Skip to content
This repository was archived by the owner on Feb 25, 2025. It is now read-only.

Bump github/codeql-action from 2.3.3 to 2.3.5#42394

Merged
auto-submit[bot] merged 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-2.3.5
May 29, 2023
Merged

Bump github/codeql-action from 2.3.3 to 2.3.5#42394
auto-submit[bot] merged 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-2.3.5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 29, 2023

Bumps github/codeql-action from 2.3.3 to 2.3.5.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.3.5 - 25 May 2023

  • Allow invalid URIs to be used as values to artifactLocation.uri properties. This reverses a change from #1668 that inadvertently led to stricter validation of some URI values. #1705
  • Gracefully handle invalid URIs when fingerprinting. #1694

2.3.4 - 24 May 2023

  • Updated the SARIF 2.1.0 JSON schema file to the latest from oasis-tcs/sarif-spec. #1668
  • We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. #1676
  • We are improving the way that CodeQL bundles are tagged to make it possible to easily identify bundles by their CodeQL semantic version. #1682
    • As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example codeql-bundle-v2.13.4, instead of timestamps, like codeql-bundle-20230615.
    • This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.
    • Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a codeql-bundle-yyyymmdd pattern, you should update it to also recognize codeql-bundle-vx.y.z tags.
  • Remove the requirement for on.push and on.pull_request to trigger on the same branches. #1675

2.3.3 - 04 May 2023

  • Update default CodeQL bundle version to 2.13.1. #1664
  • You can now configure CodeQL within your code scanning workflow by passing a config input to the init Action. See Using a custom configuration file for more information about configuring code scanning. #1590

2.3.2 - 27 Apr 2023

No user facing changes.

2.3.1 - 26 Apr 2023

No user facing changes.

2.3.0 - 21 Apr 2023

  • Update default CodeQL bundle version to 2.13.0. #1649
  • Bump the minimum CodeQL bundle version to 2.8.5. #1618

2.2.12 - 13 Apr 2023

  • Include the value of the GITHUB_RUN_ATTEMPT environment variable in the telemetry sent to GitHub. #1640
  • Improve the ease of debugging failed runs configured using default setup. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the tool status page. #1619

2.2.11 - 06 Apr 2023

No user facing changes.

2.2.10 - 05 Apr 2023

... (truncated)

Commits
  • 0225834 Merge pull request #1706 from github/update-v2.3.5-d3314cca2
  • 15f9b00 Apply suggestions from code review
  • ff82fd0 Update changelog for v2.3.5
  • d3314cc Merge pull request #1705 from github/aeisenberg/location-uri-schema-fix
  • 42add7b Update changelog
  • 9c5706e Avoid throwing validation error on invalid URIs
  • 3912995 Merge pull request #1704 from github/henrymercer/contributions-updates
  • 8d7f61b Update npm version
  • 50bc388 Update Node version
  • 4a409ac Link to CONTRIBUTING doc from README
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/codeql-action from 2.3.3 to 2.3.5
dc7c872 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@29b1f65...0225834)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the autosubmit Merge PR when tree becomes green via auto submit App label May 29, 2023
@auto-submit auto-submit bot merged commit 91bc423 into main May 29, 2023
@auto-submit auto-submit bot deleted the dependabot/github_actions/github/codeql-action-2.3.5 branch May 29, 2023 09:38
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request May 29, 2023
Merged
engine-flutter-autoroll added a commit to engine-flutter-autoroll/flutter that referenced this pull request May 29, 2023
@engine-flutter-autoroll
91bc423 Bump github/codeql-action from 2.3.3 to 2.3.5 (flutter/engine…
77fbb65 
…#42394)
auto-submit bot pushed a commit to flutter/flutter that referenced this pull request May 29, 2023
@engine-flutter-autoroll
Roll Flutter Engine from de6b255 to 91bc423 (3 revisions) (#127790)
87bc219 
flutter/engine@de6b255...91bc423

2023-05-29 49699333+dependabot[bot]@users.noreply.github.com Bump github/codeql-action from 2.3.3 to 2.3.5 (flutter/engine#42394)
2023-05-29 49699333+dependabot[bot]@users.noreply.github.com Bump actions/setup-python from 4.6.0 to 4.6.1 (flutter/engine#42395)
2023-05-29 [email protected] Roll Skia from 3b86de3c85d0 to 19af8f052d64 (1 revision) (flutter/engine#42393)

If this roll has caused a breakage, revert this CL and stop the roller
using the controls here:
https://autoroll.skia.org/r/flutter-engine-flutter-autoroll
Please CC [email protected],[email protected],[email protected] on the revert to ensure that a human
is aware of the problem.

To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose

To report a problem with the AutoRoller itself, please file a bug:
https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@fluttergithubbot fluttergithubbot fluttergithubbot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

autosubmit Merge PR when tree becomes green via auto submit App

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fluttergithubbot