Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update CodeQL CLI from 2.11.2 to 2.12.4 (#309)
## Description Update CodeQL CLI from 2.11.2 to 2.12.4 Changes are tracked in this file: https://github.com/github/codeql-cli-binaries/blob/main/CHANGELOG.md This change upgrades the CodeQL CLI used in Project Mu repos from [2.11.2 (2022-10-25)](https://github.com/github/codeql-cli-binaries/blob/main/CHANGELOG.md#release-2112-2022-10-25) to [2.12.4 (2023-03-09)](https://github.com/github/codeql-cli-binaries/blob/main/CHANGELOG.md#release-2124-2023-03-09) Below are some important changes selected from the new changes that are notable for our usage of the CodeQL CLI. --- **Release 2.12.4 (2023-03-09)** codeql pack install now uses a new algorithm to determine which versions of the pack's dependencies to use, based on the PubGrub algorithm. The new algorithm is able to find a solution for many cases that the previous algorithm would fail to solve. When the new algorithm is unable to find a valid solution, it generates a detailed error message explaining why there is no valid solution. **Release 2.12.2 (2023-02-07)** Fixed a QL evaluator bug introduced in release 2.12.1 which could in certain rare cases lead to wrong analysis results. **Release 2.11.5 (2022-12-07)** Fixed a bug that could cause log summary generation to fail in vscode. **Release 2.11.4 (2022-11-24)** CodeQL 2.11.1 to 2.11.3 contained a bug in indirect build tracing on Windows when using codeql database init with the --trace-process-level flag. In these versions, when --trace-process-level was set to a value greater than zero, (or left at the default value of 1), CodeQL attempted to inject its build tracer at a higher level in the process tree than the requested process level. This could lead to errors of the form "No source code found" or "Process tree ended before reaching required level". From 2.11.4 onwards, the CodeQL build tracer is injected at the requested process level. --- - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested CodeQL PR gates (and local builds of several packages with `--codeql` flag). ## Integration Instructions The new CLI will automatically be picked up if the Mu CodeQL CLI plugin is used. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
- Loading branch information
1 parent
c6cf551
commit 00f19de