The new pip 21.3 (released 2021-10-11) uses in-tree builds when `pip install .` is used (see [release notes](https://pip.pypa.io/en/stable/news/#v21-3) and [implementation PR](https://github.com/pypa/pip/pull/10495)). This means CodeQL will see all files twice (once in the real location that is part of this repository, and one in the copy in the `build/` dir), which trips up the analysis.
When an editable install is used instead with `pip install -e .`, there is no `build/` dir, so the analysis will work again.
(cherry picked from commit 42293afd43)
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
* Update CodeQL to resolve warnings.
* Make CodeQL analyze our Python dependencies
* `fetch-depth` should be no longer needed
Co-authored-by: jack1142 <6032823+jack1142@users.noreply.github.com>
