flutter

Author	SHA1	Message	Date
dependabot[bot]	5f9965cf6f	Bump github/codeql-action from 2.22.0 to 2.22.3 (#136563 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> <ul> <li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li> </ul> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/@v2</code> by <code>github/codeql-action/@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li> </ul> <h2>2.21.7 - 14 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li> </ul> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0116bc2df5`"><code>0116bc2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1947">#1947</a> from github/update-v2.22.3-82ba90b1d</li> <li><a href="`f5a984b113`"><code>f5a984b</code></a> Update changelog for v2.22.3</li> <li><a href="`82ba90b1d9`"><code>82ba90b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1945">#1945</a> from github/henrymercer/authenticate-api-url</li> <li><a href="`34f97d7a16`"><code>34f97d7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1944">#1944</a> from github/henrymercer/sublanguage-file-coverage-fixes</li> <li><a href="`74442e0a95`"><code>74442e0</code></a> Add changelog note</li> <li><a href="`bd32fab74f`"><code>bd32fab</code></a> Provide token when downloading from GHES API</li> <li><a href="`b584cf8321`"><code>b584cf8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1922">#1922</a> from github/nora/add-commit-sha-to-database-upload</li> <li><a href="`761255a4a3`"><code>761255a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1943">#1943</a> from github/mergeback/v2.22.2-to-main-d90b8d79</li> <li><a href="`346d5c4b07`"><code>346d5c4</code></a> Test sub-language file coverage in file baseline information check</li> <li><a href="`5950d13564`"><code>5950d13</code></a> Enable sub-language file coverage in <code>interpret-results</code> too</li> <li>Additional commits viewable in <a href="`2cb752a87e...0116bc2df5`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.0&new-version=2.22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-10-13 22:35:18 +00:00
dependabot[bot]	bc31514434	Bump github/codeql-action from 2.21.6 to 2.22.0 (#136095 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.6 to 2.22.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/@v2</code> by <code>github/codeql-action/@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li> </ul> <h2>2.21.7 - 14 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li> </ul> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> <li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li> </ul> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`2cb752a87e`"><code>2cb752a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1924">#1924</a> from github/update-v2.22.0-3f7850a17</li> <li><a href="`e50f53baa1`"><code>e50f53b</code></a> Add changelog note for tracing Go 1.21</li> <li><a href="`0a65c007f6`"><code>0a65c00</code></a> Update changelog for v2.22.0</li> <li><a href="`3f7850a179`"><code>3f7850a</code></a> Improve downloading log message (<a href="https://redirect.github.com/github/codeql-action/issues/1920">#1920</a>)</li> <li><a href="`27235304e0`"><code>2723530</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1923">#1923</a> from github/henrymercer/fix-resolve-environment-aliases</li> <li><a href="`8f0e8b0890`"><code>8f0e8b0</code></a> Tweak language parsing to improve clarity</li> <li><a href="`f243294ab7`"><code>f243294</code></a> Extend PR check to test <code>resolve-environment</code> works with language alias</li> <li><a href="`1ea6a10947`"><code>1ea6a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1909">#1909</a> from github/mbg/go-1.21-workaround</li> <li><a href="`e26ed57a22`"><code>e26ed57</code></a> Defer language aliasing to CLI when appropriate</li> <li><a href="`0ac7669167`"><code>0ac7669</code></a> Fix using <code>resolve-environment</code> Action with language aliases</li> <li>Additional commits viewable in <a href="`701f152f28...2cb752a87e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.6&new-version=2.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-10-06 22:15:19 +00:00
dependabot[bot]	04ad1da1ae	Bump github/codeql-action from 2.21.5 to 2.21.6 (#134692 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> <li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li> </ul> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`701f152f28`"><code>701f152</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1875">#1875</a> from github/update-v2.21.6-6a6a82470</li> <li><a href="`1b6299040a`"><code>1b62990</code></a> Fix misplaced changelog entry</li> <li><a href="`5462f69153`"><code>5462f69</code></a> Update changelog for v2.21.6</li> <li><a href="`6a6a824702`"><code>6a6a824</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1873">#1873</a> from github/update-bundle/codeql-bundle-v2.14.4</li> <li><a href="`88c7a5c4cc`"><code>88c7a5c</code></a> Add changelog note</li> <li><a href="`da65035498`"><code>da65035</code></a> Update default bundle to codeql-bundle-v2.14.4</li> <li><a href="`43750fe4fc`"><code>43750fe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1872">#1872</a> from github/henrymercer/user-errors-for-upload-sarif</li> <li><a href="`a7c12a5225`"><code>a7c12a5</code></a> Address PR comments</li> <li><a href="`7218de5369`"><code>7218de5</code></a> Merge branch 'main' into henrymercer/user-errors-for-upload-sarif</li> <li><a href="`4764dce02f`"><code>4764dce</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1866">#1866</a> from github/henrymercer/enable-scaling-reserved-ram-...</li> <li>Additional commits viewable in <a href="`00e563ead9...701f152f28`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.5&new-version=2.21.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-09-13 22:28:23 +00:00
dependabot[bot]	cf1968aa66	Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#134173 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v3.1.3</h2> <h2>What's Changed</h2> <ul> <li>chore(github): remove trailing whitespaces by <a href="https://github.com/ljmf00"><code>@âljmf00</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/313">actions/upload-artifact#313</a></li> <li>Bump <code>@âactions/artifact</code> version to v1.1.2 by <a href="https://github.com/bethanyj28"><code>@âbethanyj28</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/436">actions/upload-artifact#436</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v3.1.3">https://github.com/actions/upload-artifact/compare/v3...v3.1.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a8a3f3ad30`"><code>a8a3f3a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/436">#436</a> from bethanyj28/main</li> <li><a href="`7b48769c03`"><code>7b48769</code></a> update dependency cache</li> <li><a href="`66630398df`"><code>6663039</code></a> update dist/index.js</li> <li><a href="`55e76b779d`"><code>55e76b7</code></a> bump <code>@âactions/artifact</code> version</li> <li><a href="`65d862660a`"><code>65d8626</code></a> chore(github): remove trailing whitespaces (<a href="https://redirect.github.com/actions/upload-artifact/issues/313">#313</a>)</li> <li>See full diff in <a href="`0b7f8abb15...a8a3f3ad30`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-09-06 22:18:54 +00:00
dependabot[bot]	c046627482	Bump github/codeql-action from 2.21.4 to 2.21.5 (#133504 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`00e563ead9`"><code>00e563e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1858">#1858</a> from github/update-v2.21.5-100912429</li> <li><a href="`7323c2ac6b`"><code>7323c2a</code></a> Update changelog for v2.21.5</li> <li><a href="`100912429f`"><code>1009124</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1845">#1845</a> from github/update-bundle/codeql-bundle-v2.14.3</li> <li><a href="`a2d14d32b8`"><code>a2d14d3</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.3</li> <li><a href="`ff9cb435df`"><code>ff9cb43</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1853">#1853</a> from github/igfoo/kot1.9.10</li> <li><a href="`2f913c1249`"><code>2f913c1</code></a> npm run build</li> <li><a href="`7dab60079b`"><code>7dab600</code></a> Put upper limit on the CodeQL versions for which we override the Kotlin limit</li> <li><a href="`862b2cf102`"><code>862b2cf</code></a> Add a changelog entry for the Kotlin 1.9.10 support</li> <li><a href="`070dd05edd`"><code>070dd05</code></a> npm run build</li> <li><a href="`ff95d147d6`"><code>ff95d14</code></a> Kotlin: Fix lint</li> <li>Additional commits viewable in <a href="`a09933a12a...00e563ead9`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.4&new-version=2.21.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-08-28 21:59:11 +00:00
dependabot[bot]	d387f551a7	Bump actions/checkout from 3.5.3 to 3.6.0 (#133281 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <h2>What's Changed</h2> <ul> <li>Mark test scripts with Bash'isms to be run via Bash by <a href="https://github.com/dscho"><code>@âdscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1377">actions/checkout#1377</a></li> <li>Add option to fetch tags even if fetch-depth > 0 by <a href="https://github.com/RobertWieczoreck"><code>@âRobertWieczoreck</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li>Release 3.6.0 by <a href="https://github.com/luketomlinson"><code>@âluketomlinson</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/RobertWieczoreck"><code>@âRobertWieczoreck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li><a href="https://github.com/luketomlinson"><code>@âluketomlinson</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.3...v3.6.0">https://github.com/actions/checkout/compare/v3.5.3...v3.6.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.6.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth > 0</a></li> </ul> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@âactions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@âactions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@âactions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`f43a0e5ff2`"><code>f43a0e5</code></a> Release 3.6.0 (<a href="https://redirect.github.com/actions/checkout/issues/1437">#1437</a>)</li> <li><a href="`7739b9ba2e`"><code>7739b9b</code></a> Add option to fetch tags even if fetch-depth > 0 (<a href="https://redirect.github.com/actions/checkout/issues/579">#579</a>)</li> <li><a href="`96f53100ba`"><code>96f5310</code></a> Mark test scripts with Bash'isms to be run via Bash (<a href="https://redirect.github.com/actions/checkout/issues/1377">#1377</a>)</li> <li>See full diff in <a href="`c85c95e3d7...f43a0e5ff2`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.5.3&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-08-24 22:25:25 +00:00
dependabot[bot]	99dd6b4972	Bump github/codeql-action from 2.21.3 to 2.21.4 (#132525 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a09933a12a`"><code>a09933a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1838">#1838</a> from github/update-v2.21.4-492a68c32</li> <li><a href="`37116fb629`"><code>37116fb</code></a> Fix positioning of bundle update changelog note</li> <li><a href="`c613917766`"><code>c613917</code></a> Update changelog for v2.21.4</li> <li><a href="`492a68c323`"><code>492a68c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1836">#1836</a> from github/henrymercer/analysis-summary-v2-ff</li> <li><a href="`ac49314877`"><code>ac49314</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1834">#1834</a> from github/henrymercer/analysis-summary-v2-ff</li> <li><a href="`ac35d7a02d`"><code>ac35d7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1835">#1835</a> from github/henrymercer/language-baseline-config</li> <li><a href="`d03c744ad6`"><code>d03c744</code></a> Don't pass <code>--no-</code> flag as it doesn't exist yet</li> <li><a href="`a0407a8c60`"><code>a0407a8</code></a> Add changelog note for rollout</li> <li><a href="`8a7b2e9c9b`"><code>8a7b2e9</code></a> Enable language specific baselines via feature flag</li> <li><a href="`9a510d9b07`"><code>9a510d9</code></a> Rename new analysis summary feature flag</li> <li>Additional commits viewable in <a href="`5b6282e01c...a09933a12a`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.3&new-version=2.21.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-08-14 23:04:10 +00:00
dependabot[bot]	9b261a7700	Bump github/codeql-action from 2.21.2 to 2.21.3 (#132165 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5b6282e01c`"><code>5b6282e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1829">#1829</a> from github/update-v2.21.3-f9a7c6738</li> <li><a href="`f0f7a35b85`"><code>f0f7a35</code></a> Add changenote for Lombok rollout</li> <li><a href="`dda4ed3db4`"><code>dda4ed3</code></a> Update changelog for v2.21.3</li> <li><a href="`f9a7c6738f`"><code>f9a7c67</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1827">#1827</a> from github/dependabot/npm_and_yarn/npm-5103036bd1</li> <li><a href="`31b9dd18d4`"><code>31b9dd1</code></a> Update checked-in dependencies</li> <li><a href="`7e2f56aae3`"><code>7e2f56a</code></a> Bump the npm group with 3 updates</li> <li><a href="`878ae4a749`"><code>878ae4a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1823">#1823</a> from github/henrymercer/setup-swift-more-consistent</li> <li><a href="`63602c0f72`"><code>63602c0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1824">#1824</a> from github/henrymercer/cli-notifications-fix</li> <li><a href="`66dc883276`"><code>66dc883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1826">#1826</a> from github/henrymercer/increase-reserved-scaling-fa...</li> <li><a href="`2203178090`"><code>2203178</code></a> Increase scaling factor for reserved RAM to 5%</li> <li>Additional commits viewable in <a href="`0ba4244466...5b6282e01c`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.2&new-version=2.21.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-08-08 23:24:14 +00:00
dependabot[bot]	0693d14bb2	Bump github/codeql-action from 2.21.0 to 2.21.2 (#131512 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> <ul> <li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="`cdcdbb5797`"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li> </ul> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0ba4244466`"><code>0ba4244</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1813">#1813</a> from github/update-v2.21.2-10c6bfee1</li> <li><a href="`a9a416c8f4`"><code>a9a416c</code></a> Update changelog for v2.21.2</li> <li><a href="`10c6bfee12`"><code>10c6bfe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1811">#1811</a> from github/henrymercer/print-summary-once</li> <li><a href="`feea86eed3`"><code>feea86e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1810">#1810</a> from github/henrymercer/ci/use-platform-specific-bun...</li> <li><a href="`2e6f8c08c1`"><code>2e6f8c0</code></a> Add changelog note</li> <li><a href="`8342844ea7`"><code>8342844</code></a> Only print the analysis summary once</li> <li><a href="`679aac1b20`"><code>679aac1</code></a> Use platform specific bundles in PR checks</li> <li><a href="`de6681ceb7`"><code>de6681c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1797">#1797</a> from github/update-bundle/codeql-bundle-v2.14.1</li> <li><a href="`f6fe5c5c70`"><code>f6fe5c5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.1</li> <li><a href="`62762170e1`"><code>6276217</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1808">#1808</a> from github/mergeback/v2.21.1-to-main-6ca1aa8c</li> <li>Additional commits viewable in <a href="`1813ca74c3...0ba4244466`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.0&new-version=2.21.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-07-29 01:17:50 +00:00
dependabot[bot]	910e87eb73	Bump github/codeql-action from 2.20.4 to 2.21.0 (#130941 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> <ul> <li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="`cdcdbb5797`"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li> </ul> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1813ca74c3`"><code>1813ca7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1791">#1791</a> from github/update-v2.21.0-6ae46f7a9</li> <li><a href="`6843540876`"><code>6843540</code></a> Update changelog for v2.21.0</li> <li><a href="`6ae46f7a92`"><code>6ae46f7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1790">#1790</a> from github/henrymercer/aborted-user-error</li> <li><a href="`0cae69e062`"><code>0cae69e</code></a> Report user errors in the abort stage appropriately</li> <li><a href="`d2ed0a05b6`"><code>d2ed0a0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1786">#1786</a> from github/dependabot/npm_and_yarn/npm-0a410f26d2</li> <li><a href="`651d09131a`"><code>651d091</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1788">#1788</a> from github/henrymercer/fix-feature-flag-usage</li> <li><a href="`e0f0892f83`"><code>e0f0892</code></a> Add tests for new analysis summary feature flag</li> <li><a href="`27d3b2f857`"><code>27d3b2f</code></a> Fix scaling reserved RAM feature flag naming</li> <li><a href="`da4e0a06c0`"><code>da4e0a0</code></a> Fix CodeQL version checks</li> <li><a href="`e266801e21`"><code>e266801</code></a> Update checked-in dependencies</li> <li>Additional commits viewable in <a href="`489225d82a...1813ca74c3`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.20.4&new-version=2.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-07-19 22:51:25 +00:00
dependabot[bot]	7064b4e935	Bump github/codeql-action from 2.2.9 to 2.20.4 (#130618 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.20.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.14.0</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.0">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0"><code>github/codeql@codeql-cli/v2.14.0</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src">source</a>)</li> <li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib">source</a>)</li> <li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src">source</a>)</li> <li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib">source</a>)</li> <li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src">source</a>)</li> <li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib">source</a>)</li> <li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src">source</a>)</li> <li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib">source</a>)</li> <li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src">source</a>)</li> <li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib">source</a>)</li> <li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src">source</a>)</li> <li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib">source</a>)</li> <li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src">source</a>)</li> <li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib">source</a>)</li> <li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src">source</a>)</li> <li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib">source</a>)</li> </ul> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.13.5</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.5">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5"><code>github/codeql@codeql-cli/v2.13.5</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src">source</a>)</li> <li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib">source</a>)</li> <li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src">source</a>)</li> <li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib">source</a>)</li> <li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src">source</a>)</li> <li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib">source</a>)</li> <li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src">source</a>)</li> <li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib">source</a>)</li> <li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src">source</a>)</li> <li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib">source</a>)</li> <li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src">source</a>)</li> <li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib">source</a>)</li> <li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src">source</a>)</li> <li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib">source</a>)</li> <li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src">source</a>)</li> <li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib">source</a>)</li> </ul> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.13.4</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> <ul> <li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="`cdcdbb5797`"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li> </ul> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`489225d82a`"><code>489225d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1777">#1777</a> from github/update-v2.20.4-a148c5807</li> <li><a href="`1b6383d6be`"><code>1b6383d</code></a> Update changelog for v2.20.4</li> <li><a href="`a148c58075`"><code>a148c58</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1776">#1776</a> from github/aeisenberg/changelog-releases</li> <li><a href="`50527c5dba`"><code>50527c5</code></a> Add link to releases page in changelog</li> <li><a href="`814b2edab6`"><code>814b2ed</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1762">#1762</a> from github/update-bundle/codeql-bundle-v2.14.0</li> <li><a href="`d2baed4b69`"><code>d2baed4</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.0</li> <li><a href="`c5526174a5`"><code>c552617</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1774">#1774</a> from github/dependabot/npm_and_yarn/npm-a34e423e98</li> <li><a href="`c1f49580cf`"><code>c1f4958</code></a> Fix dependency incompatibilities</li> <li><a href="`40a500c743`"><code>40a500c</code></a> Update checked-in dependencies</li> <li><a href="`4fad06f438`"><code>4fad06f</code></a> Bump the npm group with 21 updates</li> <li>Additional commits viewable in <a href="`04df1262e6...489225d82a`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.20.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-07-14 23:00:50 +00:00
dependabot[bot]	96a2c05358	Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#129453 ) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1192">ossf/scorecard-action#1192</a></li> </ul> <h2>Scorecard Result Viewer</h2> <p>Thanks to contributions from <a href="https://github.com/cynthia-sg"><code>@âcynthia-sg</code></a> and <a href="https://github.com/tegioz"><code>@âtegioz</code></a> at <a href="https://github.com/cncf/clomonitor">CLOMonitor</a>, there is a new Scorecard Result visualization page at <code>https://securityscorecards.dev/viewer/?uri=<project-url></code>.</p> <ul> <li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/406">ossf/scorecard-webapp#406</a></li> <li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/422">ossf/scorecard-webapp#422</a></li> </ul> <p>As an example, you can see our own score visualized <a href="https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard">here</a> Checkout our <a href="`08b4669551/README.md (scorecard-badge)`">README</a> to learn how to link your README badge to the new visualization page.</p> <h2>Publishing Results</h2> <p>This release contains two fixes which will improve the user experience when <code>publish_results</code> is <code>true</code></p> <ul> <li>Runs that fail our <a href="`08b4669551/README.md (workflow-restrictions)`">workflow restrictions</a> will fail with a 400 response indicating the problem, instead of a vague 500 status. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1156">ossf/scorecard-action#1156</a>, resolved <a href="https://redirect.github.com/ossf/scorecard-action/issues/1150">ossf/scorecard-action#1150</a>)</li> <li>Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1191">ossf/scorecard-action#1191</a>)</li> </ul> <h2>Docs</h2> <ul> <li>ð Update README to accept fine-grained tokens by <a href="https://github.com/pnacht"><code>@âpnacht</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li> <li>ð Update installation instructions to match current GitHub UI by <a href="https://github.com/joycebrum"><code>@âjoycebrum</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1153">ossf/scorecard-action#1153</a></li> <li>ð Document the GitHub action workflow restrictions when publishing results. by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bobcallaway"><code>@âbobcallaway</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1140">ossf/scorecard-action#1140</a></li> <li><a href="https://github.com/pnacht"><code>@âpnacht</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0">https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`08b4669551`"><code>08b4669</code></a> 🌱 Bump docker tag to for v2.2.0 release. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1194">#1194</a>)</li> <li><a href="`3c7470f58c`"><code>3c7470f</code></a> 📖 Update README badge link to use new uri param. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1185">#1185</a>)</li> <li><a href="`a164dbc12a`"><code>a164dbc</code></a> 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1192">#1192</a>)</li> <li><a href="`597960e1d9`"><code>597960e</code></a> 📖 Update README to accept fine-grained tokens (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1175">#1175</a>)</li> <li><a href="`8808ed28c3`"><code>8808ed2</code></a> 🌱 Retry external network calls when publishing results (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1191">#1191</a>)</li> <li><a href="`0eed6cb5da`"><code>0eed6cb</code></a> 🌱 Bump golang.org/x/net from 0.10.0 to 0.11.0</li> <li><a href="`6c6335c126`"><code>6c6335c</code></a> 🌱 Bump github/codeql-action from 2.3.6 to 2.20.0</li> <li><a href="`7f1baf380a`"><code>7f1baf3</code></a> 📖 Switch recommended badge link to the new viewer. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1176">#1176</a>)</li> <li><a href="`df98bbc13d`"><code>df98bbc</code></a> 🌱 Bump actions/checkout from 3.5.2 to 3.5.3</li> <li><a href="`75886d414a`"><code>75886d4</code></a> 🌱 Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1172">#1172</a>)</li> <li>Additional commits viewable in <a href="`80e868c13c...08b4669551`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.3&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-06-26 18:42:13 +00:00
dependabot[bot]	e39ed8e86a	Bump actions/checkout from 3.5.2 to 3.5.3 (#128625 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.5.3</h2> <h2>What's Changed</h2> <ul> <li>Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by <a href="https://github.com/megamanics"><code>@âmegamanics</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos"><code>@âDimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> <li>Add support for sparse checkouts by <a href="https://github.com/dscho"><code>@âdscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li> <li>Release v3.5.3 by <a href="https://github.com/TingluoHuang"><code>@âTingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/megamanics"><code>@âmegamanics</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li><a href="https://github.com/DimitriPapadopoulos"><code>@âDimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@âactions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@âactions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@âactions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c85c95e3d7`"><code>c85c95e</code></a> Release v3.5.3 (<a href="https://redirect.github.com/actions/checkout/issues/1376">#1376</a>)</li> <li><a href="`d106d4669b`"><code>d106d46</code></a> Add support for sparse checkouts (<a href="https://redirect.github.com/actions/checkout/issues/1369">#1369</a>)</li> <li><a href="`f095bcc56b`"><code>f095bcc</code></a> Fix typos found by codespell (<a href="https://redirect.github.com/actions/checkout/issues/1287">#1287</a>)</li> <li><a href="`47fbe2df0a`"><code>47fbe2d</code></a> Fix: Checkout fail in self-hosted runners when faulty submodule are checked-i...</li> <li>See full diff in <a href="`8e5e7e5ab8...c85c95e3d7`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.5.2&new-version=3.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>	2023-06-10 18:15:04 +00:00
dependabot[bot]	afdb2fac05	Bump actions/checkout from 3.5.1 to 3.5.2 (#124822 ) Bump actions/checkout from 3.5.1 to 3.5.2	2023-04-13 23:45:05 +00:00
dependabot[bot]	b95b86f820	Bump actions/checkout from 3.5.0 to 3.5.1 (#124731 ) Bump actions/checkout from 3.5.0 to 3.5.1	2023-04-12 23:39:38 +00:00
dependabot[bot]	1a4f7584d9	Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#123725 ) Bump ossf/scorecard-action from 2.1.2 to 2.1.3	2023-03-29 23:03:46 +00:00
dependabot[bot]	d6287cc417	Bump github/codeql-action from 2.2.8 to 2.2.9 (#123564 ) Bump github/codeql-action from 2.2.8 to 2.2.9	2023-03-27 22:49:35 +00:00
dependabot[bot]	4831dd99ef	Bump actions/checkout from 3.4.0 to 3.5.0 (#123431 ) Bump actions/checkout from 3.4.0 to 3.5.0	2023-03-24 23:17:14 +00:00
dependabot[bot]	789982896a	Bump github/codeql-action from 2.2.7 to 2.2.8 (#123359 ) Bump github/codeql-action from 2.2.7 to 2.2.8	2023-03-23 23:09:05 +00:00
dependabot[bot]	267e8896c5	Bump actions/checkout from 3.3.0 to 3.4.0 (#122764 ) Bump actions/checkout from 3.3.0 to 3.4.0	2023-03-15 23:10:36 +00:00
dependabot[bot]	502cff69ba	Bump github/codeql-action from 2.2.6 to 2.2.7 (#122763 ) Bump github/codeql-action from 2.2.6 to 2.2.7	2023-03-15 23:07:38 +00:00
dependabot[bot]	f9ad42a32d	Bump github/codeql-action from 2.2.5 to 2.2.6 (#122431 ) Bump github/codeql-action from 2.2.5 to 2.2.6	2023-03-11 03:32:04 +00:00
dependabot[bot]	b891465e5c	Bump github/codeql-action from 2.1.39 to 2.2.5 (#121429 ) Bump github/codeql-action from 2.1.39 to 2.2.5	2023-03-01 01:27:48 +00:00
dependabot[bot]	2b3ca0dc46	Bump github/codeql-action from 2.1.38 to 2.1.39 (#118735 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`515828d974...a34ca99b46`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 22:10:55 +00:00
dependabot[bot]	13a8dce22d	Bump github/codeql-action from 2.1.37 to 2.1.38 (#118482 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`959cbb7472...515828d974`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-13 22:07:50 +00:00
dependabot[bot]	aabf146f32	Bump github/codeql-action from 2.1.35 to 2.1.37 (#117104 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.37. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`b2a92eb56d...959cbb7472`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-11 16:55:18 +00:00
dependabot[bot]	2e0849e9dc	Bump actions/checkout from 3.1.0 to 3.3.0 (#118052 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`93ea575cb5...ac59398561`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-11 16:53:50 +00:00
dependabot[bot]	33c71beee4	Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#118116 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`83fd05a356...0b7f8abb15`) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-11 16:53:49 +00:00
dependabot[bot]	abd5217f48	Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#117554 ) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.1 to 2.1.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`15c10fcf1c...e38b1902ae`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-22 23:22:08 +00:00
dependabot[bot]	d71fa885ef	Bump ossf/scorecard-action from 2.1.0 to 2.1.1 (#117337 ) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`937ffa90d7...15c10fcf1c`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-20 20:08:41 +00:00
dependabot[bot]	91c1c70bd0	Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#117170 ) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`99c53751e0...937ffa90d7`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-15 22:25:55 +00:00
dependabot[bot]	4e8dacac8a	Bump github/codeql-action from 2.1.32 to 2.1.35 (#116379 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.32 to 2.1.35. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`4238421316...b2a92eb56d`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-01 21:44:10 +00:00
dependabot[bot]	e66183da33	Bump github/codeql-action from 2.1.25 to 2.1.32 (#115394 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.32. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`86f3159a69...4238421316`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-15 23:33:08 +00:00
dependabot[bot]	44c146abb8	Bump actions/upload-artifact from 3.1.0 to 3.1.1 (#113859 )	2022-10-21 22:11:16 +00:00
dependabot[bot]	a97dcc0da6	Bump ossf/scorecard-action from 2.0.3 to 2.0.6 (#113735 )	2022-10-20 05:52:31 +00:00
dependabot[bot]	7f80b9f069	Bump actions/checkout from 3.0.2 to 3.1.0 (#112884 )	2022-10-05 03:09:35 +00:00
dependabot[bot]	c34e9071c0	Bump github/codeql-action from 2.1.24 to 2.1.25 (#112113 )	2022-09-21 22:43:22 +00:00
dependabot[bot]	4bf395cb28	Bump github/codeql-action from 2.1.23 to 2.1.24 (#111784 )	2022-09-16 23:24:26 +00:00
dependabot[bot]	fd8d9269a4	Bump github/codeql-action from 2.1.22 to 2.1.23 (#111697 )	2022-09-15 22:35:58 +00:00
godofredoc	4590e07e7d	Manual update of scorecards 2.0.3 (#111441 )	2022-09-13 15:58:05 +00:00
dependabot[bot]	c54640174f	Bump ossf/scorecard-action from 2.0.0 to 2.0.2 (#111308 )	2022-09-10 01:52:22 +00:00
dependabot[bot]	6f9bcec40b	Bump ossf/scorecard-action from 1.1.2 to 2.0.0 (#111219 )	2022-09-08 22:14:56 +00:00
dependabot[bot]	1e47bcfb50	Bump github/codeql-action from 2.1.21 to 2.1.22 (#110809 )	2022-09-01 22:35:23 +00:00
dependabot[bot]	b546f1e57c	Bump github/codeql-action from 2.1.20 to 2.1.21 (#110273 )	2022-08-26 06:38:06 +00:00
dependabot[bot]	484a8841fd	Bump github/codeql-action from 2.1.19 to 2.1.20 (#110044 )	2022-08-22 22:26:52 +00:00
dependabot[bot]	8f1d0798fa	Bump github/codeql-action from 2.1.18 to 2.1.19 (#109888 )	2022-08-19 23:27:33 +00:00
dependabot[bot]	f34b8d1f4e	Bump github/codeql-action from 2.1.17 to 2.1.18 (#108923 )	2022-08-03 22:03:04 +00:00
dependabot[bot]	df8bead354	Bump github/codeql-action from 2.1.16 to 2.1.17 (#108580 )	2022-07-28 22:14:06 +00:00
dependabot[bot]	d949ca42e3	Bump github/codeql-action from 2.1.15 to 2.1.16 (#107587 )	2022-07-13 22:34:05 +00:00
dependabot[bot]	6fbd6ea027	Bump github/codeql-action from 2.1.14 to 2.1.15 (#106761 )	2022-06-28 22:06:05 +00:00

1 2

81 Commits