4 Releases published by 2 people

• v3.28.17

  published May 2, 2025

• codeql-bundle-v2.21.3 CodeQL Bundle v2.21.3

  published May 13, 2025

• v3.28.18

  published May 16, 2025

• codeql-bundle-v2.21.4 CodeQL Bundle v2.21.4

  published May 27, 2025

23 Pull requests merged by 6 people

• Update supported GitHub Enterprise Server versions

  #2911 merged May 28, 2025

• Dependabot: Remove deprecated reviewers config

  #2908 merged May 27, 2025

• build(deps): bump ruby/setup-ruby from 1.242.0 to 1.244.0 in the actions group

  #2905 merged May 27, 2025

• build(deps): bump the npm group across 1 directory with 2 updates

  #2907 merged May 27, 2025

• build(deps): bump ruby/setup-ruby from 1.230.0 to 1.242.0 in the actions group

  #2899 merged May 22, 2025

• build(deps-dev): bump @eslint/js from 9.26.0 to 9.27.0 in the npm group

  #2898 merged May 22, 2025

• Remove bundled copy of actions extractor

  #2787 merged May 22, 2025

• build(deps): bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn group

  #2895 merged May 19, 2025

• Mergeback v3.28.18 refs/heads/releases/v3 into main

  #2897 merged May 16, 2025

• Merge main into releases/v3

  #2896 merged May 16, 2025

• Update default bundle to 2.21.3

  #2893 merged May 15, 2025

• Skip validating SARIF produced by CodeQL

  #2894 merged May 14, 2025

• Update supported GitHub Enterprise Server versions

  #2859 merged May 14, 2025

• Allow configuring CODEQL_THREADS with an env var

  #2891 merged May 14, 2025

• build(deps): bump the npm group across 1 directory with 4 updates

  #2892 merged May 13, 2025

• build(deps): bump the actions group with 2 updates

  #2889 merged May 13, 2025

• Mergeback v3.28.17 refs/heads/releases/v3 into main

  #2887 merged May 2, 2025

• Merge main into releases/v3

  #2886 merged May 2, 2025

• Update default bundle to 2.21.2

  #2872 merged May 1, 2025

• Do not fail diff informed analyses when analyze is run twice in the same job

  #2876 merged May 1, 2025

• Add actions-specific telemetry fields

  #2874 merged Apr 30, 2025

• build(deps-dev): bump the npm group with 2 updates

  #2873 merged Apr 29, 2025

• build(deps): bump ruby/setup-ruby from 1.229.0 to 1.230.0 in the actions group

  #2861 merged Apr 29, 2025

1 Pull request opened by 1 person

• Update default bundle to 2.21.4

  #2910 opened May 27, 2025

3 Issues closed by 3 people

• Building a go library fails due to proxy errors (Default setup)

  #2909 closed May 27, 2025

• CodeQL actions v3.28.18 fail to upload Sarif file

  #2903 closed May 21, 2025

• No way to configure CODEQL_THREADS with an environment variable

  #2890 closed May 14, 2025

5 Issues opened by 5 people

• upload-sarif does not handle relative paths when trivy runs on a subfolder

  #2904 opened May 23, 2025

• CodeQL action times out after six hours

  #2902 opened May 20, 2025

• CODEQL_ACTION_CLEANUP_TRAP_CACHES is not working

  #2885 opened May 2, 2025

• Repo includes Adobe Flash file which cause intelligent firewall to block zipball download by GitHub Actions

  #2877 opened May 1, 2025

• Default CodeQL action uses Ubuntu Jammy, which has a very old version of Meson

  #2875 opened Apr 30, 2025

5 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• GitHub merge queue builds don't report CodeQL status

  #1537 commented on Apr 29, 2025 • 0 new comments

• TRAP caching causes GitHub Actions Cache to churn

  #2030 commented on May 1, 2025 • 0 new comments

• Fetching SPM from private repository when including CodeQL init step

  #2809 commented on May 16, 2025 • 0 new comments

• Upload-sarif action doesn't seem to respect "uriBaseId" in SARIF files

  #2215 commented on May 23, 2025 • 0 new comments

• Clean-up logic for overriding proxy

  #2839 commented on May 4, 2025 • 0 new comments