From c382ba7390028a76c1779ccb862f1f4070285d63 Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Tue, 13 Jun 2023 10:06:42 -0700 Subject: [PATCH] Add changelog entry --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bdeb5c8ff3..339e48533f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,12 @@ ## [UNRELEASED] -No user facing changes. +- Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. [#1729](https://github.com/github/codeql-action/pull/1729) + - The CodeQL Action repository contains a series of tags `v*` corresponding to versions of the CodeQL Action, as is typical. However it also contains a series of tags `codeql-bundle-*` that correspond to versions of the CodeQL Bundle, an artifact that contains the CodeQL CLI and the standard CodeQL libraries. + - As of version 2.13.4 of the CodeQL CLI, we changed the format of the CodeQL Bundle tag from a date, for example `codeql-bundle-20230613`, to a semantic version, for example `codeql-bundle-v2.13.4`. + - This inadvertently sent out Dependabot upgrades that upgraded users from `v2.3.6` to `codeql-bundle-v2.13.4`. + - To ensure that users who merged this Dependabot upgrade continue to receive updates to the CodeQL Action, we are bumping the Action version to make it greater than 2.13.4. + - To help avoid confusion between the version numbers of the CodeQL Action and the CodeQL CLI, we are introducing some separation and bumping the Action to 2.20.0. ## 2.3.6 - 01 Jun 2023