Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

chore(deps): Bump github/codeql-action from 2.2.8 to 2.2.9 #686

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2023

Bumps github/codeql-action from 2.2.8 to 2.2.9.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.2.9 - 27 Mar 2023

  • Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
    • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
    • The upload input to the analyze Action now accepts the following values:
      • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
      • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
      • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
      • The legacy true and false options will be interpreted as always and failure-only respectively.

2.2.8 - 22 Mar 2023

  • Update default CodeQL bundle version to 2.12.5. #1585

2.2.7 - 15 Mar 2023

No user facing changes.

2.2.6 - 10 Mar 2023

  • Update default CodeQL bundle version to 2.12.4. #1561

2.2.5 - 24 Feb 2023

  • Update default CodeQL bundle version to 2.12.3. #1543

2.2.4 - 10 Feb 2023

No user facing changes.

2.2.3 - 08 Feb 2023

  • Update default CodeQL bundle version to 2.12.2. #1518

2.2.2 - 06 Feb 2023

2.2.1 - 27 Jan 2023

No user facing changes.

2.2.0 - 26 Jan 2023

... (truncated)

Commits
  • 04df126 Merge pull request #1608 from github/update-v2.2.9-fb32c3fef
  • f0988cb Move changelog note to correct section
  • fef20d6 Update changelog for v2.2.9
  • fb32c3f Merge pull request #1605 from github/henrymercer/diagnostics-grouping-workaround
  • 329c022 Just check the number of locations
  • c8935d5 Remove duplicate locations from failed run SARIF
  • ade432f Remove duplicate locations from output of database interpret-results
  • 6f852ee Implement removing duplicate locations from a SARIF file
  • 097ab46 Speed up checks a bit by just running the standard suite
  • befd804 Extend diagnostics export integration test to capture location bug
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@67a35a0...04df126)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 27, 2023
@hectorj2f hectorj2f enabled auto-merge March 27, 2023 18:04
@hectorj2f hectorj2f merged commit 1b6bf92 into main Mar 29, 2023
@hectorj2f hectorj2f deleted the dependabot/github_actions/github/codeql-action-2.2.9 branch March 29, 2023 12:35
@github-actions github-actions bot added this to the v1 milestone Mar 29, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant