From 68a248623f12d69bca13915ad6cdfd50216560d2 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Thu, 19 Jan 2023 09:57:22 -0800 Subject: [PATCH 1/5] Update CHANGELOG.md with new limits on uploading SARIF --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b9c84e29d..dce368479c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. - The tool cache now contains **two** recent CodeQL versions (previously **one**). - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). +- Bump the maximum number of SARIF runs per file from 15 to 20. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. ## 2.1.39 - 18 Jan 2023 From 4dc41e1d1ea1d49233764e0030b15756cbd9d5bd Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Fri, 20 Jan 2023 08:28:46 -0800 Subject: [PATCH 2/5] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dce368479c..eefa85534c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. - The tool cache now contains **two** recent CodeQL versions (previously **one**). - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). -- Bump the maximum number of SARIF runs per file from 15 to 20. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. +- Bump the maximum number of SARIF runs per file from 15 to 20. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change affects github.com users only. ## 2.1.39 - 18 Jan 2023 From 42fb057842830cd52cbca925b75213e60faa6d10 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Fri, 20 Jan 2023 09:41:08 -0800 Subject: [PATCH 3/5] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eefa85534c..f4f39a2200 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. - The tool cache now contains **two** recent CodeQL versions (previously **one**). - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). -- Bump the maximum number of SARIF runs per file from 15 to 20. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change affects github.com users only. +- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9. ## 2.1.39 - 18 Jan 2023 From fe9baed306650e71a4d36c69a8b2a220fa34071e Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 23 Jan 2023 08:35:27 -0800 Subject: [PATCH 4/5] Fix typo in CHANGELOG.md Co-authored-by: Jenny Rukman --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4f39a2200..f3d33ef720 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. - The tool cache now contains **two** recent CodeQL versions (previously **one**). - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). -- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9. +- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9. ## 2.1.39 - 18 Jan 2023 From fdff4b0a171784a2e4d2cc22564dc43d0d88d176 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Tue, 24 Jan 2023 08:25:23 -0800 Subject: [PATCH 5/5] Update CHANGELOG.md Remove apiVersion parameter. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b78baa7362..6485f853a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. - The tool cache now contains **two** recent CodeQL versions (previously **one**). - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). -- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9. +- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9. - Update default CodeQL bundle version to 2.12.1. [#1498](https://github.com/github/codeql-action/pull/1498) - Fix a bug that forced the `init` Action to run for at least two minutes on JavaScript. [#1494](https://github.com/github/codeql-action/pull/1494)