XS✔ ◾ Bump github/codeql-action from 3.22.12 to 3.23.2 (#457) · microsoft/PR-Metrics@a0f632c

Commit

XS✔ ◾ Bump github/codeql-action from 3.22.12 to 3.23.2 (#457)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.22.12 to 3.23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code>
option now respects the CPU count as specified in <code>cgroup</code>
files to more accurately reflect the number of available cores when
running in containers. <a
href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days.
Previously, this was whatever the repository default was. <a
href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable
Python dependency installation by default for all users. This improves
the speed of analysis while having only a very minor impact on results.
You can override this behavior by setting
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code>
in your workflow, however we plan to remove this ability in future
versions of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For
more information, see <a
href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the
corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a
href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5
and earlier. These versions of CodeQL were discontinued on 8 November
2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by
CodeQL Action v2.23.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.11.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.10.5 and 2.11.5, you can replace
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.22.7</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b7bf0a3ed3ecfa44160715d7c442788f65f0f923"><code>b7bf0a3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2099">#2099</a>
from github/update-v3.23.2-61bf02577</li>
<li><a
href="https://github.com/github/codeql-action/commit/33e354b34bc9d95d28ae4f055fa1faeb59e59ae5"><code>33e354b</code></a>
Changelog: Add missing PR link</li>
<li><a
href="https://github.com/github/codeql-action/commit/f4cfe8904c929c35f9612da0c754f121a3422d7e"><code>f4cfe89</code></a>
Update changelog for v3.23.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/61bf02577c801b30a708abc6f2164763e4e1d0cd"><code>61bf025</code></a>
Send overall job status in init-post status report (<a
href="https://redirect.github.com/github/codeql-action/issues/2097">#2097</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/16150320c5db0d4942ea2bd4974fc365d6324737"><code>1615032</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2096">#2096</a>
from github/update-bundle/codeql-bundle-v2.16.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/bd67d8d6b2096e4b46db15ed108e563c4447d608"><code>bd67d8d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2098">#2098</a>
from github/henrymercer/update-internal-queries</li>
<li><a
href="https://github.com/github/codeql-action/commit/a2619f68c8432b9a500ecc7aafd4816667379bed"><code>a2619f6</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href="https://github.com/github/codeql-action/commit/666e2f9edfd29789e9f46f2cce092d18622dcb74"><code>666e2f9</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href="https://github.com/github/codeql-action/commit/d43ae36a631248dea35da2f8da5e28687255da31"><code>d43ae36</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/75af1f5948eef4f82d80db69296c55a9bc5ba26e"><code>75af1f5</code></a>
Update default bundle to codeql-bundle-v2.16.1</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...b7bf0a3ed3ecfa44160715d7c442788f65f0f923">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.22.12&new-version=3.23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muiris Woulfe <mwoulfe@microsoft.com>

Loading branch information

dependabot[bot] and muiriswoulfe committed Feb 1, 2024

1 parent ec0e791 commit a0f632c

.github/workflows/build.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -207,26 +207,6 @@ jobs:
  
              schema: .markdownlint.schema.json

              strict: false

          - name: Validate package.json – Download package.schema.json

            shell: pwsh

            run: Invoke-WebRequest -Uri 'https://json.schemastore.org/package.json' -OutFile 'package.schema.json'

          - name: Validate package.json – Update package.schema.json

            shell: pwsh

            run: |-

              $FileContent = Get-Content -Path 'package.schema.json' -Raw

              $FileContent = $FileContent -replace ',\s+".+": {\s+"\$ref": "https:\/\/json\.schemastore\.org\/.+\s+}', ''

              $FileContent = $FileContent -replace 'http://json-schema.org/draft-07/schema#', 'http://json-schema.org/draft-04/schema#'

              Set-Content -NoNewline -Path 'package.schema.json' -Value $FileContent

          - name: Validate package.json

            uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b  # v1.1.0

            with:

              files: package.json

              print-valid-files: true

              strict: false

              schema: package.schema.json

          - name: Validate devcontainer.json – Download devcontainer.schema.json

            shell: pwsh

            run: Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/microsoft/vscode/main/extensions/configuration-editing/schemas/devContainer.codespaces.schema.json' -OutFile 'devcontainer.schema.json'

    @@ -333,13 +313,13 @@ jobs:
  
            uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1

          - name: Initialize

            uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4  # v3.22.12

            uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923  # v3.23.2

            with:

              config-file: .github/linters/codeql.yml

              queries: security-and-quality

          - name: Analyze

            uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4  # v3.22.12

            uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923  # v3.23.2

      validate-linter:

        name: Validate – Linter

0 comments on commit `a0f632c`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `a0f632c`

Commit

There are no files selected for viewing

0 comments on commit a0f632c

0 comments on commit `a0f632c`