Skip to content

v2.37.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Oct 20:44
v2.37.0
5d16169
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
    • A13-3-1 - FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql:
    • Fixes #406. Exclude detection of overloaded implicit copy/move constructors.
  • Updated the CodeQL version to 2.16.6.
  • M0-1-2 - InfeasiblePath.ql:
    • This query may now report additional results within templates where a relational operation is performed which has a constant value given the specified arguments.
  • A5-2-6 - OperandsOfAlogicalAndOrNotParenthesized.ql:
    • Remove false positives where the operator is identical.
    • Improve alert message to clarify which expression needs to be parenthesized.
  • 5.13.4 - UnsignedLiteralsNotAppropriatelySuffixed.ql:
    • Expand detection to binary literals.
  • M2-13-3 - MissingUSuffix.ql:
    • Expand detection to binary literals.
  • A12-1-1, RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql, ExplicitConstructorBaseClassInitialization.ql:
    • Remove false positives for deleted member functions.
  • RULE-8-13 - PointerShouldPointToConstTypeWhenPossible.ql
    • Exclude false positives where a variable occurs in a file compiled multiple times, but where it may only be const in some of those scenarios.
    • Exclude results for local scope variables in functions that use assembly code, as CodeQL cannot determine the impact of the assembly.
    • Exclude false positives when an assignment is made to a struct field.
    • Exclude false positives where the object pointed to by the variable is modified using *p++ = ....
    • Exclude false positives for functions without bodies.
  • Rules that rely on the determination of side-effects of an expression may change as a result of considering *p++ = ... as having a side-effect on p.
  • RULE-1-3 - OccurrenceOfUndefinedBehavior.ql:
    • Improve alert message to report the undefined behavior triggered.
    • Address both false positives and false negatives in identifying standard compliant main methods. Previously, void main() was considered permitted and int main(void) banned. In addition, we now detect main methods as standard compliant if they use typedefs, and if arrays are used in the definition of argv.
  • RULE-5-4 - MacroIdentifiersNotDistinct.ql:
    • Exclude false positives related to conditional compilation, where a macro may be defined twice, but not within the same compilation.
    • Improve alert message in the case the 63 char limit is not relevant by using the form "Definition of macro <MACRO_NAME> is not distinct from alternative definition of <MACRO_NAME> in <relative_file_path>.
  • RULE-2-5 - UnusedMacroDeclaration.ql:
    • Exclude false positives where a macro was used before definition, for example a header guard.
  • Modifications to the release artifacts:
    • New CodeQL pack release artifacts have been created. These release artifacts can be downloaded from the release, and will be published to the GitHub registry under the codeql org for ease of deployment.
    • The user manual has been updated to describe how to use the CodeQL packs.
  • We no longer require a separate download of the CodeQL Standard Library for C++ - all queries have been pre-compiled and linked with the appropriate standard library.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.16.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.16.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.
Assets 9
Loading