[edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

From: Michael Kubacki <michael.kubacki@microsoft.com>

This fixes an issue where the CodeQL queries currently fetched in the
pipeline are incompatible with the current executable used.

Update to pick up functional and security fixes. See the following
comparison for detailed differences:

https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---

Notes:
    This change fixes an immediate compatibility issue between
    the latest queries being pulled and the CodeQL CLI being
    used.
    
    A follow up change will attempt to lock queries against a
    compatibile version to prevent queries from pulling ahead
    to incompatible versions in the future.
    
    ---
    
    This change was tested in edk2 CI:
    
    https://github.com/tianocore/edk2/pull/5667

 BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
 BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
 BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
index 5ec56c6bf06f..dbc9c2ba0290 100644
--- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
+++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
@@ -16,9 +16,9 @@
   "scope": "codeql-ext-dep",
   "type": "web",
   "name": "codeql_cli",
-  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.16.1/codeql.zip",
-  "version": "2.16.1",
-  "sha256": "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
+  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.17.3/codeql.zip",
+  "version": "2.17.3",
+  "sha256": "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
   "compression_type": "zip",
   "internal_path": "/codeql/",
   "flags": ["set_shell_var", ],
diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
index 5b4a919f1de4..536322f2b331 100644
--- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
+++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
@@ -14,9 +14,9 @@
   "scope": "codeql-linux-ext-dep",
   "type": "web",
   "name": "codeql_linux_cli",
-  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.16.1/codeql-linux64.zip",
-  "version": "2.16.1",
-  "sha256": "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
+  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.17.3/codeql-linux64.zip",
+  "version": "2.17.3",
+  "sha256": "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
   "compression_type": "zip",
   "internal_path": "/codeql/",
   "flags": ["set_shell_var", ],
diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
index c0c018c9538f..93a81ffd5020 100644
--- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
+++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
@@ -14,9 +14,9 @@
   "scope": "codeql-windows-ext-dep",
   "type": "web",
   "name": "codeql_windows_cli",
-  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.16.1/codeql-win64.zip",
-  "version": "2.16.1",
-  "sha256": "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
+  "source": "https://github.com/github/codeql-cli-binaries/releases/download/v2.17.3/codeql-win64.zip",
+  "version": "2.17.3",
+  "sha256": "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
   "compression_type": "zip",
   "internal_path": "/codeql/",
   "flags": ["set_shell_var", ],
-- 
2.45.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119058): https://edk2.groups.io/g/devel/message/119058
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael D Kinney]

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

> -----Original Message-----
> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> Sent: Friday, May 17, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Rebecca Cran <rebecca@bsdio.com>;
> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
> <yuwei.chen@intel.com>
> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> This fixes an issue where the CodeQL queries currently fetched in the
> pipeline are incompatible with the current executable used.
> 
> Update to pick up functional and security fixes. See the following
> comparison for detailed differences:
> 
> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
> 
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Joey Vagedes <joey.vagedes@gmail.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
> 
> Notes:
>     This change fixes an immediate compatibility issue between
>     the latest queries being pulled and the CodeQL CLI being
>     used.
> 
>     A follow up change will attempt to lock queries against a
>     compatibile version to prevent queries from pulling ahead
>     to incompatible versions in the future.
> 
>     ---
> 
>     This change was tested in edk2 CI:
> 
>     https://github.com/tianocore/edk2/pull/5667
> 
>  BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
>  BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
>  BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
>  3 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> index 5ec56c6bf06f..dbc9c2ba0290 100644
> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> @@ -16,9 +16,9 @@
>    "scope": "codeql-ext-dep",
>    "type": "web",
>    "name": "codeql_cli",
> -  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.16.1/codeql.zip",
> -  "version": "2.16.1",
> -  "sha256":
> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
> +  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.17.3/codeql.zip",
> +  "version": "2.17.3",
> +  "sha256":
> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
>    "compression_type": "zip",
>    "internal_path": "/codeql/",
>    "flags": ["set_shell_var", ],
> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> index 5b4a919f1de4..536322f2b331 100644
> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> @@ -14,9 +14,9 @@
>    "scope": "codeql-linux-ext-dep",
>    "type": "web",
>    "name": "codeql_linux_cli",
> -  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.16.1/codeql-linux64.zip",
> -  "version": "2.16.1",
> -  "sha256":
> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
> +  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.17.3/codeql-linux64.zip",
> +  "version": "2.17.3",
> +  "sha256":
> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
>    "compression_type": "zip",
>    "internal_path": "/codeql/",
>    "flags": ["set_shell_var", ],
> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> index c0c018c9538f..93a81ffd5020 100644
> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> @@ -14,9 +14,9 @@
>    "scope": "codeql-windows-ext-dep",
>    "type": "web",
>    "name": "codeql_windows_cli",
> -  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.16.1/codeql-win64.zip",
> -  "version": "2.16.1",
> -  "sha256":
> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
> +  "source": "https://github.com/github/codeql-cli-
> binaries/releases/download/v2.17.3/codeql-win64.zip",
> +  "version": "2.17.3",
> +  "sha256":
> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
>    "compression_type": "zip",
>    "internal_path": "/codeql/",
>    "flags": ["set_shell_var", ],
> --
> 2.45.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119059): https://edk2.groups.io/g/devel/message/119059
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Joey Vagedes via groups.io]

[-- Attachment #1: Type: text/plain, Size: 418 bytes --]

Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119060): https://edk2.groups.io/g/devel/message/119060
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



[-- Attachment #2: Type: text/html, Size: 836 bytes --]

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

Thanks Mike. Are you okay with me completing the PR now?

On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> 
>> -----Original Message-----
>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
>> Sent: Friday, May 17, 2024 2:09 PM
>> To: devel@edk2.groups.io
>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney,
>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran <rebecca@bsdio.com>;
>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
>> <yuwei.chen@intel.com>
>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>
>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>
>> This fixes an issue where the CodeQL queries currently fetched in the
>> pipeline are incompatible with the current executable used.
>>
>> Update to pick up functional and security fixes. See the following
>> comparison for detailed differences:
>>
>> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
>>
>> Cc: Bob Feng <bob.c.feng@intel.com>
>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Cc: Rebecca Cran <rebecca@bsdio.com>
>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>> Cc: Yuwei Chen <yuwei.chen@intel.com>
>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>> ---
>>
>> Notes:
>>      This change fixes an immediate compatibility issue between
>>      the latest queries being pulled and the CodeQL CLI being
>>      used.
>>
>>      A follow up change will attempt to lock queries against a
>>      compatibile version to prevent queries from pulling ahead
>>      to incompatible versions in the future.
>>
>>      ---
>>
>>      This change was tested in edk2 CI:
>>
>>      https://github.com/tianocore/edk2/pull/5667
>>
>>   BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
>>   BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
>>   BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
>>   3 files changed, 9 insertions(+), 9 deletions(-)
>>
>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>> index 5ec56c6bf06f..dbc9c2ba0290 100644
>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>> @@ -16,9 +16,9 @@
>>     "scope": "codeql-ext-dep",
>>     "type": "web",
>>     "name": "codeql_cli",
>> -  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.16.1/codeql.zip",
>> -  "version": "2.16.1",
>> -  "sha256":
>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
>> +  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.17.3/codeql.zip",
>> +  "version": "2.17.3",
>> +  "sha256":
>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
>>     "compression_type": "zip",
>>     "internal_path": "/codeql/",
>>     "flags": ["set_shell_var", ],
>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>> index 5b4a919f1de4..536322f2b331 100644
>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>> @@ -14,9 +14,9 @@
>>     "scope": "codeql-linux-ext-dep",
>>     "type": "web",
>>     "name": "codeql_linux_cli",
>> -  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
>> -  "version": "2.16.1",
>> -  "sha256":
>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
>> +  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
>> +  "version": "2.17.3",
>> +  "sha256":
>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
>>     "compression_type": "zip",
>>     "internal_path": "/codeql/",
>>     "flags": ["set_shell_var", ],
>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>> index c0c018c9538f..93a81ffd5020 100644
>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>> @@ -14,9 +14,9 @@
>>     "scope": "codeql-windows-ext-dep",
>>     "type": "web",
>>     "name": "codeql_windows_cli",
>> -  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.16.1/codeql-win64.zip",
>> -  "version": "2.16.1",
>> -  "sha256":
>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
>> +  "source": "https://github.com/github/codeql-cli-
>> binaries/releases/download/v2.17.3/codeql-win64.zip",
>> +  "version": "2.17.3",
>> +  "sha256":
>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
>>     "compression_type": "zip",
>>     "internal_path": "/codeql/",
>>     "flags": ["set_shell_var", ],
>> --
>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119061): https://edk2.groups.io/g/devel/message/119061
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

To ensure CI is unblocked, I am going to add the push tag now.

On 5/17/2024 6:31 PM, Michael Kubacki wrote:
> Thanks Mike. Are you okay with me completing the PR now?
> 
> On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
>> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>>
>>> -----Original Message-----
>>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
>>> Sent: Friday, May 17, 2024 2:09 PM
>>> To: devel@edk2.groups.io
>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney,
>>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran 
>>> <rebecca@bsdio.com>;
>>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
>>> <yuwei.chen@intel.com>
>>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>>
>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>>
>>> This fixes an issue where the CodeQL queries currently fetched in the
>>> pipeline are incompatible with the current executable used.
>>>
>>> Update to pick up functional and security fixes. See the following
>>> comparison for detailed differences:
>>>
>>> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
>>>
>>> Cc: Bob Feng <bob.c.feng@intel.com>
>>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>>> Cc: Yuwei Chen <yuwei.chen@intel.com>
>>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>>> ---
>>>
>>> Notes:
>>>      This change fixes an immediate compatibility issue between
>>>      the latest queries being pulled and the CodeQL CLI being
>>>      used.
>>>
>>>      A follow up change will attempt to lock queries against a
>>>      compatibile version to prevent queries from pulling ahead
>>>      to incompatible versions in the future.
>>>
>>>      ---
>>>
>>>      This change was tested in edk2 CI:
>>>
>>>      https://github.com/tianocore/edk2/pull/5667
>>>
>>>   BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
>>>   BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
>>>   BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
>>>   3 files changed, 9 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>> index 5ec56c6bf06f..dbc9c2ba0290 100644
>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>> @@ -16,9 +16,9 @@
>>>     "scope": "codeql-ext-dep",
>>>     "type": "web",
>>>     "name": "codeql_cli",
>>> -  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.16.1/codeql.zip",
>>> -  "version": "2.16.1",
>>> -  "sha256":
>>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
>>> +  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.17.3/codeql.zip",
>>> +  "version": "2.17.3",
>>> +  "sha256":
>>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
>>>     "compression_type": "zip",
>>>     "internal_path": "/codeql/",
>>>     "flags": ["set_shell_var", ],
>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>> index 5b4a919f1de4..536322f2b331 100644
>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>> @@ -14,9 +14,9 @@
>>>     "scope": "codeql-linux-ext-dep",
>>>     "type": "web",
>>>     "name": "codeql_linux_cli",
>>> -  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
>>> -  "version": "2.16.1",
>>> -  "sha256":
>>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
>>> +  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
>>> +  "version": "2.17.3",
>>> +  "sha256":
>>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
>>>     "compression_type": "zip",
>>>     "internal_path": "/codeql/",
>>>     "flags": ["set_shell_var", ],
>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>> index c0c018c9538f..93a81ffd5020 100644
>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>> @@ -14,9 +14,9 @@
>>>     "scope": "codeql-windows-ext-dep",
>>>     "type": "web",
>>>     "name": "codeql_windows_cli",
>>> -  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.16.1/codeql-win64.zip",
>>> -  "version": "2.16.1",
>>> -  "sha256":
>>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
>>> +  "source": "https://github.com/github/codeql-cli-
>>> binaries/releases/download/v2.17.3/codeql-win64.zip",
>>> +  "version": "2.17.3",
>>> +  "sha256":
>>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
>>>     "compression_type": "zip",
>>>     "internal_path": "/codeql/",
>>>     "flags": ["set_shell_var", ],
>>> -- 
>>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119062): https://edk2.groups.io/g/devel/message/119062
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

Forgot about the hard freeze.

Added remaining stewards to consider merging this. It has no impact on 
firmware but is needed to unblock an immediate issue in CI where the 
CodeQL queries being fetched are newer and incompatible with the CodeQL 
CLI being used.

As I mentioned in the release notes, I will follow up in the future for 
a change that should be able to lock the CodeQL query versions against 
the CLI version.

Thanks,
Michael

On 5/17/2024 7:20 PM, Michael Kubacki wrote:
> To ensure CI is unblocked, I am going to add the push tag now.
> 
> On 5/17/2024 6:31 PM, Michael Kubacki wrote:
>> Thanks Mike. Are you okay with me completing the PR now?
>>
>> On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
>>> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>>>
>>>> -----Original Message-----
>>>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
>>>> Sent: Friday, May 17, 2024 2:09 PM
>>>> To: devel@edk2.groups.io
>>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>>>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>; 
>>>> Kinney,
>>>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran 
>>>> <rebecca@bsdio.com>;
>>>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
>>>> <yuwei.chen@intel.com>
>>>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>>>
>>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>>>
>>>> This fixes an issue where the CodeQL queries currently fetched in the
>>>> pipeline are incompatible with the current executable used.
>>>>
>>>> Update to pick up functional and security fixes. See the following
>>>> comparison for detailed differences:
>>>>
>>>> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
>>>>
>>>> Cc: Bob Feng <bob.c.feng@intel.com>
>>>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
>>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>>>> Cc: Yuwei Chen <yuwei.chen@intel.com>
>>>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>>>> ---
>>>>
>>>> Notes:
>>>>      This change fixes an immediate compatibility issue between
>>>>      the latest queries being pulled and the CodeQL CLI being
>>>>      used.
>>>>
>>>>      A follow up change will attempt to lock queries against a
>>>>      compatibile version to prevent queries from pulling ahead
>>>>      to incompatible versions in the future.
>>>>
>>>>      ---
>>>>
>>>>      This change was tested in edk2 CI:
>>>>
>>>>      https://github.com/tianocore/edk2/pull/5667
>>>>
>>>>   BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
>>>>   BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
>>>>   BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
>>>>   3 files changed, 9 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>> index 5ec56c6bf06f..dbc9c2ba0290 100644
>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>> @@ -16,9 +16,9 @@
>>>>     "scope": "codeql-ext-dep",
>>>>     "type": "web",
>>>>     "name": "codeql_cli",
>>>> -  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.16.1/codeql.zip",
>>>> -  "version": "2.16.1",
>>>> -  "sha256":
>>>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
>>>> +  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.17.3/codeql.zip",
>>>> +  "version": "2.17.3",
>>>> +  "sha256":
>>>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
>>>>     "compression_type": "zip",
>>>>     "internal_path": "/codeql/",
>>>>     "flags": ["set_shell_var", ],
>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>> index 5b4a919f1de4..536322f2b331 100644
>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>> @@ -14,9 +14,9 @@
>>>>     "scope": "codeql-linux-ext-dep",
>>>>     "type": "web",
>>>>     "name": "codeql_linux_cli",
>>>> -  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
>>>> -  "version": "2.16.1",
>>>> -  "sha256":
>>>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
>>>> +  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
>>>> +  "version": "2.17.3",
>>>> +  "sha256":
>>>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
>>>>     "compression_type": "zip",
>>>>     "internal_path": "/codeql/",
>>>>     "flags": ["set_shell_var", ],
>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>> index c0c018c9538f..93a81ffd5020 100644
>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>> @@ -14,9 +14,9 @@
>>>>     "scope": "codeql-windows-ext-dep",
>>>>     "type": "web",
>>>>     "name": "codeql_windows_cli",
>>>> -  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.16.1/codeql-win64.zip",
>>>> -  "version": "2.16.1",
>>>> -  "sha256":
>>>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
>>>> +  "source": "https://github.com/github/codeql-cli-
>>>> binaries/releases/download/v2.17.3/codeql-win64.zip",
>>>> +  "version": "2.17.3",
>>>> +  "sha256":
>>>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
>>>>     "compression_type": "zip",
>>>>     "internal_path": "/codeql/",
>>>>     "flags": ["set_shell_var", ],
>>>> -- 
>>>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119063): https://edk2.groups.io/g/devel/message/119063
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael D Kinney]

Approved. I agree there is no impact to FW.

Mike

> -----Original Message-----
> From: Michael Kubacki <mikuback@linux.microsoft.com>
> Sent: Friday, May 17, 2024 4:28 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io;
> Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> <joey.vagedes@gmail.com>; Rebecca Cran <rebecca@bsdio.com>; Sean Brogan
> <sean.brogan@microsoft.com>; Chen, Christine <yuwei.chen@intel.com>
> Subject: Re: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> 
> Forgot about the hard freeze.
> 
> Added remaining stewards to consider merging this. It has no impact on
> firmware but is needed to unblock an immediate issue in CI where the
> CodeQL queries being fetched are newer and incompatible with the CodeQL
> CLI being used.
> 
> As I mentioned in the release notes, I will follow up in the future for
> a change that should be able to lock the CodeQL query versions against
> the CLI version.
> 
> Thanks,
> Michael
> 
> On 5/17/2024 7:20 PM, Michael Kubacki wrote:
> > To ensure CI is unblocked, I am going to add the push tag now.
> >
> > On 5/17/2024 6:31 PM, Michael Kubacki wrote:
> >> Thanks Mike. Are you okay with me completing the PR now?
> >>
> >> On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
> >>> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> >>>
> >>>> -----Original Message-----
> >>>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> >>>> Sent: Friday, May 17, 2024 2:09 PM
> >>>> To: devel@edk2.groups.io
> >>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> >>>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> >>>> Kinney,
> >>>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran
> >>>> <rebecca@bsdio.com>;
> >>>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
> >>>> <yuwei.chen@intel.com>
> >>>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> >>>>
> >>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
> >>>>
> >>>> This fixes an issue where the CodeQL queries currently fetched in the
> >>>> pipeline are incompatible with the current executable used.
> >>>>
> >>>> Update to pick up functional and security fixes. See the following
> >>>> comparison for detailed differences:
> >>>>
> >>>> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
> >>>>
> >>>> Cc: Bob Feng <bob.c.feng@intel.com>
> >>>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
> >>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> >>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> >>>> Cc: Rebecca Cran <rebecca@bsdio.com>
> >>>> Cc: Sean Brogan <sean.brogan@microsoft.com>
> >>>> Cc: Yuwei Chen <yuwei.chen@intel.com>
> >>>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> >>>> ---
> >>>>
> >>>> Notes:
> >>>>      This change fixes an immediate compatibility issue between
> >>>>      the latest queries being pulled and the CodeQL CLI being
> >>>>      used.
> >>>>
> >>>>      A follow up change will attempt to lock queries against a
> >>>>      compatibile version to prevent queries from pulling ahead
> >>>>      to incompatible versions in the future.
> >>>>
> >>>>      ---
> >>>>
> >>>>      This change was tested in edk2 CI:
> >>>>
> >>>>      https://github.com/tianocore/edk2/pull/5667
> >>>>
> >>>>   BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
> >>>>   BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
> >>>>   BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
> >>>>   3 files changed, 9 insertions(+), 9 deletions(-)
> >>>>
> >>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>> index 5ec56c6bf06f..dbc9c2ba0290 100644
> >>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>> @@ -16,9 +16,9 @@
> >>>>     "scope": "codeql-ext-dep",
> >>>>     "type": "web",
> >>>>     "name": "codeql_cli",
> >>>> -  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.16.1/codeql.zip",
> >>>> -  "version": "2.16.1",
> >>>> -  "sha256":
> >>>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
> >>>> +  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.17.3/codeql.zip",
> >>>> +  "version": "2.17.3",
> >>>> +  "sha256":
> >>>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
> >>>>     "compression_type": "zip",
> >>>>     "internal_path": "/codeql/",
> >>>>     "flags": ["set_shell_var", ],
> >>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>> index 5b4a919f1de4..536322f2b331 100644
> >>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>> @@ -14,9 +14,9 @@
> >>>>     "scope": "codeql-linux-ext-dep",
> >>>>     "type": "web",
> >>>>     "name": "codeql_linux_cli",
> >>>> -  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
> >>>> -  "version": "2.16.1",
> >>>> -  "sha256":
> >>>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
> >>>> +  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
> >>>> +  "version": "2.17.3",
> >>>> +  "sha256":
> >>>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
> >>>>     "compression_type": "zip",
> >>>>     "internal_path": "/codeql/",
> >>>>     "flags": ["set_shell_var", ],
> >>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>> index c0c018c9538f..93a81ffd5020 100644
> >>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>> @@ -14,9 +14,9 @@
> >>>>     "scope": "codeql-windows-ext-dep",
> >>>>     "type": "web",
> >>>>     "name": "codeql_windows_cli",
> >>>> -  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.16.1/codeql-win64.zip",
> >>>> -  "version": "2.16.1",
> >>>> -  "sha256":
> >>>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
> >>>> +  "source": "https://github.com/github/codeql-cli-
> >>>> binaries/releases/download/v2.17.3/codeql-win64.zip",
> >>>> +  "version": "2.17.3",
> >>>> +  "sha256":
> >>>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
> >>>>     "compression_type": "zip",
> >>>>     "internal_path": "/codeql/",
> >>>>     "flags": ["set_shell_var", ],
> >>>> --
> >>>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119064): https://edk2.groups.io/g/devel/message/119064
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

Just wanted to send a reminder that I recommend 
https://github.com/tianocore/edk2/pull/5667 be merged to unblock CI for 
those that are currently trying to test changes.

Thanks,
Michael

On 5/17/2024 8:10 PM, Kinney, Michael D wrote:
> Approved. I agree there is no impact to FW.
> 
> Mike
> 
>> -----Original Message-----
>> From: Michael Kubacki <mikuback@linux.microsoft.com>
>> Sent: Friday, May 17, 2024 4:28 PM
>> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io;
>> Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
>> Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>> <joey.vagedes@gmail.com>; Rebecca Cran <rebecca@bsdio.com>; Sean Brogan
>> <sean.brogan@microsoft.com>; Chen, Christine <yuwei.chen@intel.com>
>> Subject: Re: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>
>> Forgot about the hard freeze.
>>
>> Added remaining stewards to consider merging this. It has no impact on
>> firmware but is needed to unblock an immediate issue in CI where the
>> CodeQL queries being fetched are newer and incompatible with the CodeQL
>> CLI being used.
>>
>> As I mentioned in the release notes, I will follow up in the future for
>> a change that should be able to lock the CodeQL query versions against
>> the CLI version.
>>
>> Thanks,
>> Michael
>>
>> On 5/17/2024 7:20 PM, Michael Kubacki wrote:
>>> To ensure CI is unblocked, I am going to add the push tag now.
>>>
>>> On 5/17/2024 6:31 PM, Michael Kubacki wrote:
>>>> Thanks Mike. Are you okay with me completing the PR now?
>>>>
>>>> On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
>>>>> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
>>>>>> Sent: Friday, May 17, 2024 2:09 PM
>>>>>> To: devel@edk2.groups.io
>>>>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>>>>>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>;
>>>>>> Kinney,
>>>>>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran
>>>>>> <rebecca@bsdio.com>;
>>>>>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
>>>>>> <yuwei.chen@intel.com>
>>>>>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>>>>>
>>>>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>>>>>
>>>>>> This fixes an issue where the CodeQL queries currently fetched in the
>>>>>> pipeline are incompatible with the current executable used.
>>>>>>
>>>>>> Update to pick up functional and security fixes. See the following
>>>>>> comparison for detailed differences:
>>>>>>
>>>>>> https://github.com/github/codeql-cli-binaries/compare/v2.16.1...v2.17.3
>>>>>>
>>>>>> Cc: Bob Feng <bob.c.feng@intel.com>
>>>>>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
>>>>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>>>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>>>>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>>>>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>>>>>> Cc: Yuwei Chen <yuwei.chen@intel.com>
>>>>>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>>>>>> ---
>>>>>>
>>>>>> Notes:
>>>>>>       This change fixes an immediate compatibility issue between
>>>>>>       the latest queries being pulled and the CodeQL CLI being
>>>>>>       used.
>>>>>>
>>>>>>       A follow up change will attempt to lock queries against a
>>>>>>       compatibile version to prevent queries from pulling ahead
>>>>>>       to incompatible versions in the future.
>>>>>>
>>>>>>       ---
>>>>>>
>>>>>>       This change was tested in edk2 CI:
>>>>>>
>>>>>>       https://github.com/tianocore/edk2/pull/5667
>>>>>>
>>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
>>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
>>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
>>>>>>    3 files changed, 9 insertions(+), 9 deletions(-)
>>>>>>
>>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>>>> index 5ec56c6bf06f..dbc9c2ba0290 100644
>>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
>>>>>> @@ -16,9 +16,9 @@
>>>>>>      "scope": "codeql-ext-dep",
>>>>>>      "type": "web",
>>>>>>      "name": "codeql_cli",
>>>>>> -  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.16.1/codeql.zip",
>>>>>> -  "version": "2.16.1",
>>>>>> -  "sha256":
>>>>>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
>>>>>> +  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.17.3/codeql.zip",
>>>>>> +  "version": "2.17.3",
>>>>>> +  "sha256":
>>>>>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
>>>>>>      "compression_type": "zip",
>>>>>>      "internal_path": "/codeql/",
>>>>>>      "flags": ["set_shell_var", ],
>>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>>>> index 5b4a919f1de4..536322f2b331 100644
>>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
>>>>>> @@ -14,9 +14,9 @@
>>>>>>      "scope": "codeql-linux-ext-dep",
>>>>>>      "type": "web",
>>>>>>      "name": "codeql_linux_cli",
>>>>>> -  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
>>>>>> -  "version": "2.16.1",
>>>>>> -  "sha256":
>>>>>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
>>>>>> +  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
>>>>>> +  "version": "2.17.3",
>>>>>> +  "sha256":
>>>>>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
>>>>>>      "compression_type": "zip",
>>>>>>      "internal_path": "/codeql/",
>>>>>>      "flags": ["set_shell_var", ],
>>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>>>> index c0c018c9538f..93a81ffd5020 100644
>>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
>>>>>> @@ -14,9 +14,9 @@
>>>>>>      "scope": "codeql-windows-ext-dep",
>>>>>>      "type": "web",
>>>>>>      "name": "codeql_windows_cli",
>>>>>> -  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.16.1/codeql-win64.zip",
>>>>>> -  "version": "2.16.1",
>>>>>> -  "sha256":
>>>>>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
>>>>>> +  "source": "https://github.com/github/codeql-cli-
>>>>>> binaries/releases/download/v2.17.3/codeql-win64.zip",
>>>>>> +  "version": "2.17.3",
>>>>>> +  "sha256":
>>>>>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
>>>>>>      "compression_type": "zip",
>>>>>>      "internal_path": "/codeql/",
>>>>>>      "flags": ["set_shell_var", ],
>>>>>> --
>>>>>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119094): https://edk2.groups.io/g/devel/message/119094
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael D Kinney]

Merged.  https://github.com/tianocore/edk2/pull/5667


Mike

> -----Original Message-----
> From: Michael Kubacki <mikuback@linux.microsoft.com>
> Sent: Monday, May 20, 2024 6:41 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io;
> Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> <joey.vagedes@gmail.com>; Rebecca Cran <rebecca@bsdio.com>; Sean Brogan
> <sean.brogan@microsoft.com>; Chen, Christine <yuwei.chen@intel.com>
> Subject: Re: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> 
> Just wanted to send a reminder that I recommend
> https://github.com/tianocore/edk2/pull/5667 be merged to unblock CI for
> those that are currently trying to test changes.
> 
> Thanks,
> Michael
> 
> On 5/17/2024 8:10 PM, Kinney, Michael D wrote:
> > Approved. I agree there is no impact to FW.
> >
> > Mike
> >
> >> -----Original Message-----
> >> From: Michael Kubacki <mikuback@linux.microsoft.com>
> >> Sent: Friday, May 17, 2024 4:28 PM
> >> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io;
> >> Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> >> Liming Gao <gaoliming@byosoft.com.cn>
> >> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> >> <joey.vagedes@gmail.com>; Rebecca Cran <rebecca@bsdio.com>; Sean Brogan
> >> <sean.brogan@microsoft.com>; Chen, Christine <yuwei.chen@intel.com>
> >> Subject: Re: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> >>
> >> Forgot about the hard freeze.
> >>
> >> Added remaining stewards to consider merging this. It has no impact on
> >> firmware but is needed to unblock an immediate issue in CI where the
> >> CodeQL queries being fetched are newer and incompatible with the CodeQL
> >> CLI being used.
> >>
> >> As I mentioned in the release notes, I will follow up in the future for
> >> a change that should be able to lock the CodeQL query versions against
> >> the CLI version.
> >>
> >> Thanks,
> >> Michael
> >>
> >> On 5/17/2024 7:20 PM, Michael Kubacki wrote:
> >>> To ensure CI is unblocked, I am going to add the push tag now.
> >>>
> >>> On 5/17/2024 6:31 PM, Michael Kubacki wrote:
> >>>> Thanks Mike. Are you okay with me completing the PR now?
> >>>>
> >>>> On 5/17/2024 5:31 PM, Kinney, Michael D wrote:
> >>>>> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> >>>>>> Sent: Friday, May 17, 2024 2:09 PM
> >>>>>> To: devel@edk2.groups.io
> >>>>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
> >>>>>> <joey.vagedes@gmail.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> >>>>>> Kinney,
> >>>>>> Michael D <michael.d.kinney@intel.com>; Rebecca Cran
> >>>>>> <rebecca@bsdio.com>;
> >>>>>> Sean Brogan <sean.brogan@microsoft.com>; Chen, Christine
> >>>>>> <yuwei.chen@intel.com>
> >>>>>> Subject: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
> >>>>>>
> >>>>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
> >>>>>>
> >>>>>> This fixes an issue where the CodeQL queries currently fetched in the
> >>>>>> pipeline are incompatible with the current executable used.
> >>>>>>
> >>>>>> Update to pick up functional and security fixes. See the following
> >>>>>> comparison for detailed differences:
> >>>>>>
> >>>>>> https://github.com/github/codeql-cli-
> binaries/compare/v2.16.1...v2.17.3
> >>>>>>
> >>>>>> Cc: Bob Feng <bob.c.feng@intel.com>
> >>>>>> Cc: Joey Vagedes <joey.vagedes@gmail.com>
> >>>>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> >>>>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> >>>>>> Cc: Rebecca Cran <rebecca@bsdio.com>
> >>>>>> Cc: Sean Brogan <sean.brogan@microsoft.com>
> >>>>>> Cc: Yuwei Chen <yuwei.chen@intel.com>
> >>>>>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> >>>>>> ---
> >>>>>>
> >>>>>> Notes:
> >>>>>>       This change fixes an immediate compatibility issue between
> >>>>>>       the latest queries being pulled and the CodeQL CLI being
> >>>>>>       used.
> >>>>>>
> >>>>>>       A follow up change will attempt to lock queries against a
> >>>>>>       compatibile version to prevent queries from pulling ahead
> >>>>>>       to incompatible versions in the future.
> >>>>>>
> >>>>>>       ---
> >>>>>>
> >>>>>>       This change was tested in edk2 CI:
> >>>>>>
> >>>>>>       https://github.com/tianocore/edk2/pull/5667
> >>>>>>
> >>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml         | 6 +++---
> >>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml   | 6 +++---
> >>>>>>    BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml | 6 +++---
> >>>>>>    3 files changed, 9 insertions(+), 9 deletions(-)
> >>>>>>
> >>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>>>> index 5ec56c6bf06f..dbc9c2ba0290 100644
> >>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_ext_dep.yaml
> >>>>>> @@ -16,9 +16,9 @@
> >>>>>>      "scope": "codeql-ext-dep",
> >>>>>>      "type": "web",
> >>>>>>      "name": "codeql_cli",
> >>>>>> -  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.16.1/codeql.zip",
> >>>>>> -  "version": "2.16.1",
> >>>>>> -  "sha256":
> >>>>>> "86a98f6ebb8fd49efadf367f3275c438669fcb8426962c33415129aad8e093e6",
> >>>>>> +  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.17.3/codeql.zip",
> >>>>>> +  "version": "2.17.3",
> >>>>>> +  "sha256":
> >>>>>> "e5ac1d87ab38e405c9af5db234a338b10dffabc98a648903f1664dd2a566dfd5",
> >>>>>>      "compression_type": "zip",
> >>>>>>      "internal_path": "/codeql/",
> >>>>>>      "flags": ["set_shell_var", ],
> >>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>>>> index 5b4a919f1de4..536322f2b331 100644
> >>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_linux_ext_dep.yaml
> >>>>>> @@ -14,9 +14,9 @@
> >>>>>>      "scope": "codeql-linux-ext-dep",
> >>>>>>      "type": "web",
> >>>>>>      "name": "codeql_linux_cli",
> >>>>>> -  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.16.1/codeql-linux64.zip",
> >>>>>> -  "version": "2.16.1",
> >>>>>> -  "sha256":
> >>>>>> "40dbb6c0c4064bd14601a02e60c61661fdc0271469f90eb91a2e7d51d4cbc171",
> >>>>>> +  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.17.3/codeql-linux64.zip",
> >>>>>> +  "version": "2.17.3",
> >>>>>> +  "sha256":
> >>>>>> "9fba000c4b821534d354bc16821aa066fdb1304446226ea449870e64a8ad3c7a",
> >>>>>>      "compression_type": "zip",
> >>>>>>      "internal_path": "/codeql/",
> >>>>>>      "flags": ["set_shell_var", ],
> >>>>>> diff --git a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>>>> b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>>>> index c0c018c9538f..93a81ffd5020 100644
> >>>>>> --- a/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>>>> +++ b/BaseTools/Plugin/CodeQL/codeqlcli_windows_ext_dep.yaml
> >>>>>> @@ -14,9 +14,9 @@
> >>>>>>      "scope": "codeql-windows-ext-dep",
> >>>>>>      "type": "web",
> >>>>>>      "name": "codeql_windows_cli",
> >>>>>> -  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.16.1/codeql-win64.zip",
> >>>>>> -  "version": "2.16.1",
> >>>>>> -  "sha256":
> >>>>>> "9ebe5ea8a7d0a77425428d50d49912319117fccee24ecb62f6219c12584f4f28",
> >>>>>> +  "source": "https://github.com/github/codeql-cli-
> >>>>>> binaries/releases/download/v2.17.3/codeql-win64.zip",
> >>>>>> +  "version": "2.17.3",
> >>>>>> +  "sha256":
> >>>>>> "4c6fbf2ea2eaf0f47bf0347eacf54c6b9d6bdf7acb6b63e17f9e6f2dd83b34e7",
> >>>>>>      "compression_type": "zip",
> >>>>>>      "internal_path": "/codeql/",
> >>>>>>      "flags": ["set_shell_var", ],
> >>>>>> --
> >>>>>> 2.45.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119095): https://edk2.groups.io/g/devel/message/119095
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3

[Michael Kubacki]

As a follow up, I created the following PR to specify the exact version 
of queries to use for a given CodeQL CLI release. Now that both are 
explicitly specified (the CLI and the query version), there should not 
be any mismatch in the future where we're using an older CodeQL CLI 
against the latest (incompatible) queries.

https://github.com/tianocore/edk2/pull/5720

On 5/20/2024 9:40 PM, Michael Kubacki wrote:
> Just wanted to send a reminder that I recommend 
> https://github.com/tianocore/edk2/pull/5667 be merged to unblock CI for 
> those that are currently trying to test changes.
> 
> Thanks,
> Michael
> 
> On 5/17/2024 8:10 PM, Kinney, Michael D wrote:
>> Approved. I agree there is no impact to FW.
>>
>> Mike
>>
>>> -----Original Message-----
>>> From: Michael Kubacki <mikuback@linux.microsoft.com>
>>> Sent: Friday, May 17, 2024 4:28 PM
>>> To: Kinney, Michael D <michael.d.kinney@intel.com>; 
>>> devel@edk2.groups.io;
>>> Andrew Fish <afish@apple.com>; Leif Lindholm 
>>> <quic_llindhol@quicinc.com>;
>>> Liming Gao <gaoliming@byosoft.com.cn>
>>> Cc: Feng, Bob C <bob.c.feng@intel.com>; Joey Vagedes
>>> <joey.vagedes@gmail.com>; Rebecca Cran <rebecca@bsdio.com>; Sean Brogan
>>> <sean.brogan@microsoft.com>; Chen, Christine <yuwei.chen@intel.com>
>>> Subject: Re: [PATCH v1 1/1] CodeQL: Update from 2.16.1 to 2.17.3
>>>
>>> Forgot about the hard freeze.
>>>
>>> Added remaining stewards to consider merging this. It has no impact on
>>> firmware but is needed to unblock an immediate issue in CI where the
>>> CodeQL queries being fetched are newer and incompatible with the CodeQL
>>> CLI being used.
>>>
>>> As I mentioned in the release notes, I will follow up in the future for
>>> a change that should be able to lock the CodeQL query versions against
>>> the CLI version.
>>>
>>> Thanks,
>>> Michael


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119427): https://edk2.groups.io/g/devel/message/119427
Mute This Topic: https://groups.io/mt/106161774/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-