Skip to content

Commit

Permalink
Bump github/codeql-action from 3.23.1 to 3.23.2 (#5491)
Browse files Browse the repository at this point in the history
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.23.1 to 3.23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code>
option now respects the CPU count as specified in <code>cgroup</code>
files to more accurately reflect the number of available cores when
running in containers. <a
href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days.
Previously, this was whatever the repository default was. <a
href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable
Python dependency installation by default for all users. This improves
the speed of analysis while having only a very minor impact on results.
You can override this behavior by setting
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code>
in your workflow, however we plan to remove this ability in future
versions of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For
more information, see <a
href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the
corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a
href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5
and earlier. These versions of CodeQL were discontinued on 8 November
2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by
CodeQL Action v2.23.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.11.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.10.5 and 2.11.5, you can replace
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.22.7</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b7bf0a3ed3ecfa44160715d7c442788f65f0f923"><code>b7bf0a3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2099">#2099</a>
from github/update-v3.23.2-61bf02577</li>
<li><a
href="https://github.com/github/codeql-action/commit/33e354b34bc9d95d28ae4f055fa1faeb59e59ae5"><code>33e354b</code></a>
Changelog: Add missing PR link</li>
<li><a
href="https://github.com/github/codeql-action/commit/f4cfe8904c929c35f9612da0c754f121a3422d7e"><code>f4cfe89</code></a>
Update changelog for v3.23.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/61bf02577c801b30a708abc6f2164763e4e1d0cd"><code>61bf025</code></a>
Send overall job status in init-post status report (<a
href="https://redirect.github.com/github/codeql-action/issues/2097">#2097</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/16150320c5db0d4942ea2bd4974fc365d6324737"><code>1615032</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2096">#2096</a>
from github/update-bundle/codeql-bundle-v2.16.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/bd67d8d6b2096e4b46db15ed108e563c4447d608"><code>bd67d8d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2098">#2098</a>
from github/henrymercer/update-internal-queries</li>
<li><a
href="https://github.com/github/codeql-action/commit/a2619f68c8432b9a500ecc7aafd4816667379bed"><code>a2619f6</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href="https://github.com/github/codeql-action/commit/666e2f9edfd29789e9f46f2cce092d18622dcb74"><code>666e2f9</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href="https://github.com/github/codeql-action/commit/d43ae36a631248dea35da2f8da5e28687255da31"><code>d43ae36</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/75af1f5948eef4f82d80db69296c55a9bc5ba26e"><code>75af1f5</code></a>
Update default bundle to codeql-bundle-v2.16.1</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/0b21cf2492b6b02c465a3e5d7c473717ad7721ba...b7bf0a3ed3ecfa44160715d7c442788f65f0f923">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.23.1&new-version=3.23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
dependabot[bot] authored Jan 29, 2024
1 parent cf0d582 commit 68d68ad
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba
uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -44,7 +44,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba
uses: github/codeql-action/autobuild@b7bf0a3ed3ecfa44160715d7c442788f65f0f923

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -58,4 +58,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba
uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
2 changes: 1 addition & 1 deletion .github/workflows/scorecards-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba
uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923
with:
sarif_file: results.sarif

0 comments on commit 68d68ad

Please sign in to comment.