Update default CodeQL bundle version to 2.16.0. #2073
Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. #2079
3.23.0 - 08 Jan 2024
We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. #2031
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Bumps github/codeql-action from 3.22.12 to 3.23.1.
Changelog
Sourced from github/codeql-action's changelog.
Commits
0b21cf2
Merge pull request #2089 from github/update-v3.23.1-f65ecd09cae61614
Update changelog for v3.23.1f65ecd0
Only delete SARIF in PR check if not running on a fork (#2084)4d75a10
Merge pull request #2073 from github/update-bundle/codeql-bundle-v2.16.0e65c5d9
Merge pull request #2086 from github/dependabot/npm_and_yarn/npm-c0441c84d96b12e3d
Update checked-in dependenciese292db6
Bump the npm group with 4 updates1fea7a5
Merge branch 'main' into update-bundle/codeql-bundle-v2.16.09653106
Stop settingCODEQL_RUNNER
environment variable if CLI already sets it (#2081)eb14aeb
Merge pull request #2080 from github/henrymercer/fix-unconditional-warningDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show