Add .zip extension to Windows package downloads for Expand-Archive Compatibility by @priyagupta108 in actions/setup-python#916
This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly.
Add arch to cache key by @Zxilly in actions/setup-python#896
This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts
fix(ci): update all failing workflows by @mayeut in actions/setup-python#863
This update ensures compatibility and optimal performance of workflows on the latest macOS version.
See the releases page for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
[UNRELEASED]
No user facing changes.
3.26.8 - 19 Sep 2024
Update default CodeQL bundle version to 2.19.0. #2483
3.26.7 - 13 Sep 2024
Update default CodeQL bundle version to 2.18.4. #2471
3.26.6 - 29 Aug 2024
Update default CodeQL bundle version to 2.18.3. #2449
3.26.5 - 23 Aug 2024
Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441
3.26.4 - 21 Aug 2024
Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434
3.26.3 - 19 Aug 2024
Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430
3.26.2 - 14 Aug 2024
Update default CodeQL bundle version to 2.18.2. #2417
3.26.1 - 13 Aug 2024
No user facing changes.
3.26.0 - 06 Aug 2024
Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
Bump the minimum CodeQL bundle version to 2.13.5. #2408
3.25.15 - 26 Jul 2024
... (truncated)
Commits
294a9d9 Merge pull request #2490 from github/update-v3.26.8-64431c66d
We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 9 updates in the / directory:
5.1.0
5.2.0
3.25.11
3.26.8
4.2.1
4.3.0
4.0.0
4.0.1
4.3.4
4.4.0
2.1.1
2.1.2
3.2.0
3.3.0
3.4.0
3.6.1
0.23.0
0.24.0
Updates
actions/setup-python
from 5.1.0 to 5.2.0Release notes
Sourced from actions/setup-python's releases.
Commits
f677139
Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)2bd53f9
Documentation update for caching poetry dependencies (#908)80b49d3
fix: add arch to cache key (#896)036a523
Fix: Add.zip
extension to Windows package downloads forExpand-Archive
C...04c1311
Fix display of emojis in contributors doc (#899)cb68456
Updated@iarna/toml
version to 3.0.0 (#912)39cd149
Documentation update for cache (#873)a0d74c0
fix(ci): update all failing workflows (#863)4eb7dbc
Bump braces from 3.0.2 to 3.0.3 (#893)Updates
github/codeql-action
from 3.25.11 to 3.26.8Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
294a9d9
Merge pull request #2490 from github/update-v3.26.8-64431c66d00b3604
Update changelog for v3.26.864431c6
Merge pull request #2483 from github/update-bundle/codeql-bundle-v2.19.0e0e2d75
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0cb28816
Merge pull request #2487 from rvermeulen/rvermeulen/uri-errors-as-warnings498c508
Rebuild JavaScript filesa1a585f
Merge branch 'main' into rvermeulen/uri-errors-as-warnings34666c1
Merge pull request #2488 from github/henrymercer/debug-artifacts-better-logging6e24973
Improve logging for combined SARIF debug artifactd0a3cf2
Improve logging for debug artifactsUpdates
actions/setup-java
from 4.2.1 to 4.3.0Release notes
Sourced from actions/setup-java's releases.
Commits
2dfa201
basic validation failure fix (#682)7467385
feat: add support for SapMachine JDK/JRE (#614)8e04ddf
Update Error Messages and Fix Architecture Detection for IBM Semeru (#677)67fbd72
Fix typos on Corretto (#665) (#666)6a0805f
Fix the bug about parsing dragonwell version (#642) (#643)fd08b9c
Bump undici from 5.28.3 to 5.28.4 (#616)2e74cbc
Fix versions check failures (#634)a1c6c9c
Updated advanced-usage.md (#622)Updates
actions/setup-dotnet
from 4.0.0 to 4.0.1Release notes
Sourced from actions/setup-dotnet's releases.
Commits
6bd8b7f
Bump braces from 3.0.2 to 3.0.3 (#533)5d1464d
Bump undici from 5.27.2 to 5.28.3 (#515)3e6b9fe
Update links to runner software (#499)769316e
Update README.md to use latest action version (#502)Updates
actions/upload-artifact
from 4.3.4 to 4.4.0Release notes
Sourced from actions/upload-artifact's releases.
Commits
5076954
Merge pull request #598 from actions/joshmgross/exclude-hidden-filesd52396a
Add a warning about enablinginclude-hidden-files
710f362
Remove "merged" frominclude-hidden-files
input description3b315f2
npm run release
again 🙂3be2180
Remove another trailing comma453e8d0
Update glob license0a398c1
npm run release
a0c40cf
Update to latest@actions/glob
and fix testsacb59e4
lint
cb6558b
Exclude hidden files by defaultUpdates
checkmarx/kics-github-action
from 2.1.1 to 2.1.2Release notes
Sourced from checkmarx/kics-github-action's releases.
Commits
530ac1f
Merge pull request #118 from Checkmarx/dependabot/docker/checkmarx/kics-v2.1.2a979423
Bump checkmarx/kics from v2.1.1 to v2.1.2Updates
docker/login-action
from 3.2.0 to 3.3.0Release notes
Sourced from docker/login-action's releases.
Commits
9780b0c
Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...2fa130c
chore: update generated content5e87b2a
build(deps): bump https-proxy-agente039495
Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...9af18aa
chore: update generated content668190a
switch to Docker execbe5150d
build(deps): bump@docker/actions-toolkit
from 0.24.0 to 0.35.0e80ebca
Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.375ee3ea
Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...793c19c
build(deps): bump docker/bake-action from 4 to 5Updates
docker/setup-buildx-action
from 3.4.0 to 3.6.1Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
988b5a0
Merge pull request #347 from crazy-max/skip-malformed-context2c21562
chore: update generated content3382292
check for malformed docker context3d68780
Merge pull request #341 from crazy-max/docker-context-tlsd069e98
chore: update generated content8b850f8
create docker context if default one has TLS data loadedaa33708
Merge pull request #345 from docker/dependabot/npm_and_yarn/docker/actions-to...2d99e34
chore: update generated content4dab436
build(deps): bump@docker/actions-toolkit
from 0.34.0 to 0.35.049a04d6
Merge pull request #344 from docker/dependabot/npm_and_yarn/docker/actions-to...Updates
aquasecurity/trivy-action
from 0.23.0 to 0.24.0Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
6e7b7d1
Upgrade trivy to v0.53.0 (#369)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show