Upgrade CodeQL CLI dependency to v2.25.0#161
Open
github-actions[bot] wants to merge 5 commits intomainfrom
Open
Upgrade CodeQL CLI dependency to v2.25.0#161github-actions[bot] wants to merge 5 commits intomainfrom
github-actions[bot] wants to merge 5 commits intomainfrom
Conversation
github-actions
bot
force-pushed
the
codeql/upgrade-to-v2.25.0
branch
from
a5a6b3e to
85c6885
Compare
github-actions
bot
requested review from
a team,
data-douser and
enyil
as code owners
![github-license-compliance[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
There was a problem hiding this comment.
Trying to track down the license for this, I think this might be an internal project vscode-codeql-development-mcp-server or similar but not third party. Can you confirm?
Collaborator
There was a problem hiding this comment.
Yes. It is equivalent to the extensions/vscode workspace (aka extensions/vscode/package.json:name = vscode-codeql-development-mcp-server) in this repo.
I don't know how to get the license compliance check to recognize the peer dependency in the multi-workspace setup.
There was a problem hiding this comment.
@dangoor any suggestions on the formatting for this internal dependency? I can accept it as it is into the current policy if desired (though this could lead to dependency confusion in the future), but we might want to dig into this to give guidance in general....
Contributor
Author
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issuespackage-lock.json
OpenSSF Scorecard
Scanned Files
|
Fixes "tools" queries in response to breaking changes
from recent upgrade to CodeQL v2.25.0 and associated
pack dependency upgrades, including fixes for:
- `server/ql/go/tools/{src,test}/PrintAST/**`
- `server/ql/java/tools/{src,test}/PrintCFG/**`
Updates language-specific AST resource definitions in
order to reflect actual AST nodes for current (v2.25.0)
version of CodeQL and associated pack dependencies,
including updates for MCP resources:
- `go_ast`
- `java_ast`
data-douser
force-pushed
the
codeql/upgrade-to-v2.25.0
branch
from
90f04db to
b1dff3e
Compare
Update the query implementation, documentation, and expected test results for the java tools PrintAST query in order to fix a problem where Entry nodes were non-deterministically ordered, especially between MacOS and Linux test environments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR upgrades the CodeQL CLI version to v2.25.0.
Changes made:
.codeql-versiontov2.25.02.25.0package-lock.json