Update default CodeQL bundle version to 2.17.2. #2270
Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
3.25.3 - 25 Apr 2024
Update default CodeQL bundle version to 2.17.1. #2247
Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261
3.25.2 - 22 Apr 2024
No user facing changes.
3.25.1 - 17 Apr 2024
We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuildbuild mode. #2235
Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245
3.25.0 - 15 Apr 2024
The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224
As a result, the following inputs and environment variables are now ignored:
The setup-python-dependencies input to the init Action
The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable
We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
Automatically overwrite an existing database if found on the filesystem. #2229
Bump the minimum CodeQL bundle version to 2.12.6. #2232
A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234
Commits
ccf74c9 Merge pull request #2275 from github/update-v3.25.4-4b812a5df
This version removes annotations option (because it was useless), and removes the default output format (github-actions).
The annotations are still produced but with another approach.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot]
commented
1 month ago
Bumps the github-actions group with 5 updates in the / directory:
4.1.24.1.53.24.103.25.45.0.05.0.14.0.06.0.14.3.04.3.1Updates
actions/checkoutfrom 4.1.2 to 4.1.5Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
Commits
44c2b7aREADME: Suggestuser.emailto be `41898282+github-actions[bot]@users.norepl...8459bc0Bump actions/upload-artifact from 2 to 4 (#1695)3f603f6Bump actions/setup-node from 1 to 4 (#1696)fd084cdBump github/codeql-action from 2 to 3 (#1694)9c1e94eUpdate NPM dependencies (#1703)0ad4b8fPrep Release v4.1.4 (#1704)43045aeDisableextensions.worktreeConfigwhen disablingsparse-checkout(#1692)37b0821Bump the minor-actions-dependencies group with 2 updates (#1693)9839dc1Add dependabot config (#1688)9b4c13bBump word-wrap from 1.2.3 to 1.2.5 (#1643)Updates
github/codeql-actionfrom 3.24.10 to 3.25.4Changelog
Sourced from github/codeql-action's changelog.
Commits
ccf74c9Merge pull request #2275 from github/update-v3.25.4-4b812a5df4fdf4acUpdate changelog for v3.25.44b812a5Merge pull request #2270 from github/update-bundle/codeql-bundle-v2.17.21e21373Merge pull request #2272 from github/marcogario-patch-14673d41Build js files65297efUpdate link to deprecation changelog84d6eadMerge pull request #2271 from github/koesie10/remove-cli-sarif-merge-ffb20bf59Remove CLI SARIF merge feature flag93b8232Merge pull request #2265 from github/koesie10/deprecate-mergeee63da2Add changelog noteUpdates
actions/setup-gofrom 5.0.0 to 5.0.1Release notes
Sourced from actions/setup-go's releases.
Commits
cdcb360Remove the description of the old go.mod specification (#458)99176a8Update README.md with V5 release notes (#459)be1aa11Bump undici from 5.28.2 to 5.28.3 (#465)6c1fd22docs: bumpactions/setup-goto v5 (#449)Updates
golangci/golangci-lint-actionfrom 4.0.0 to 6.0.1Release notes
Sourced from golangci/golangci-lint-action's releases.
... (truncated)
Commits
a4f60bbfix: use 3-dots syntax for diff on push (#1040)5815a4bdoc: improve readme23faadfdoc: improve readmeb556f25doc: improve readme789f114feat: rewrite format handling (#1038)d36b91cbuild(deps-dev): bump@typescript-eslint/parserfrom 7.7.1 to 7.8.0 (#1035)a9eb115build(deps): bump@types/nodefrom 20.12.7 to 20.12.8 (#1036)bd4fa7cbuild(deps-dev): bump@typescript-eslint/eslint-pluginfrom 7.7.1 to 7.8.0 (#...38e1018feat: improve log about pwd/cwd (#1033)21e9e6bfeat: use OS and working-directory as cache key (#1032)Updates
codecov/codecov-actionfrom 4.3.0 to 4.3.1Release notes
Sourced from codecov/codecov-action's releases.
Commits
5ecb98achore(release): 4.3.1. (#1405)5a299d1fix: bypass token checks for forks and OIDC (#1404)dad251ddocs: main branch (#1396)e8bbe5fdocs: Type Annotations (#1397)a6fd87fbuild(deps-dev): bump@typescript-eslint/parserfrom 7.7.1 to 7.8.0 (#1401)76c8cd6build(deps-dev): bump@typescript-eslint/eslint-pluginfrom 7.7.1 to 7.8.0 (#...1290bddstyle: Node Packages (#1394)951ef79build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#1391)bb71c1bbuild(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1392)acc5d43build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1393)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show