Bump github/codeql-action from 2 to 3

[dependabot[bot]]

Type

Enhancement

---

Description

This PR updates the version of github/codeql-action used in the codeql-analysis workflow from version 2 to 3. The changes are made in the .github/workflows/codeql-analysis.yml file. The following steps in the workflow are updated:

• Initialize CodeQL
• Autobuild
• Perform CodeQL Analysis

---

PR changes walkthrough

	Relevant files
Configuration changes	1 files codeql-analysis.yml                                                                                  .github/workflows/codeql-analysis.yml The version of github/codeql-action used in the codeql-analysis workflow is updated from version 2 to 3. This affects the Initialize CodeQL, Autobuild, and Perform CodeQL Analysis steps in the workflow. +3/-3

---

User description

Bumps github/codeql-action from 2 to 3.

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.15.4

Bundles CodeQL CLI v2.15.4

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.4:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.3

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.3:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.2

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.2:

• codeql/cpp-queries (changelog, source)

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

Commits

• b374143 Merge pull request #2034 from github/update-v3.22.11-64e61baea
• e2b5cc7 Update changelog for v3.22.11
• 64e61ba Merge pull request #2006 from github/nickfyson/node-20
• c757f9f Apply suggestions from code review
• 7898bc2 add pr check for node version consistency
• 6b5b958 remove dedundant single quotes from node version strings
• ea1e72c Update .github/workflows/pr-checks.yml
• b974542 Merge branch 'main' into nickfyson/node-20
• b995212 Bump the actions group with 2 updates (#2024)
• 3c1878d Merge pull request #2029 from github/mergeback/v2.22.10-to-main-305f6546
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[semanticdiff-com[bot]]

Review changes with SemanticDiff.

[codiumai-pr-agent-free[bot]]

PR Description updated to latest commit (https://github.com/cleder/pygeoif/commit/2cdb9b6a93ef31390175cec72a2e635f4191bee7)

[codiumai-pr-agent-free[bot]]

PR Analysis

(review updated until commit https://github.com/cleder/pygeoif/commit/2cdb9b6a93ef31390175cec72a2e635f4191bee7)

• 🎯 Main theme: Updating the version of github/codeql-action used in the codeql-analysis workflow from version 2 to 3.

• 📝 PR summary: This PR is an enhancement that updates the version of github/codeql-action used in the codeql-analysis workflow from version 2 to 3. The changes are made in the .github/workflows/codeql-analysis.yml file. The steps in the workflow that are updated include Initialize CodeQL, Autobuild, and Perform CodeQL Analysis.

• 📌 Type of PR: Enhancement

• 🧪 Relevant tests added: No

• ⏱️ Estimated effort to review [1-5]: 1, because the changes are straightforward and only involve updating the version of a GitHub action.

• 🔒 Security concerns: No security concerns found

  PR Feedback

• 💡 General suggestions: The PR seems to be straightforward and does not introduce any new logic or functionality, but rather updates the version of a GitHub action. It would be beneficial to include in the PR description the reasons for updating to the new version and what improvements or changes it brings.

• 🤖 Code feedback:

How to use

Instructions

> To invoke the PR-Agent, add a comment using one of the following commands: > **/review**: Request a review of your Pull Request. > **/describe**: Update the PR title and description based on the contents of the PR. > **/improve [--extended]**: Suggest code improvements. Extended mode provides a higher quality feedback. > **/ask \**: Ask a question about the PR. > **/update_changelog**: Update the changelog based on the PR's contents. > **/add_docs**: Generate docstring for new components introduced in the PR. > **/generate_labels**: Generate labels for the PR based on the PR's contents. > see the [tools guide](https://github.com/Codium-ai/pr-agent/blob/main/docs/TOOLS_GUIDE.md) for more details. >To edit any configuration parameter from the [configuration.toml](https://github.com/Codium-ai/pr-agent/blob/main/pr_agent/settings/configuration.toml), add --config_path=new_value. >For example: /review --pr_reviewer.extra_instructions="focus on the file: ..." >To list the possible configuration parameters, add a **/config** comment.

[what-the-diff[bot]]

PR Summary

• Updated CodeQL Analysis Workflow The workflow file (codeql-analysis.yml) utilized for running checks on our code was updated. To break it down:

  • The component responsible for setting up our Code Quality Tool, known as CodeQL, has been updated from version 2 to version 3 (github/codeql-action/init@v3). This tool helps us identify any potential vulnerabilities in our codebase. An upgrade in version should mean it's better at catching potential issues.

  • The component that automatically builds our code during the checking process has also been updated from version 2 to version 3 (github/codeql-action/autobuild@v3). This means the build process is likely more efficient or reliable now.

  • Lastly, the component directly responsible for performing the analysis of our code (aka looking for problems) has been updated from version 2 to version 3 (github/codeql-action/analyze@v3). This upgrade should make it more effective at performing its role, thereby improving the quality of our codebase.

[codiumai-pr-agent-free[bot]]

Persistent review updated to latest commit https://github.com/cleder/pygeoif/commit/2cdb9b6a93ef31390175cec72a2e635f4191bee7

[ghost]

👇 Click on the image for a new way to code review

#### [](https://app.codesee.io/r/reviews?pr=196&src=https%3A%2F%2Fgithub.com%2Fcleder%2Fpygeoif) #### Legend

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (a6e0741) 100.00% compared to head (2cdb9b6) 100.00%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #196 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 21 21 Lines 2371 2371 Branches 258 258 ========================================= Hits 2371 2371 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.