In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16.
Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281
3.25.4 - 08 May 2024
Update default CodeQL bundle version to 2.17.2. #2270
3.25.3 - 25 Apr 2024
Update default CodeQL bundle version to 2.17.1. #2247
Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261
3.25.2 - 22 Apr 2024
No user facing changes.
3.25.1 - 17 Apr 2024
We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuildbuild mode. #2235
Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245
3.25.0 - 15 Apr 2024
The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224
As a result, the following inputs and environment variables are now ignored:
The setup-python-dependencies input to the init Action
The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable
We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
Automatically overwrite an existing database if found on the filesystem. #2229
Bump the minimum CodeQL bundle version to 2.12.6. #2232
A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234
3.24.10 - 05 Apr 2024
Update default CodeQL bundle version to 2.17.0. #2219
Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. #2220
If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.24.10 and github/codeql-action/*@v2 by github/codeql-action/*@v2.24.10 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
[!IMPORTANT]
As of v3 this action has been superceded by gradle/actions/setup-gradle.
Any workflow that uses gradle/gradle-build-action@v3 will transparently delegate to gradle/actions/setup-gradle@v3.
Users are encouraged to update their workflows, replacing:
[!IMPORTANT]
As of v3 this action has been superceded by gradle/actions/setup-gradle.
Any workflow that uses gradle/gradle-build-action@v3 will transparently delegate to gradle/actions/setup-gradle@v3.
Users are encouraged to update their workflows, replacing:
[!IMPORTANT]
As of v3 this action has been superceded by gradle/actions/setup-gradle.
Any workflow that uses gradle/gradle-build-action@v3 will transparently delegate to gradle/actions/setup-gradle@v3.
Users are encouraged to update their workflows, replacing:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
No new problems were found according to the checks applied
💡 Qodana analysis was run in the pull request mode: only the changed files were checked
View the detailed Qodana report
To be able to view the detailed Qodana report, you can either:
- Register at [Qodana Cloud](https://qodana.cloud/) and [configure the action](https://github.com/jetbrains/qodana-action#qodana-cloud)
- Use [GitHub Code Scanning with Qodana](https://github.com/jetbrains/qodana-action#github-code-scanning)
- Host [Qodana report at GitHub Pages](https://github.com/JetBrains/qodana-action/blob/3a8e25f5caad8d8b01c1435f1ef7b19fe8b039a0/README.md#github-pages)
- Inspect and use `qodana.sarif.json` (see [the Qodana SARIF format](https://www.jetbrains.com/help/qodana/qodana-sarif-output.html#Report+structure) for details)
To get `*.log` files or any other Qodana artifacts, run the action with `upload-result` option set to `true`,
so that the action will upload the files as the job artifacts:
```yaml
- name: 'Qodana Scan'
uses: JetBrains/qodana-action@v2024.1.5
with:
upload-result: true
```
Contact Qodana team
Contact us at [qodana-support@jetbrains.com](mailto:qodana-support@jetbrains.com)
- Or via our issue tracker: https://jb.gg/qodana-issue
- Or share your feedback: https://jb.gg/qodana-discussions
Bumps the all group with 5 updates:
3
4
3
4
2023.2
2024.1
2
3
2.2.1
3.3.2
Updates
actions/setup-java
from 3 to 4Release notes
Sourced from actions/setup-java's releases.
... (truncated)
Commits
99b8673
Patch for java version file (#610)5896cec
Added .tool-versions file support (#606)80ae3c2
Update httpclient version and other dependencies (#607)9704b39
Added Windows Arm64 Support for Windows Arm64 Runners (#595)7a445ee
Fix typo in configuration example (#572)3232623
Oracle JDK 21 support (#538)c0660d8
docs: add note about maven-gpg-plugin version (#570)2f7af1b
make it clear that Java 21 is supported (#566)16ef37f
HTTP errors when the token is undefined (#556)a237454
feat: bump actions/checkout and actions/setup-java to v4 (#533)Updates
actions/checkout
from 3 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
a5ac7e5
Update for 4.1.6 release (#1733)24ed1a3
Check platform for extension (#1732)44c2b7a
README: Suggestuser.email
to be `41898282+github-actions[bot]@users
.norepl...8459bc0
Bump actions/upload-artifact from 2 to 4 (#1695)3f603f6
Bump actions/setup-node from 1 to 4 (#1696)fd084cd
Bump github/codeql-action from 2 to 3 (#1694)9c1e94e
Update NPM dependencies (#1703)0ad4b8f
Prep Release v4.1.4 (#1704)43045ae
Disableextensions.worktreeConfig
when disablingsparse-checkout
(#1692)37b0821
Bump the minor-actions-dependencies group with 2 updates (#1693)Updates
JetBrains/qodana-action
from 2023.2 to 2024.1Release notes
Sourced from JetBrains/qodana-action's releases.
... (truncated)
Commits
32840fd
Merge pull request #310 from JetBrains/nexteeccdb2
:arrow_up: Updateqodana
tov2024.1.5
85272e3
:bricks: Addclang
integration tests3c1919b
:bricks: Include more options into test matrix24381a6
:arrow_up: Bump the npm-development group with 2 updatesb78548c
:bricks: Set up more tests0e6bc1d
:arrow_up: Updateqodana
tov2024.1.4
03c90b2
:arrow_up: Bump the npm-production group with 2 updates132167b
:arrow_up: Bump eslint-plugin-jest in the npm-development groupba18ada
:bug: Fix invalid branch namesUpdates
github/codeql-action
from 2 to 3Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
cbe408d
Add optiontools: linked
for init action.bf2faab
Merge pull request #2288 from github/mergeback/v3.25.5-to-main-b7cec75232f554e
Update checked-in dependencies9f6ef11
Update changelog and version after v3.25.5b7cec75
Merge pull request #2287 from github/update-v3.25.5-4a519724790e315a
Update tests for GHEC-DR6778fe4
Update changelog for v3.25.5Updates
gradle/gradle-build-action
from 2.2.1 to 3.3.2Release notes
Sourced from gradle/gradle-build-action's releases.
... (truncated)
Commits
4c39dd8
Bump to v3.3.2e2097cc
Bump to use v3.3.18baac4c
Map setup-gradle outputs back to gradle-build-action595fa85
Run quick-check on mainf02f491
Update action.yml for setup-gradle@v3.3.0cb6e43f
Emit correct deprecation warnings in setup-gradlebdf99f9
Update action.yml for v3.2.1fe59895
Disable dependabot for this repo928891f
Update action.yml for v3.2.0942d5e1
Bump Gradle Wrapper from 8.6 to 8.7 in /.github/workflow-samplesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show