Add sarif-id as an output for the upload-sarif and analyze actions. #889
Add ref and sha inputs to the analyze action, which override the defaults provided by the GitHub Action context. #889
Update default CodeQL bundle version to 2.8.0. #911
1.0.31 - 31 Jan 2022
Remove experimental message when using custom CodeQL packages. #888
Add a better warning message stating that experimental features will be disabled if the workflow has been triggered by a pull request from a fork or the security-events: write permission is not present. #882
1.0.30 - 24 Jan 2022
Display a better error message when encountering a workflow that runs the codeql-action/init action multiple times. #876
Update default CodeQL bundle version to 2.7.6. #877
1.0.29 - 21 Jan 2022
The feature to wait for SARIF processing to complete after upload has been disabled by default due to a bug in its interaction with pull requests from forks.
1.0.28 - 18 Jan 2022
Update default CodeQL bundle version to 2.7.5. #866
Fix a bug where SARIF files were failing upload due to an invalid test for unique categories. #872
1.0.27 - 11 Jan 2022
The analyze and upload-sarif actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the wait-for-processing action input to "false". #855
1.0.26 - 10 Dec 2021
Update default CodeQL bundle version to 2.7.3. #842
1.0.25 - 06 Dec 2021
No user facing changes.
1.0.24 - 23 Nov 2021
Update default CodeQL bundle version to 2.7.2. #827
1.0.23 - 16 Nov 2021
The upload-sarif action now allows multiple uploads in a single job, as long as they have different categories. #801
... (truncated)
Commits
2b46439 Merge pull request #913 from github/update-v1.0.32-4eb03fb6
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github/codeql-action from 1.0.26 to 1.0.32.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
2b46439
Merge pull request #913 from github/update-v1.0.32-4eb03fb66d8390b
1.0.324eb03fb
Merge pull request #907 from github/henrymercer/report-ml-powered-query-enabl...03c64ef
Add more documentation for ML-powered JS queries status reportcc622a0
Merge branch 'main' into henrymercer/report-ml-powered-query-enablementc95a3d8
Limit cardinality of ML-powered JS queries status reportf888be7
Nit: Simplify code with optional chaining16d4068
Merge pull request #911 from github/cklin/codeql-cli-2.8.0aab5452
Update default CodeQL version to 2.8.0501fe7f
UpdategetMlPoweredJsQueriesStatus
docDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)