codeql/CHANGELOG.md at fa850cccb1397569c74f51a84e062e093f465557 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Files

github-actions[bot] fa850cccb1 Release preparation for version 2.20.6

2025-03-03 17:13:19 +00:00

1.1 KiB

Raw Blame History

0.4.4

No user-facing changes.

0.4.3

New Features

The "Unpinned tag for a non-immutable Action in workflow" query (actions/unpinned-tag) now supports expanding the trusted action owner list using data extensions (extensible: trustedActionsOwnerDataModel). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see Creating a CodeQL Model Pack.

0.4.2

Bug Fixes

Fixed data for vulnerable versions of actions/download-artifact and rlespinasse/github-slug-action (following GHSA-cxww-7g56-2vh6 and GHSA-6q4m-7476-932w).
Improved untrustedGhCommandDataModel regex for gh pr view and Bash taint analysis in GitHub Actions.

0.4.1

No user-facing changes.

0.4.0

New Features

Initial public preview release