Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update github/codeql-action action to v3.26.8 #106

Merged
merged 1 commit into from
Sep 26, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 26, 2024

This PR contains the following updates:

Package Type Update Change Pending
github/codeql-action action patch v3.26.7 -> v3.26.8 v3.26.9

Release Notes

github/codeql-action (github/codeql-action)

v3.26.8

Compare Source


Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from mherrmann and a team as code owners September 26, 2024 04:05
Copy link

[puLL-Merge] - github/codeql-action@v3.26.7..v3.26.8

Description

This PR updates the CodeQL Action to version 3.26.8, which includes several improvements and bug fixes. The main changes are updating the default CodeQL bundle version to 2.19.0, refactoring debug artifact handling, and improving error messaging.

Changes

Changes

  1. .github/workflows/update-release-branch.yml:

    • Modified the checkout step to use the generated GitHub App token for authentication.
  2. CHANGELOG.md:

    • Added entry for version 3.26.8, noting the update to CodeQL bundle version 2.19.0.
  3. analyze/action.yml:

    • Updated the description for the token input to clarify that it should be the built-in GitHub Actions token.
  4. lib/analyze-action-post-helper.js and lib/analyze-action-post-helper.test.js:

    • Removed these files as part of the refactoring of debug artifact handling.
  5. lib/analyze-action-post.js:

    • Refactored to use the new debug artifact upload logic.
  6. lib/analyze-action.js:

    • Added export of SARIF results output directory as an environment variable.
    • Updated error handling to use getErrorMessage instead of wrapError.
  7. lib/debug-artifacts.js:

    • Significantly refactored to improve debug artifact handling and upload process.
  8. lib/defaults.json:

    • Updated CodeQL bundle and CLI versions to 2.19.0.
  9. lib/environment.js:

    • Added a new environment variable for SARIF results output directory.
  10. lib/init-action-post-helper.js:

    • Updated to use the new debug artifact upload logic.
  11. lib/logging.js:

    • Added a new withGroup function for grouping log output.
  12. lib/upload-lib.js:

    • Improved handling of invalid URIs in SARIF files.
  13. lib/upload-sarif-action-post-helper.js:

    • Removed this file as part of the refactoring.
  14. lib/upload-sarif-action-post.js:

    • Updated to use the new debug artifact upload logic.
  15. lib/util.js:

    • Modified getErrorMessage function to return only the message for Error objects.
  16. Various other files:

    • Updated error handling to use getErrorMessage instead of wrapError.
    • Removed references to deleted files and updated imports.

Possible Issues

  • The removal of lib/analyze-action-post-helper.js and lib/upload-sarif-action-post-helper.js might affect any custom workflows or scripts that directly referenced these files.

Security Hotspots

No significant security issues were identified in this change.

@mihaiplesa mihaiplesa merged commit 6ddfbb6 into main Sep 26, 2024
4 checks passed
@mihaiplesa mihaiplesa deleted the renovate/github-codeql-action-3.x branch September 26, 2024 04:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant