Releases · github/codeql-action

Cache CodeQL CLI version information across Actions steps. #3943
Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
Update default CodeQL bundle version to 2.25.6. #3948

Cache CodeQL CLI version information across Actions steps. #3943
Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
Update default CodeQL bundle version to 2.25.6. #3948

Bundles CodeQL CLI v2.25.6

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.25.6:

No user facing changes.

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
Add support for SHA-256 Git object IDs. #3893
Update default CodeQL bundle version to 2.25.5. #3926

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
Add support for SHA-256 Git object IDs. #3893
Update default CodeQL bundle version to 2.25.5. #3926

Bundles CodeQL CLI v2.25.5

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.25.5:

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

Releases: github/codeql-action