github-actions[bot]
commented
2 months ago [puLL-Merge] - github/codeql-action@v3.26.0..v3.26.2
Description
This PR introduces several changes to the CodeQL action, including updates to dependencies, improvements to error handling, and enhancements to functionality. The main changes include updating the CodeQL bundle version, adding telemetry for bundle downloads, and improving the handling of variable declarations in for loops.
Changes
### Changes 1. `package.json`: - Updated version to 3.26.2 - Updated dependencies, including adm-zip to 0.5.15 and various dev dependencies 2. `src/codeql.ts`: - Changed `toolsDownloadDurationMs` to `toolsDownloadStatusReport` in several functions - Added `cloneObject` function import 3. `src/config-utils.ts`: - Added `parseRegistriesWithoutCredentials` function 4. `src/defaults.json`: - Updated CodeQL bundle and CLI versions to 2.18.2 5. `src/diagnostics.ts`: - Modified `addDiagnostic` and `writeDiagnostic` to handle undefined language 6. `src/init-action.ts`: - Added logging for job run UUID - Added telemetry for CodeQL bundle download - Added packs, registries, and query filters to status report 7. `src/setup-codeql.ts`: - Added `ToolsDownloadStatusReport` interface - Modified `downloadCodeQL` function to return more detailed download status 8. `adm-zip` library updates: - Improved error handling and added new error types - Enhanced support for Unicode filenames - Added support for custom file system modules 9. Various test files: - Updated tests to reflect changes in the main codePossible Issues
- The changes to variable declaration handling in for loops might affect existing code that relies on the previous behavior.
- The new telemetry for bundle downloads might raise privacy concerns if not properly communicated to users.
Security Hotspots
No significant security issues were identified in this change. The updates to the adm-zip library may improve security by addressing potential vulnerabilities, but a thorough security review of the changes would be recommended.
This PR contains the following updates:
v3.26.0->v3.26.2v3.26.3Release Notes
github/codeql-action (github/codeql-action)
### [`v3.26.2`](https://togithub.com/github/codeql-action/compare/v3.26.1...v3.26.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.26.1...v3.26.2) ### [`v3.26.1`](https://togithub.com/github/codeql-action/compare/v3.26.0...v3.26.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.26.0...v3.26.1)Configuration
π Schedule: Branch creation - " 0-4 * 3" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.