Bump the github-actions group with 5 updates

[dependabot]

Bumps the github-actions group with 5 updates:

Package	Update
actions/checkout	3.3.0 to 3.5.3
github/codeql-action	2.2.5 to 2.20.3
actions/setup-go	3.5.0 to 4.0.1
golangci/golangci-lint-action	3.4.0 to 3.6.0
codecov/codecov-action	3.1.1 to 3.1.4

Updates actions/checkout from 3.3.0 to 3.5.3

Release notes

Sourced from actions/checkout's releases.

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246
• @​fhammerl made their first contribution in actions/checkout#1284

Full Changelog: actions/checkout@v3.5.0...v3.5.1

v3.5.0

What's Changed

• Add new public key for known_hosts by @​cdb in actions/checkout#1237

New Contributors

• @​cdb made their first contribution in actions/checkout#1237

Full Changelog: actions/checkout@v3.4.0...v3.5.0

v3.4.0

What's Changed

• Upgrade codeql actions to v2 by @​Link- in actions/checkout#1209
• Upgrade dependencies by @​Link- in actions/checkout#1210
• Backfill changelog and bump actions/io by @​cory-miller in actions/checkout#1225

New Contributors

• @​Link- made their first contribution in actions/checkout#1209

Full Changelog: actions/checkout@v3.3.0...v3.4.0

Changelog

Sourced from actions/checkout's changelog.

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

Commits

• c85c95e Release v3.5.3 (#1376)
• d106d46 Add support for sparse checkouts (#1369)
• f095bcc Fix typos found by codespell (#1287)
• 47fbe2d Fix: Checkout fail in self-hosted runners when faulty submodule are checked-i...
• 8e5e7e5 Release v3.5.2 (#1291)
• eb35239 Fix: convert baseUrl to serverApiUrl 'formatted' (#1289)
• 83b7061 Release v3.5.1 (#1284)
• 40a16eb Improve checkout performance on Windows runners by upgrading @​actions/github ...
• 8f4b7f8 Add new public key for known_hosts (#1237)
• cd6a9fd Update update-main-version.yml
• Additional commits viewable in compare view

Updates github/codeql-action from 2.2.5 to 2.20.3

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle

Bundles CodeQL CLI v2.13.5

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.13.5:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.13.4

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.13.4:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle v2.6.0-beta.1

Bundles CodeQL CLI v2.6.0-beta.1

⚠️ This is a beta release containing a new CodeQL packaging feature. It may not be compatible with existing workflows.

This release contains beta support for CodeQL packs. Please read the documentation below for more information:

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

2.20.3 - 06 Jul 2023

• Update default CodeQL bundle version to 2.13.5. #1743

2.20.2 - 03 Jul 2023

No user facing changes.

2.20.1 - 21 Jun 2023

• Update default CodeQL bundle version to 2.13.4. #1721
• Experimental: add a new resolve-environment action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.

2.20.0 - 13 Jun 2023

• Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to cdcdbb5, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in #1729

2.3.6 - 01 Jun 2023

• Update default CodeQL bundle version to 2.13.3. #1698

2.3.5 - 25 May 2023

• Allow invalid URIs to be used as values to artifactLocation.uri properties. This reverses a change from #1668 that inadvertently led to stricter validation of some URI values. #1705
• Gracefully handle invalid URIs when fingerprinting. #1694

2.3.4 - 24 May 2023

• Updated the SARIF 2.1.0 JSON schema file to the latest from oasis-tcs/sarif-spec. #1668
• We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. #1676
• We are improving the way that CodeQL bundles are tagged to make it possible to easily identify bundles by their CodeQL semantic version. #1682
  • As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example codeql-bundle-v2.13.4, instead of timestamps, like codeql-bundle-20230615.
  • This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.
  • Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a codeql-bundle-yyyymmdd pattern, you should update it to also recognize codeql-bundle-vx.y.z tags.
• Remove the requirement for on.push and on.pull_request to trigger on the same branches. #1675

2.3.3 - 04 May 2023

• Update default CodeQL bundle version to 2.13.1. #1664
• You can now configure CodeQL within your code scanning workflow by passing a config input to the init Action. See Using a custom configuration file for more information about configuring code scanning. #1590

2.3.2 - 27 Apr 2023

No user facing changes.

2.3.1 - 26 Apr 2023

No user facing changes.

2.3.0 - 21 Apr 2023

... (truncated)

Commits

• 46ed16d Merge pull request #1754 from github/update-v2.20.3-a2d725ddd
• d0206e8 Update changelog for v2.20.3
• a2d725d Merge pull request #1753 from github/henrymercer/new-analysis-summary
• bbefc2b Merge branch 'main' into henrymercer/new-analysis-summary
• 8c2e08d Merge pull request #1752 from github/henrymercer/export-config-by-default
• 0c1d7ef Add support for new analysis summaries
• 56beae8 Remove feature flag for exporting the code scanning configuration flag
• a42c0ca Merge pull request #1743 from github/update-bundle/codeql-bundle-v2.13.5
• e960e48 Telemetry: send event report times as ISO strings (#1751)
• bcb460d Merge pull request #1747 from github/mergeback/v2.20.2-to-main-004c5de3
• Additional commits viewable in compare view

Updates actions/setup-go from 3.5.0 to 4.0.1

Release notes

Sourced from actions/setup-go's releases.

v4.0.1

What's Changed

• Update documentation for v4 by @​dsame in actions/setup-go#354
• Fix glob bug in the package.json scripts section by @​IvanZosimov in actions/setup-go#359
• Bump xml2js dependency by @​dmitry-shibanov in actions/setup-go#370
• Bump @actions/cache dependency to v3.2.1 by @​nikolai-laevskii in actions/setup-go#374

New Contributors

• @​nikolai-laevskii made their first contribution in actions/setup-go#374

Full Changelog: actions/setup-go@v4...v4.0.1

v4.0.0

In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying cache: false.

steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v4
    with:
      go-version: ‘1.19’
  - run: go run hello.go

Besides, we introduce such changes as

• Allow to use only GOCACHE for cache
• Bump json5 from 2.2.1 to 2.2.3
• Use proper version for primary key in cache
• Always add Go bin to the PATH
• Add step warning if go-version input is empty

Commits

• fac708d Bump @​actions/cache dependency to v3.2.1 (#374)
• dd84a95 Update xml2js (#370)
• 41c2024 Fix glob bug in package.json scripts section (#359)
• 8dbf352 update README fo v4 (#354)
• 4d34df0 Update configuration files (#348)
• fdc0d67 Add Go bin if go-version input is empty (#351)
• ebfdf6a add warning if go-version is empty (#350)
• b27d769 fix lockfileVersion (#349)
• c51a720 Enable caching by default with default input (#332)
• 6b848af Merge pull request #343 from akv-platform/reusable-workflow
• Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 3.4.0 to 3.6.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v3.6.0

What's Changed

• docs: fix example by @​yuki0920 in golangci/golangci-lint-action#762
• doc: Add custom configuration file path to args by @​Aisuko in golangci/golangci-lint-action#767
• feat: add install-mode by @​ldez in golangci/golangci-lint-action#768
• feat: support out-format as args by @​jrehwaldt in golangci/golangci-lint-action#769
• fix: out-format by @​ldez in golangci/golangci-lint-action#770

New Contributors

• @​yuki0920 made their first contribution in golangci/golangci-lint-action#762
• @​Aisuko made their first contribution in golangci/golangci-lint-action#767
• @​ldez made their first contribution in golangci/golangci-lint-action#768
• @​jrehwaldt made their first contribution in golangci/golangci-lint-action#769

Full Changelog: golangci/golangci-lint-action@v3.5.0...v3.6.0

v3.5.0

What's Changed

• doc: add quote around go version by @​vaughany in golangci/golangci-lint-action#670
• docs/build: update to setup-go@v4 by @​caarlos0 in golangci/golangci-lint-action#704
• fix invalid docs about cache key by @​hori-ryota in golangci/golangci-lint-action#695

New Contributors

• @​vaughany made their first contribution in golangci/golangci-lint-action#670
• @​caarlos0 made their first contribution in golangci/golangci-lint-action#704
• @​hori-ryota made their first contribution in golangci/golangci-lint-action#695

Full Changelog: golangci/golangci-lint-action@v3.4.0...v3.5.0

Commits

• 639cd34 tests: increase timeout
• 569abaa fix: out-format (#770)
• c57cc43 build(deps-dev): bump typescript from 5.0.4 to 5.1.3 (#764)
• 322510a feat: support out-format as args (#769)
• 185e7a2 feat: add install-mode (#768)
• 5be60c7 docs: improve args examples
• 825a50d chore: update workflow and doc
• 8c13ec4 doc: Add custom configuration file path to args (#767)
• 416b5d0 build(deps-dev): bump @​typescript-eslint/parser from 5.59.7 to 5.59.8 (#765)
• 66a6080 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.59.7 to 5.59.8 ...
• Additional commits viewable in compare view

Updates codecov/codecov-action from 3.1.1 to 3.1.4

Release notes

Sourced from codecov/codecov-action's releases.

3.1.4

What's Changed

• build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3 by @​dependabot in codecov/codecov-action#970
• Fix typo in README.md by @​hisaac in codecov/codecov-action#967
• fix: add back in working dir by @​thomasrockhu-codecov in codecov/codecov-action#971
• fix: CLI option names for uploader by @​kleisauke in codecov/codecov-action#969
• build(deps-dev): bump @​types/node from 18.16.3 to 20.1.0 by @​dependabot in codecov/codecov-action#975
• build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2 by @​dependabot in codecov/codecov-action#979
• build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4 by @​dependabot in codecov/codecov-action#981
• release: 3.1.4 by @​thomasrockhu-codecov in codecov/codecov-action#983

New Contributors

• @​hisaac made their first contribution in codecov/codecov-action#967
• @​kleisauke made their first contribution in codecov/codecov-action#969

Full Changelog: codecov/codecov-action@v3.1.3...v3.1.4

3.1.3

What's Changed

• build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 by @​dependabot in codecov/codecov-action#957
• build(deps): bump openpgp from 5.7.0 to 5.8.0 by @​dependabot in codecov/codecov-action#958
• build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12 by @​dependabot in codecov/codecov-action#959
• fix: allow for aarch64 build by @​thomasrockhu-codecov in codecov/codecov-action#960
• chore(release): bump to 3.1.3 by @​thomasrockhu-codecov in codecov/codecov-action#961

Full Changelog: codecov/codecov-action@v3.1.2...v3.1.3

3.1.2

What's Changed

• build(deps): bump node-fetch from 3.2.4 to 3.2.10 by @​dependabot in codecov/codecov-action#835
• build(deps-dev): bump @​types/node from 16.11.40 to 18.13.0 by @​dependabot in codecov/codecov-action#911
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.1 by @​dependabot in codecov/codecov-action#900
• build(deps-dev): bump typescript from 4.7.4 to 4.9.5 by @​dependabot in codecov/codecov-action#905
• Update README.md by @​stefanomunarini in codecov/codecov-action#718
• build(deps): bump openpgp from 5.4.0 to 5.5.0 by @​dependabot in codecov/codecov-action#819
• build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4 by @​dependabot in codecov/codecov-action#840
• build(deps): bump @​actions/core from 1.9.1 to 1.10.0 by @​dependabot in codecov/codecov-action#841
• build(deps): bump @​actions/github from 5.0.3 to 5.1.1 by @​dependabot in codecov/codecov-action#843
• build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @​dependabot in codecov/codecov-action#896
• build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0 by @​dependabot in codecov/codecov-action#872
• build(deps): bump node-fetch from 3.2.10 to 3.3.0 by @​dependabot in codecov/codecov-action#869
• build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 by @​dependabot in codecov/codecov-action#879
• build(deps): bump json5 from 2.2.1 to 2.2.3 by @​dependabot in codecov/codecov-action#895
• codeql-analysis.yml by @​minumulasri in codecov/codecov-action#898
• build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2 by @​dependabot in codecov/codecov-action#889
• build(deps-dev): bump @​types/node from 18.13.0 to 18.14.0 by @​dependabot in codecov/codecov-action#922
• build(deps): bump openpgp from 5.5.0 to 5.7.0 by @​dependabot in codecov/codecov-action#924
• build(deps-dev): bump @​types/node from 18.14.0 to 18.14.2 by @​dependabot in codecov/codecov-action#927
• Remove unsupported path_to_write_report argument by @​jsoref in codecov/codecov-action#851

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.4

Fixes

• #967 Fix typo in README.md
• #971 fix: add back in working dir
• #969 fix: CLI option names for uploader

Dependencies

• #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
• #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
• #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

• #960 fix: allow for aarch64 build

Dependencies

• #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
• #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
• #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

• #718 Update README.md
• #851 Remove unsupported path_to_write_report argument
• #898 codeql-analysis.yml
• #901 Update README to contain correct information - inputs and negate feature
• #955 fix: add in all the extra arguments for uploader

Dependencies

• #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
• #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
• #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
• #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
• #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
• #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
• #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
• #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
• #895 build(deps): bump json5 from 2.2.1 to 2.2.3
• #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
• #900 build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.1
• #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
• #911 build(deps-dev): bump @​types/node from 16.11.40 to 18.13.0
• #922 build(deps-dev): bump @​types/node from 18.13.0 to 18.14.0
• #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
• #927 build(deps-dev): bump @​types/node from 18.14.0 to 18.14.2
• #933 build(deps-dev): bump @​types/node from 18.14.2 to 18.14.6
• #937 build(deps-dev): bump @​types/node from 18.14.6 to 18.15.0
• #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
• #945 build(deps-dev): bump @​types/node from 18.15.0 to 18.15.5

... (truncated)

Commits

• eaaf4be release: 3.1.4 (#983)
• c2ab9ab build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4 (#981)
• 49c20db build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2 (#979)
• cf8e3e4 build(deps-dev): bump @​types/node from 18.16.3 to 20.1.0 (#975)
• 1c34415 fix: CLI option names for uploader (#969)
• b4dfea7 fix: add back in working dir (#971)
• 5bf2504 Fix typo in README.md (#967)
• 1dd0ce3 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3 (#970)
• 894ff02 chore(release): bump to 3.1.3 (#961)
• f539f97 fix: allow for aarch64 build (#960)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

[dependabot]

Superseded by #414.