Update default CodeQL bundle version to 2.17.0. #2219
Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. #2220
If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.24.10 and github/codeql-action/*@v2 by github/codeql-action/*@v2.24.10 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
Commits
4355270 Merge pull request #2226 from github/update-v3.24.10-7df281f2f
[NEW] Support authentication for plugin repositories (#31)
[FIX] Improve rendering of build results table with long values (#35)
Improvements to Dependency Submission
[FIX] Do not attempt to resolve dependency configurations that are excluded via env var (#107)
Improvements to Develocity injection
[NEW] Use com.develocity.gradle plugin version 3.17 by default
[NEW] Can configure capture of file-fingerprint (#58)
[FIX] Reduce log-level of messages emitted by Develocity injection (#60)
Note
Release includes v3.2.0 of gradle/actions/setup-gradle and gradle/actions/dependency-submission.
Available under the v3 version tag.
The gradle/actions/setup-gradle action supersedes gradle/gradle-build-action.
The gradle/gradle-build-action@v3.2.0 version will be released in parallel, and will delegate to this release of gradle/actions/setup-gradle.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the prod-github-actions group with 2 updates: github/codeql-action and gradle/actions.
Updates
github/codeql-actionfrom 3.24.9 to 3.24.10Changelog
Sourced from github/codeql-action's changelog.
Commits
4355270Merge pull request #2226 from github/update-v3.24.10-7df281f2f3f041c5Update changelog for v3.24.107df281fGracefully continue ifcreateStatusReportBasethrows (#2225)f421cdaRun integration test PR checks nightly (#2222)5f535deMerge pull request #2221 from github/nickfyson/upload-logging278465cMerge pull request #2219 from github/update-bundle/codeql-bundle-v2.17.065e69c8Merge branch 'main' into update-bundle/codeql-bundle-v2.17.0c037115clarify logging in response to pr review commentsd3c32a8fix test to respect updated logging behaviour2654062Merge branch 'main' into nickfyson/upload-loggingUpdates
gradle/actionsfrom 3.1.0 to 3.2.0Release notes
Sourced from gradle/actions's releases.
Commits
e24011aUpdatedependency-submissionaction for 3.2.0eb261d5Document plugin authentication in README875d136Update NPM dependency versionsa5a8ae9Bump to v1.3.0 of the dependency-graph plugin5fe1aecDevelocity updates (#101)7be6c56Build outputs7e87a5eImprove test coverage for different plugin versions518b14bSwitch from com.gradle.enterprise to com.gradle.develocity81b3a2dBump to Develocity plugin 3.17195c67fUse Develocity plugin v3.17 for build-scan-publishDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show