Update default CodeQL bundle version to 2.17.5. #2327
3.25.9 - 12 Jun 2024
Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332
Commits
23acc5c Merge pull request #2337 from github/update-v3.25.10-5bf6dad35
This release improves the integration with Gradle Develocity®, as well as updating a number of key dependencies.
The new develocity-access-key input parameter allows the action to generate a short-lived access token for subsequent
communication with Develocity. This reduces the risk of the full (long-lived) access key being compromised,
either accidentally or by a malicious action.
New input parameters are available to configure Develocity injection. Previously Develocity injection could only be
enabled by setting environment variables.
Checksums for Gradle 8.8 are now included, so that no network request is required for wrapper-validation with Gradle 8.8 wrappers.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Aaron-Ritter
commented
3 weeks ago
Bumps the prod-github-actions group with 3 updates: actions/checkout, github/codeql-action and gradle/actions.
Updates
actions/checkoutfrom 4.1.6 to 4.1.7Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
Commits
692973ePrepare 4.1.7 release (#1775)6ccd57fPin actions/checkout's own workflows to a known, good, stable version. (#1776)b17fe1eHandle hidden refs (#1774)b80ff79Bump actions/checkout from 3 to 4 (#1697)b1ec302Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)Updates
github/codeql-actionfrom 3.25.8 to 3.25.10Changelog
Sourced from github/codeql-action's changelog.
Commits
23acc5cMerge pull request #2337 from github/update-v3.25.10-5bf6dad359b72dbdUpdate changelog for v3.25.105bf6dadMerge pull request #2329 from github/henrymercer/csharp-buildless-rollback-me...feec81cMerge branch 'main' into henrymercer/csharp-buildless-rollback-mechanism789b5f8Merge pull request #2328 from github/henrymercer/direct-tracing-fixc36b5fcMerge pull request #2327 from github/update-bundle/codeql-bundle-v2.17.5b3642aaMerge branch 'main' into update-bundle/codeql-bundle-v2.17.51fc6e20Merge pull request #2335 from github/mergeback/v3.25.9-to-main-530d4fea356bee4Update checked-in dependencies385808cUpdate changelog and version after v3.25.9Updates
gradle/actionsfrom 3.3.2 to 3.4.0Release notes
Sourced from gradle/actions's releases.
Commits
d9336da[bot] Update dist directory8dbe9a3Update DV access key regex to be more selective9c34307[bot] Update dist directory30c82f0Fail on invalid boolean for Develocity inputse3bc05fRun CodeQL on PRs485ea10Run CodeQL on dev/* branchesc1091c9[bot] Update dist directoryd0a116fAdding Develocity input actions (#244)e238a7a[bot] Update dist directory1d2ea6eBump references to Develocity Gradle plugin from 3.17.4 to 3.17.5Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show