Update default CodeQL bundle version to 2.17.1. #2247
Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261
3.25.2 - 22 Apr 2024
No user facing changes.
3.25.1 - 17 Apr 2024
We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuildbuild mode. #2235
Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245
3.25.0 - 15 Apr 2024
The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224
As a result, the following inputs and environment variables are now ignored:
The setup-python-dependencies input to the init Action
The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable
We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
Automatically overwrite an existing database if found on the filesystem. #2229
Bump the minimum CodeQL bundle version to 2.12.6. #2232
A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234
Commits
d39d31e Merge pull request #2262 from github/update-v3.25.3-ac2f82a1f
This version removes annotations option (because it was useless), and removes the default output format (github-actions).
The annotations are still produced but with another approach.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 5 updates in the / directory:
4.1.2
4.1.5
3.24.10
3.25.3
5.0.0
5.0.1
4.0.0
6.0.1
4.3.0
4.3.1
Updates
actions/checkout
from 4.1.2 to 4.1.5Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
Commits
44c2b7a
README: Suggestuser.email
to be `41898282+github-actions[bot]@users
.norepl...8459bc0
Bump actions/upload-artifact from 2 to 4 (#1695)3f603f6
Bump actions/setup-node from 1 to 4 (#1696)fd084cd
Bump github/codeql-action from 2 to 3 (#1694)9c1e94e
Update NPM dependencies (#1703)0ad4b8f
Prep Release v4.1.4 (#1704)43045ae
Disableextensions.worktreeConfig
when disablingsparse-checkout
(#1692)37b0821
Bump the minor-actions-dependencies group with 2 updates (#1693)9839dc1
Add dependabot config (#1688)9b4c13b
Bump word-wrap from 1.2.3 to 1.2.5 (#1643)Updates
github/codeql-action
from 3.24.10 to 3.25.3Changelog
Sourced from github/codeql-action's changelog.
Commits
d39d31e
Merge pull request #2262 from github/update-v3.25.3-ac2f82a1fa727825
Move changenote to most recent section1efa859
Update changelog for v3.25.3ac2f82a
Log warning if SIP is disabled and CLI version is < 2.15.1 (#2261)0ad7791
Merge pull request #2247 from github/update-bundle/codeql-bundle-v2.17.179d9ee7
Merge branch 'main' into update-bundle/codeql-bundle-v2.17.1dbf2b17
Merge pull request #2255 from github/mergeback/v3.25.2-to-main-8f596b4aff6a3c4
Update checked-in dependencies619dc0c
Update changelog and version after v3.25.28f596b4
Merge pull request #2254 from github/update-v3.25.2-4909c1ffbUpdates
actions/setup-go
from 5.0.0 to 5.0.1Release notes
Sourced from actions/setup-go's releases.
Commits
cdcb360
Remove the description of the old go.mod specification (#458)99176a8
Update README.md with V5 release notes (#459)be1aa11
Bump undici from 5.28.2 to 5.28.3 (#465)6c1fd22
docs: bumpactions/setup-go
to v5 (#449)Updates
golangci/golangci-lint-action
from 4.0.0 to 6.0.1Release notes
Sourced from golangci/golangci-lint-action's releases.
... (truncated)
Commits
a4f60bb
fix: use 3-dots syntax for diff on push (#1040)5815a4b
doc: improve readme23faadf
doc: improve readmeb556f25
doc: improve readme789f114
feat: rewrite format handling (#1038)d36b91c
build(deps-dev): bump@typescript-eslint/parser
from 7.7.1 to 7.8.0 (#1035)a9eb115
build(deps): bump@types/node
from 20.12.7 to 20.12.8 (#1036)bd4fa7c
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 7.7.1 to 7.8.0 (#...38e1018
feat: improve log about pwd/cwd (#1033)21e9e6b
feat: use OS and working-directory as cache key (#1032)Updates
codecov/codecov-action
from 4.3.0 to 4.3.1Release notes
Sourced from codecov/codecov-action's releases.
Commits
5ecb98a
chore(release): 4.3.1. (#1405)5a299d1
fix: bypass token checks for forks and OIDC (#1404)dad251d
docs: main branch (#1396)e8bbe5f
docs: Type Annotations (#1397)a6fd87f
build(deps-dev): bump@typescript-eslint/parser
from 7.7.1 to 7.8.0 (#1401)76c8cd6
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 7.7.1 to 7.8.0 (#...1290bdd
style: Node Packages (#1394)951ef79
build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#1391)bb71c1b
build(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1392)acc5d43
build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1393)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show