From 22588540fc16b6b1bed6aa2c7132b74d166e8a34 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Mon, 28 Apr 2025 23:48:55 -0700 Subject: [PATCH 1/4] Delete orphaned files (2025-04-28-16-34) (#55430) --- .../code-scanning/beta-actions-analysis.md | 6 ---- .../codeql-query-tables/actions.md | 29 ------------------- 2 files changed, 35 deletions(-) delete mode 100644 data/reusables/code-scanning/beta-actions-analysis.md delete mode 100644 data/reusables/code-scanning/codeql-query-tables/actions.md diff --git a/data/reusables/code-scanning/beta-actions-analysis.md b/data/reusables/code-scanning/beta-actions-analysis.md deleted file mode 100644 index 5e687ab053ee..000000000000 --- a/data/reusables/code-scanning/beta-actions-analysis.md +++ /dev/null @@ -1,6 +0,0 @@ -{% ifversion code-scanning-actions-language %} - -> [!NOTE] -> The ability to use {% data variables.product.prodname_code_scanning %} to find vulnerabilities in {% data variables.product.prodname_actions %} workflows is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endif %} diff --git a/data/reusables/code-scanning/codeql-query-tables/actions.md b/data/reusables/code-scanning/codeql-query-tables/actions.md deleted file mode 100644 index a5ea9eb6d2e6..000000000000 --- a/data/reusables/code-scanning/codeql-query-tables/actions.md +++ /dev/null @@ -1,29 +0,0 @@ -{% rowheaders %} - -| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} | -| --- | --- | --- | --- | --- | -| [Artifact poisoning](https://codeql.github.com/codeql-query-help/actions/actions-artifact-poisoning-critical/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Cache Poisoning via caching of untrusted files](https://codeql.github.com/codeql-query-help/actions/actions-cache-poisoning-direct-cache/) | 349 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Cache Poisoning via execution of untrusted code](https://codeql.github.com/codeql-query-help/actions/actions-cache-poisoning-poisonable-step/) | 349 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Cache Poisoning via low-privileged code injection](https://codeql.github.com/codeql-query-help/actions/actions-cache-poisoning-code-injection/) | 349, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Checkout of untrusted code in a privileged context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-critical/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Checkout of untrusted code in trusted context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-high/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Code injection](https://codeql.github.com/codeql-query-help/actions/actions-code-injection-critical/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envvar-injection-critical/) | 077, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Excessive Secrets Exposure](https://codeql.github.com/codeql-query-help/actions/actions-excessive-secrets-exposure/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Improper Access Control](https://codeql.github.com/codeql-query-help/actions/actions-improper-access-control/) | 285 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [PATH environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envpath-injection-critical/) | 077, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Storage of sensitive information in GitHub Actions artifact](https://codeql.github.com/codeql-query-help/actions/actions-secrets-in-artifacts/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Unmasked Secret Exposure](https://codeql.github.com/codeql-query-help/actions/actions-unmasked-secret-exposure/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Untrusted Checkout TOCTOU](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-toctou-high/) | 367 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Untrusted Checkout TOCTOU](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-toctou-critical/) | 367 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Use of a known vulnerable action](https://codeql.github.com/codeql-query-help/actions/actions-vulnerable-action/) | 1395 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | -| [Workflow does not contain permissions](https://codeql.github.com/codeql-query-help/actions/actions-missing-workflow-permissions/) | 275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Artifact poisoning](https://codeql.github.com/codeql-query-help/actions/actions-artifact-poisoning-medium/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Checkout of untrusted code in trusted context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-medium/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Code injection](https://codeql.github.com/codeql-query-help/actions/actions-code-injection-medium/) | 094, 095, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envvar-injection-medium/) | 077, 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [PATH environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envpath-injection-medium/) | 077, 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | -| [Unpinned tag for a non-immutable Action in workflow](https://codeql.github.com/codeql-query-help/actions/actions-unpinned-tag/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | - -{% endrowheaders %} From 3fcbec195c9a5bb43a63e9036ffdad9f4c80226d Mon Sep 17 00:00:00 2001 From: Patrick Knight Date: Tue, 29 Apr 2025 02:00:25 -0500 Subject: [PATCH 2/4] Update detaching-a-fork.md (#55435) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../working-with-forks/detaching-a-fork.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/detaching-a-fork.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/detaching-a-fork.md index a5a1379b5d36..8fbbda54e3c5 100644 --- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/detaching-a-fork.md +++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/detaching-a-fork.md @@ -10,6 +10,8 @@ topics: permissions: People with admin access for a forked repository can delete the forked repository. --- +{% ifversion ghes > 3.16 %} + ## Converting a fork into a standalone repository To turn your fork into a standalone repository, you can leave the fork network ensuring the new repository will no longer automatically sync with changes from the original repository. This is useful when you want to take the work you are doing in a different direction or maintain distinct versions. @@ -42,6 +44,8 @@ You can only detach forks with the leave network option when: While the fork is being detached, some operations will be briefly unavailable until the fork has been transitioned to a standalone repository. +{% endif %} + ## Manually Leaving the fork network To turn your fork into a standalone repository, you can clone the fork, use the clone to create a new repository, and then delete the fork removing the connection to the original network. From a9e630121834390992cbde1534b4348d1b528cbf Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 29 Apr 2025 00:10:34 -0700 Subject: [PATCH 3/4] Update audit log event data (#55429) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/audit-logs/data/fpt/organization.json | 30 ++++++++++++++ src/audit-logs/data/ghec/enterprise.json | 40 +++++++++++++++++++ src/audit-logs/data/ghec/organization.json | 30 ++++++++++++++ src/audit-logs/data/ghes-3.16/enterprise.json | 10 +++++ .../data/ghes-3.16/organization.json | 30 ++++++++++++++ src/audit-logs/data/ghes-3.17/enterprise.json | 10 +++++ .../data/ghes-3.17/organization.json | 30 ++++++++++++++ src/audit-logs/lib/config.json | 2 +- 8 files changed, 181 insertions(+), 1 deletion(-) diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json index 68e28a40bede..1bff0a04481f 100644 --- a/src/audit-logs/data/fpt/organization.json +++ b/src/audit-logs/data/fpt/organization.json @@ -1949,11 +1949,41 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.access_revoked", "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 1323f178dbc3..795693e8481c 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -2709,11 +2709,51 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_reset", + "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.access_revoked", "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_reset", + "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json index 68e28a40bede..1bff0a04481f 100644 --- a/src/audit-logs/data/ghec/organization.json +++ b/src/audit-logs/data/ghec/organization.json @@ -1949,11 +1949,41 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.access_revoked", "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json index cf6efb0cb729..aeb4ac7bed10 100644 --- a/src/audit-logs/data/ghes-3.16/enterprise.json +++ b/src/audit-logs/data/ghes-3.16/enterprise.json @@ -2024,6 +2024,16 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A" }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghes-3.16/organization.json b/src/audit-logs/data/ghes-3.16/organization.json index 2566d4615367..d7736e5c3a91 100644 --- a/src/audit-logs/data/ghes-3.16/organization.json +++ b/src/audit-logs/data/ghes-3.16/organization.json @@ -1884,11 +1884,41 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.access_revoked", "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json index a370c871da7b..a3674cfedcdc 100644 --- a/src/audit-logs/data/ghes-3.17/enterprise.json +++ b/src/audit-logs/data/ghes-3.17/enterprise.json @@ -2059,6 +2059,16 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A" }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/data/ghes-3.17/organization.json b/src/audit-logs/data/ghes-3.17/organization.json index f38e202d3bab..3c7044bc8843 100644 --- a/src/audit-logs/data/ghes-3.17/organization.json +++ b/src/audit-logs/data/ghes-3.17/organization.json @@ -1919,11 +1919,41 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.access_revoked", "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A" + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A" + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index bfb65863b400..97798a3a394c 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "ae4d8faa66c3986541a6db3a45bcf66e839fd773" + "sha": "4c383d40f155ce577a0b3698089811aa95dbebe4" } \ No newline at end of file From c854c28a25c026ccdedce85f5ec7e09554874750 Mon Sep 17 00:00:00 2001 From: Sophie <29382425+sophietheking@users.noreply.github.com> Date: Tue, 29 Apr 2025 10:01:50 +0200 Subject: [PATCH 4/4] Update table in "Recommended CodeQL CLI versions for code scanning" (#55436) --- content/admin/all-releases.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/admin/all-releases.md b/content/admin/all-releases.md index a529773fa0f5..17ecdff8a7db 100644 --- a/content/admin/all-releases.md +++ b/content/admin/all-releases.md @@ -52,6 +52,7 @@ If you run analysis in an external CI system, we recommend using the same versio | {% data variables.product.prodname_ghe_server %} version | Recommended {% data variables.product.prodname_codeql_cli %} version | | ------------------------------------------------- | ---------------------- | +| 3.16 | 2.20.3 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.3/)) | | 3.15 | 2.18.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.18.4/)) | | 3.14 | 2.17.6 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.17.6/)) | | 3.13 | 2.16.5 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.16.5/)) |