Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update github/codeql-action action to v3.27.0 #999

Merged
merged 1 commit into from
Oct 28, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 23, 2024

This PR contains the following updates:

Package Type Update Change
github/codeql-action action minor v3.26.12 -> v3.27.0

Release Notes

github/codeql-action (github/codeql-action)

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

v3.26.13

Compare Source


Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link
Contributor

[puLL-Merge] - github/codeql-action@v3.26.12..v3.26.13

Description

This PR introduces several changes to the CodeQL action, including updates to the zstd bundle functionality, artifact handling, Python standard library extraction, and various dependency updates.

Changes

Changes

  1. .github/workflows/__zstd-bundle-fallback.yml:

    • Removed Windows from the list of operating systems for the zstd bundle fallback workflow.
  2. .github/workflows/__zstd-bundle.yml:

    • Modified the zstd bundle check to use .tar.gz for Windows and .tar.zst for other operating systems.
    • Reordered the operating systems list.
  3. .github/workflows/debug-artifacts-failure.yml, .github/workflows/debug-artifacts.yml:

    • Updated to use actions/download-artifact@v4.
    • Added CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true environment variable.
  4. .github/workflows/debug-artifacts-upgrade.yml renamed to debug-artifacts-legacy.yml:

    • Changed to use actions/download-artifact@v3.
    • Set CODEQL_ACTION_ARTIFACT_V4_UPGRADE: false.
  5. CHANGELOG.md:

    • Added entry for version 3.26.13 with no user-facing changes.
  6. lib/feature-flags.js, src/feature-flags.ts:

    • Added new feature flag CodeqlActionPythonDefaultIsToNotExtractStdlib.
  7. lib/init-action.js, src/init-action.ts:

    • Added logic to handle the new Python standard library extraction feature flag.
  8. lib/setup-codeql.js, src/setup-codeql.ts:

    • Modified useZstdBundle function to not use zstd on Windows.
  9. lib/tools-features.js, src/tools-features.ts:

    • Added new tools feature PythonDefaultIsToNotExtractStdlib.
  10. Various package.json and node_modules updates:

    • Updated several dependencies, including TypeScript-related packages and ESLint plugins.

Possible Issues

  • The change in zstd bundle behavior for Windows might affect performance or functionality for Windows users.
  • The new Python standard library extraction feature flag might change the behavior of Python analysis for some users.

Security Hotspots

None identified. The changes appear to be focused on performance improvements and feature additions without introducing obvious security risks.

@renovate renovate bot force-pushed the renovate/github-codeql-action-3.x branch from 9c1e62b to 62c81e2 Compare October 23, 2024 04:04
@renovate renovate bot force-pushed the renovate/github-codeql-action-3.x branch from 62c81e2 to 218428e Compare October 26, 2024 16:34
@renovate renovate bot changed the title chore(deps): update github/codeql-action action to v3.26.13 chore(deps): update github/codeql-action action to v3.27.0 Oct 26, 2024
@mihaiplesa mihaiplesa merged commit 8d3bdf7 into master Oct 28, 2024
9 checks passed
@mihaiplesa mihaiplesa deleted the renovate/github-codeql-action-3.x branch October 28, 2024 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant