Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281
Commits
b7cec75 Merge pull request #2287 from github/update-v3.25.5-4a5197247
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions-dependencies group with 2 updates: github/codeql-action and codecov/codecov-action.
Updates
github/codeql-actionfrom 3.25.4 to 3.25.5Changelog
Sourced from github/codeql-action's changelog.
Commits
b7cec75Merge pull request #2287 from github/update-v3.25.5-4a51972476778fe4Update changelog for v3.25.54a51972Merge pull request #2280 from github/henrymercer/on-demand-ffsa8c32fdMerge pull request #2283 from github/henrymercer/disable-fail-fastf73b0b7Disable fail fast for non-generated workflowsc59e052Disable fail fast in generated workflows33e416cComment thatlegacyApiis false by default67f8a36Merge branch 'main' into henrymercer/on-demand-ffs4995c49Merge pull request #2282 from github/henrymercer/no-build-mode-tracing-improv...def4d2cMerge pull request #2273 from github/aeisenberg/specify-versionsUpdates
codecov/codecov-actionfrom 4.3.1 to 4.4.0Release notes
Sourced from codecov/codecov-action's releases.
Commits
6d79887chore(release): 4.4.0 (#1430)37364fabuild(deps-dev): bump@typescript-eslint/parserfrom 7.8.0 to 7.9.0 (#1428)2791a5cfix: remove GPG and run on spawn (#1426)b71af43build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1420)29f97fcbuild(deps): bump github/codeql-action from 3.25.3 to 3.25.4 (#1421)645d2a5build(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1423)f691d46chore: Clarify isPullRequestFromFork (#1411)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show