeQL extension for Visual Studio Code prior to 1.7.6.

  This change also breaks third-party CodeQL IDE integrations that still rely on the codeql execute query-server subcommand. Maintainers of such CodeQL IDE integrations should migrate to the codeql execute query-server2 subcommand at the earliest opportunity.

Improvements

• Switched from prefix filtering of autocomplete suggestions in the language server to client-side filtering. This improves autocomplete suggestions in contexts with an autocompletion prefix.

• The CodeQL language server now checks query metadata for errors. This allows Visual Studio Code users to see errors in their query metadata without needing to compile the query.

Bugs fixed

• Fixed bug that made the --warnings=hide option do nothing in codeql database analyze and other commands that evaluate queries.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.14.2.

v2.14.1

• There are no user-facing changes in this release.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.14.1.

v2.14.0

Potentially breaking changes

• The legacy option --search-path will now be used, if provided, when searching for the dependencies of packages that have no lock file.
• CodeQL query packs that specify their dependencies using the legacy libraryPathDependencies property in qlpack.yml/codeql-pack.yml files are no longer permitted to contain a codeql-pack.lock.yml lock file.
• CodeQL CLI commands that create packages or update package lock files, such as codeql pack publish and codeql pack create, will no longer work on query packs that specify their dependencies using the legacy libraryPathDependencies property. To fix this error, convert libraryPathDependencies to dependencies.

Deprecations

• Missing override annotations on class member predicates now raise errors rather than warnings. This is to avoid confusion with the shadowing behaviour in the presence of final member predicates.

Improvements

• Unqualified imports can now be marked as deprecated to indicate that the import may be removed in the future. Usage of names only reachable through deprecated imports will generate deprecation warnings.
• Classes declared inside a parameterized modules can final extend parameters of the module as well as types that are declared outside the parameterized module.
• Fields are fully functional when extending types from within a module instantiation.
• Files with a .yaml extension will now be included in compiled CodeQL packs. Previously, files with this extension were excluded even though .yml files were included.
• When interpreting results (e.g., using bqrs interpret or database interpret-results), extra placeholders in alert messages are treated as normal text. Previously, results with more placeholders than placeholder values were skipped.
• Windows users of the CodeQL extension for VS Code will see faster start times.
• In VS Code, errors in the current file are rechecked when dependencies change.
• In VS Code, autocomplete in large QL files is now faster.
• Member predicates can shadow final member predicates of the same arity even when the signatures are not fully matching.

Bugs fixed

• Fixed super calls on final base classes (or final aliases) so that they are now dispatched the same way as super calls on instanceof supertypes.
• Fixed a bug where running codeql database finalize with a large number of threads would fail due to running out of file descriptors.
• Fixed a bug where codeql database create --overwrite would not work with database clusters.
• Fixed a bug where the CodeQL documentation coverage statistics were incorrect.
• Fixed a bug where the generated CodeQL libarary documentation could generate invalid uris on windows.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.14.0.

v2.13.5

New Features

• The Swift extractor now supports Swift 5.8.1.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.5.

v2.13.4

New features

• Temporary files and folders created by the CodeQL CLI will now be cleaned up when each CLI command (and its internal JVM) shuts down normally.

Bugs fixed

• Fixed an issue where indirect build tracing did not work in Azure DevOps pipeline jobs in Windows containers. To use indirect build tracing in such environments, ensure both the --begin-tracing and --trace-process-name=CExecSvc.exe arguments are passed to codeql database init.
• Improved the error message for the codeql pack create command when the pack being published has a dependency with no scope in its name.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.4.

v2.13.3

New features

• This release enhances our preliminary Swift support, setting the stage for the upcoming public beta.

• The codeql database bundle command now supports the --[no]-include-temp option. When enabled, this option will include the temp folder of the database directory in the zip file of the bundled database.

• The structured log produced by codeql generate log-summary now includes a Boolean isCached field for predicate events.

Bugs fixed

• Fixed a bug that could cause the compiler to infer incorrect binding sets for non-direct calls to overriding member predicates.

• Fixed a bug that could have caused the compiler to incorrectly infer that a class matched a type signature.

• Fixed a bug where a query could not be run from VS Code when there were packs nested within sibling directories of the query.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.3.

v2.13.1

Bugs fixed

• Fixed a bug in codeql database upload-results where the subcommand
  would fail with "A fatal error occurred: Invalid SARIF.", reporting
  an InvalidDefinitionException. This issue occurred when the SARIF
  file contained certain kinds of diagnostic information.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL
  CLI has been updated to version 17.0.7.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.1.

v2.13.0

Known issues

• We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with codeql github upload-results. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1. For more information, see the "Known issues" section for CodeQL 2.12.6.

Potentially breaking changes

• In codeql pack add, the dependency that is added to the qlpack.yml file will now allow any version of the pack that is compatible with the specified version (^version) in specific cases.
• Upper-case variable names are no longer accepted by the QL compiler.

New features

• codeql database analyze and related commands now export file coverage information by default.

Deprecations

• The possibility to omit override annotations on class member predicates that override a base class predicate has been deprecated. This is to avoid confusion with shadowing behaviour in the presence of final member predicates.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.13.0.

v2.12.7

Bugs fixed

• Fixed a bug in codeql database upload-results where the subcommand would fail with "A fatal error occurred: Invalid SARIF.", reporting an InvalidDefinitionException. This issue occurred when the SARIF file contained certain kinds of diagnostic information.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.7.

v2.12.6

Known issues

• We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with codeql github upload-results. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.

  This issue occurs when uploading certain kinds of diagnostic information and causes the subcommand to fail with "A fatal error occurred: Invalid SARIF.", reporting an InvalidDefinitionException.

  Customers who wish to use CodeQL 2.12.6 or 2.13.0 can work around the problem by passing --no-sarif-include-diagnostics to any invocations of codeql database analyze or codeql database interpret-results.

New features

• Several experimental subcommands have been added in support of the new code scanning tool status page. These include codeql database add-diagnostic, codeql database export-diagnostics, and the codeql diagnostic add and codeql diagnostic export plumbing subcommands.

Bugs fixed

• Fixed a bug in codeql database analyze and related commands where the --max-paths option was not respected correctly when multiple alerts with the same primary code location were grouped together.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.12.6.