CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See release notes for 3.23.0 for more details. #2106
3.23.2 - 26 Jan 2024
On Linux, the maximum possible value for the --threads option now respects the CPU count as specified in cgroup files to more accurately reflect the number of available cores when running in containers. #2083
Update default CodeQL bundle version to 2.16.1. #2096
3.23.1 - 17 Jan 2024
Update default CodeQL bundle version to 2.16.0. #2073
Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. #2079
3.23.0 - 08 Jan 2024
We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. #2031
Update default CodeQL bundle version to 2.15.5. #2047
3.22.11 - 13 Dec 2023
[v3+ only] The CodeQL Action now runs on Node.js v20. #2006
2.22.10 - 12 Dec 2023
Update default CodeQL bundle version to 2.15.4. #2016
2.22.9 - 07 Dec 2023
No user facing changes.
2.22.8 - 23 Nov 2023
Update default CodeQL bundle version to 2.15.3. #2001
2.22.7 - 16 Nov 2023
Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. #1993
If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
2.22.6 - 14 Nov 2023
Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init.
Update default CodeQL bundle version to 2.15.2. #1978
... (truncated)
Commits
738d232 Merge pull request #2101 from github/mergeback/v3.23.2-to-main-b7bf0a3e
In scope of this release, the filter was removed within the cache-save step by @dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github group in /.github/workflows with 4 updates: actions/checkout, github/codeql-action, actions/setup-node and stefanzweifel/git-auto-commit-action.
Updates
actions/checkout
from 3 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
b4ffde6
Link to release page from what's new section (#1514)8530928
Correct link to GitHub Docs (#1511)7cdaf2f
Update CODEOWNERS to Launch team (#1510)8ade135
Prepare 4.1.0 release (#1496)c533a0a
Add support for partial checkout filters (#1396)72f2cec
Update README.md for V4 (#1452)3df4ab1
Release 4.0.0 (#1447)8b5e8b7
Support fetching without the --progress option (#1067)97a652b
Update default runtime to node20 (#1436)Updates
github/codeql-action
from 2 to 3Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
738d232
Merge pull request #2101 from github/mergeback/v3.23.2-to-main-b7bf0a3e5c9716f
Update checked-in dependenciesa2c5130
Update changelog and version after v3.23.2b7bf0a3
Merge pull request #2099 from github/update-v3.23.2-61bf025779a9b0e4
Add a README section about supported versions33e354b
Changelog: Add missing PR linkUpdates
actions/setup-node
from 3 to 4Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
60edb5d
Add support for arm64 Windows (#927)d86ebcd
Add support forvolta.extends
(#921)b39b52d
Fix node-version-file interprets entire package.json as a version (#865)7247617
Addpackage.json
tonode-version-file
list of examples. (#879)f3ec4ca
Fix README.md (#898)ec97f37
Add fix for cache (#917)5ef044f
Update reusable workflows to use Node.js v20 (#889)c45882a
update to setup-node@v4 in docs (#884)ee36e8b
Ignore engines check in Yarn 1 e2e-cache tests (#882)8f152de
Update actions/checkout for documentation and yaml (#876)Updates
stefanzweifel/git-auto-commit-action
from 4 to 5Release notes
Sourced from stefanzweifel/git-auto-commit-action's releases.
... (truncated)
Changelog
Sourced from stefanzweifel/git-auto-commit-action's changelog.
Commits
8756aa0
Update node version to node20 (#300)17a44b0
Merge branch 'master' of github.com:stefanzweifel/git-auto-commit-action43818d5
Fix Typo1094465
Use actions/checkout v4 in examples3d1b5e0
Bump actions/checkout from 3 to 4 (#302)47a8ad5
Bump bats from 1.9.0 to 1.10.0 (#293)77a7b3f
Bump github/super-linter from 4 to 5 (#289)9cc0a1f
Seems like there is an extra space (#288)0b5f8a5
Update Test3a446b7
Merge branch 'master' of github.com:stefanzweifel/git-auto-commit-actionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show