Skip to content

v2.15.0

Compare
Choose a tag to compare
@codeql-ci codeql-ci released this 11 Oct 12:24
· 61 commits to main since this release

Deprecations

  • pragma[assume_small_delta] is now deprecated. The pragma has no effect and should be removed.
  • Missing override annotations on class fields now raise errors rather than warnings. This is to avoid confusion with the shadowing behavior in the presence of final fields.
  • The CodeQL CLI no longer supports ML-powered alerts. For more information, including details of our work in the AI-powered security technology space, see "CodeQL code scanning deprecates ML-powered alerts."

New Features

  • The output of codeql version --format json now includes a features property. Each key in the map identifies a feature of the CodeQL CLI. The value for a key is always true. Going forward, whenever a significant new feature is added to the CodeQL CLI, a corresponding entry will be added to the features map. This is intended to make it easier for tools that invoke the CodeQL CLI to know if the particular version of the CLI they are invoking supports a given feature, without having to know exactly what CLI version introduced that feature.

Improvements

  • You can now specify the CodeQL languages C/C++, Java/Kotlin, and JavaScript/TypeScript using --language c-cpp, --language java-kotlin, and --language javascript-typescript respectively. These new CodeQL language names convey more clearly what languages each CodeQL language will analyze.
  • CodeQL now respects custom home directories set by the $HOME environment variable on MacOS and Linux and %USERPROFILE% on Windows. When set, CodeQL will use the variable's value to change the default location of downloaded packages and the global compilation cache.
  • This release improves the quality of file coverage information for repositories that vendor their dependencies. This is currently supported for Go and JavaScript projects.

Bugs fixed

  • Fixed an issue with analyzing Python projects using Python 3.12.

QL language improvements

  • The QL language now has two new methods codePointAt and codePointCount on the string type. The methods both return integers and act the same as the similarly named Java methods on strings. For example, "abc".codePointAt(2) is 99 and ("a" + 128512.toUnicode() + "c").codePointAt(1) is a 128512.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.15.0.