|
1 | 1 | # CodeQL CLI changelog |
2 | 2 |
|
| 3 | +<-- ********************************* |
| 4 | + ** ** |
| 5 | + ** DO NOT EDIT THIS FILE! ** |
| 6 | + ** ** |
| 7 | + ********************************* |
| 8 | +. |
| 9 | + Pull requests should instead drop Markdown snippets in the |
| 10 | + subdirectory `unreleased-changelog-entries` found next to |
| 11 | + the authoritative copy of this file in semmle-code. |
| 12 | + Please include a three-hash heading such as "Bugs Fixed" |
| 13 | + and format your snippet as a list item. |
| 14 | +. |
| 15 | + (Okay, if you're the CLI release manager following the |
| 16 | + checklist for a CLI release, you can edit here. But then |
| 17 | + you know what to do). |
| 18 | +--> |
| 19 | + |
| 20 | +## Release 2.5.3 (2021-04-30) |
| 21 | + |
| 22 | +- The bundled extractors are updated to match the versions currently |
| 23 | + used on LGTM.com. These are newer than the last release (1.27) of |
| 24 | + LGTM Enterprise. If you plan to upload databases to an LGTM |
| 25 | + Enterprise 1.27 instance, you need to create them with release |
| 26 | + 2.4.6. |
| 27 | + |
| 28 | +### Features added |
| 29 | + |
| 30 | +- `codeql database analyze` and `codeql database interpret-results` |
| 31 | + now report the results of summary metric queries in the |
| 32 | + `<run>.properties.metricResults` property of the SARIF output. |
| 33 | + Summary metric queries describe metrics about the code analyzed by |
| 34 | + CodeQL. They are identified by the query metadata `@kind metric` and |
| 35 | + `@tag summary`. |
| 36 | + For example, see the [lines of code summary metric query for |
| 37 | + C++](https://github.com/github/codeql/blob/main/cpp/ql/src/Summary/LinesOfCode.ql). |
| 38 | + |
| 39 | +- `codeql database analyze` and `codeql database interpret-results` |
| 40 | + now calculate an |
| 41 | + [automation ID](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012482) |
| 42 | + and add it to the resulting SARIF. In SARIF v2.1.0, this field is |
| 43 | + `runs[].automationDetails.id`. In SARIF v2, this field is |
| 44 | + `runs[].automationLogicalId`. In SARIF v1, this field is |
| 45 | + `runs[].automationId`. By default, this automation ID will be |
| 46 | + derived from the database language and the operating system of the |
| 47 | + machine that performed the run. It can be set explicitly using a new |
| 48 | + `--sarif-category` option. |
| 49 | + |
| 50 | +- In query metadata, `@kind alert` and `@kind path-alert` are now |
| 51 | + recognized as (more accurate) synonyms of `@kind problem` and |
| 52 | + `@kind path-problem`, respectively. |
| 53 | + |
| 54 | +- Diagnostic queries are now permitted by the metadata verifier. They |
| 55 | + are identified by `@kind diagnostic` metadata. Currently the result |
| 56 | + patterns of diagnostic queries are not verified. This will change in |
| 57 | + a future CLI release. |
| 58 | + |
| 59 | +### Bugs fixed |
| 60 | + |
| 61 | +- Ensure the correct URL is generated during `codeql github upload-results` |
| 62 | + for GitHub Enterprise Server. |
| 63 | + |
3 | 64 | ## Release 2.5.2 (2021-04-21) |
4 | 65 |
|
5 | 66 | This release is identical to release 2.5.1, except that an internal |
|
0 commit comments