{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":102692863,"defaultBranch":"main","name":"onnx","ownerLogin":"onnx","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2017-09-07T04:53:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/31675368?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717270661.0","currentOid":""},"activityList":{"items":[{"before":"ec296fd1f470e21fd17c8f809c03e1d57ae9c217","after":null,"ref":"refs/heads/dependabot/github_actions/ossf/scorecard-action-2.3.3","pushedAt":"2024-06-01T19:37:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"justinchuby","name":"Justin Chu","path":"/justinchuby","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11205048?s=80&v=4"}},{"before":"149a926bb36b7762b6d1d628d66dd85f9242e1b3","after":null,"ref":"refs/heads/gh-readonly-queue/main/pr-6154-c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","pushedAt":"2024-06-01T19:37:40.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"}},{"before":"c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","after":"149a926bb36b7762b6d1d628d66dd85f9242e1b3","ref":"refs/heads/main","pushedAt":"2024-06-01T19:37:39.000Z","pushType":"merge_queue_merge","commitsCount":1,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#6154)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)\nfrom 2.3.1 to 2.3.3.\n
\nRelease notes\n

Sourced from ossf/scorecard-action's\nreleases.

\n
\n

v2.3.3

\n
\n

[!NOTE]
\nThere is no v2.3.2 release as a step was skipped in the release process.\nThis was fixed and re-released under the v2.3.3 tag

\n
\n

What's Changed

\n\n

For a full changelist of what these include, see the v5.0.0-rc1\nand v5.0.0-rc2\nrelease notes.

\n

Documentation

\n\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

\n
\n
\n
\nCommits\n\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#6154)"}},{"before":null,"after":"149a926bb36b7762b6d1d628d66dd85f9242e1b3","ref":"refs/heads/gh-readonly-queue/main/pr-6154-c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","pushedAt":"2024-06-01T19:21:18.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#6154)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)\nfrom 2.3.1 to 2.3.3.\n
\nRelease notes\n

Sourced from ossf/scorecard-action's\nreleases.

\n
\n

v2.3.3

\n
\n

[!NOTE]
\nThere is no v2.3.2 release as a step was skipped in the release process.\nThis was fixed and re-released under the v2.3.3 tag

\n
\n

What's Changed

\n
    \n
  • :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock\nin ossf/scorecard-action#1366
    • \n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\nv5.0.0-rc2 by @​spencerschrock\nin ossf/scorecard-action#1374
    • \n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\nv5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock\nin ossf/scorecard-action#1377
    • \n
\n

For a full changelist of what these include, see the v5.0.0-rc1\nand v5.0.0-rc2\nrelease notes.

\n

Documentation

\n
    \n
  • :book: Move token discussion out of main README. by @​spencerschrock\nin ossf/scorecard-action#1279
    • \n
  • :book: link to ossf/scorecard workflow instead of\nmaintaining an example by @​spencerschrock\nin ossf/scorecard-action#1352
    • \n
  • :book: update api links to new scorecard.dev site by @​spencerschrock\nin ossf/scorecard-action#1376
    • \n
\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

\n
\n
\n
\nCommits\n\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#6154)"}},{"before":"1f6435b4507f8e4b64389066b07a143812a628f6","after":null,"ref":"refs/heads/dependabot/pip/clang-format-18.1.5","pushedAt":"2024-06-01T19:20:51.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"03ff75348b47d143e95fc35f45636f4fd16d099c","after":"7fd98134a3d6cbb886483d20f6260ce4299ef10d","ref":"refs/heads/dependabot/pip/ruff-0.4.7","pushedAt":"2024-06-01T19:19:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"justinchuby","name":"Justin Chu","path":"/justinchuby","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11205048?s=80&v=4"},"commit":{"message":"Update __init__.py\n\nSigned-off-by: Justin Chu ","shortMessageHtmlLink":"Update __init__.py"}},{"before":null,"after":"03ff75348b47d143e95fc35f45636f4fd16d099c","ref":"refs/heads/dependabot/pip/ruff-0.4.7","pushedAt":"2024-06-01T16:47:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ruff from 0.4.2 to 0.4.7\n\nBumps [ruff](https://github.com/astral-sh/ruff) from 0.4.2 to 0.4.7.\n- [Release notes](https://github.com/astral-sh/ruff/releases)\n- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/astral-sh/ruff/compare/v0.4.2...v0.4.7)\n\n---\nupdated-dependencies:\n- dependency-name: ruff\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ruff from 0.4.2 to 0.4.7"}},{"before":null,"after":"1f6435b4507f8e4b64389066b07a143812a628f6","ref":"refs/heads/dependabot/pip/clang-format-18.1.5","pushedAt":"2024-06-01T16:46:51.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump clang-format from 17.0.6 to 18.1.5\n\nBumps [clang-format](https://github.com/ssciwr/clang-format-wheel) from 17.0.6 to 18.1.5.\n- [Release notes](https://github.com/ssciwr/clang-format-wheel/releases)\n- [Commits](https://github.com/ssciwr/clang-format-wheel/compare/v17.0.6...v18.1.5)\n\n---\nupdated-dependencies:\n- dependency-name: clang-format\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump clang-format from 17.0.6 to 18.1.5"}},{"before":"ba09d196064fe852fdec773607abc8f7c6fa7f1a","after":null,"ref":"refs/heads/dependabot/github_actions/github/codeql-action-3.25.7","pushedAt":"2024-06-01T16:32:56.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"justinchuby","name":"Justin Chu","path":"/justinchuby","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11205048?s=80&v=4"}},{"before":"c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","after":null,"ref":"refs/heads/gh-readonly-queue/main/pr-6156-093a8d335a66ea136eb1f16b3a1ce6237ee353ab","pushedAt":"2024-06-01T16:32:55.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"}},{"before":"093a8d335a66ea136eb1f16b3a1ce6237ee353ab","after":"c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","ref":"refs/heads/main","pushedAt":"2024-06-01T16:32:54.000Z","pushType":"merge_queue_merge","commitsCount":1,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action)\nfrom 2.13.4 to 3.25.7.\n
\nRelease notes\n

Sourced from github/codeql-action's\nreleases.

\n
\n

CodeQL Bundle v2.17.4

\n

Bundles CodeQL CLI v2.17.4

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.4:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.3

\n

Bundles CodeQL CLI v2.17.3

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.3:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.2

\n

Bundles CodeQL CLI v2.17.2

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.2:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from github/codeql-action's\nchangelog.

\n
\n

CodeQL Action Changelog

\n

See the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.

\n

Note that the only difference between v2 and\nv3 of the CodeQL Action is the node version they support,\nwith v3 running on node 20 while we continue to release\nv2 to support running on node 16. For example\n3.22.11 was the first v3 release and is\nfunctionally identical to 2.22.11. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.

\n

[UNRELEASED]

\n

No user facing changes.

\n

3.25.7 - 31 May 2024

\n
    \n
  • We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
    • \n
\n

3.25.6 - 20 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.3. #2295
    • \n
\n

3.25.5 - 13 May 2024

\n
    \n
  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
    • \n
  • Avoid printing out a warning for a missing on.push\ntrigger when the CodeQL Action is triggered via a\nworkflow_call event. #2274
    • \n
  • The tools: latest input to the init Action\nhas been renamed to tools: linked. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #2281
    • \n
\n

3.25.4 - 08 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.2. #2270
    • \n
\n

3.25.3 - 25 Apr 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.1. #2247
    • \n
  • Workflows running on macos-latest using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nas macos-12. ARM machines with SIP disabled, including the\nnewest macos-latest image, are unsupported for CLI versions\nbefore 2.15.1. #2261
    • \n
\n

3.25.2 - 22 Apr 2024

\n

No user facing changes.

\n

3.25.1 - 17 Apr 2024

\n
    \n
  • We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the autobuild build\nmode. #2235
    • \n
  • Fix a bug where the init Action would fail if\n--overwrite was specified in\nCODEQL_ACTION_EXTRA_OPTIONS. #2245
    • \n
\n

3.25.0 - 15 Apr 2024

\n
    \n
  • \n

    The deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224

    \n

    As a result, the following inputs and environment variables are now\nignored:

    \n
      \n
    • The setup-python-dependencies input to the\ninit Action
      • \n
    • The\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION\nenvironment variable
      • \n
    \n
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n
    \n
  • f079b84\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1
    • \n
  • e1a4268\nUpdate changelog for v3.25.7
    • \n
  • a095bf2\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...
    • \n
  • bbd4e19\nRevert "Update default bundle to 2.17.4"
    • \n
  • 9ab5d16\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4
    • \n
  • 028346e\nAdd changelog note
    • \n
  • 5fe0847\nUpdate default bundle to codeql-bundle-v2.17.4
    • \n
  • 9550da9\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error
    • \n
  • 6548a4d\nAdd configuration error for missing auth to package registry
    • \n
  • 7927df0\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)
    • \n
  • Additional commits viewable in compare\nview
    • \n
\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.13.4&new-version=3.25.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)"}},{"before":null,"after":"c8781325a6ce3cc65f366a12fe92ea035a0eb0ba","ref":"refs/heads/gh-readonly-queue/main/pr-6156-093a8d335a66ea136eb1f16b3a1ce6237ee353ab","pushedAt":"2024-06-01T16:16:40.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action)\nfrom 2.13.4 to 3.25.7.\n
\nRelease notes\n

Sourced from github/codeql-action's\nreleases.

\n
\n

CodeQL Bundle v2.17.4

\n

Bundles CodeQL CLI v2.17.4

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.4:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.3

\n

Bundles CodeQL CLI v2.17.3

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.3:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.2

\n

Bundles CodeQL CLI v2.17.2

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.2:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from github/codeql-action's\nchangelog.

\n
\n

CodeQL Action Changelog

\n

See the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.

\n

Note that the only difference between v2 and\nv3 of the CodeQL Action is the node version they support,\nwith v3 running on node 20 while we continue to release\nv2 to support running on node 16. For example\n3.22.11 was the first v3 release and is\nfunctionally identical to 2.22.11. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.

\n

[UNRELEASED]

\n

No user facing changes.

\n

3.25.7 - 31 May 2024

\n
    \n
  • We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
    • \n
\n

3.25.6 - 20 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.3. #2295
    • \n
\n

3.25.5 - 13 May 2024

\n
    \n
  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
    • \n
  • Avoid printing out a warning for a missing on.push\ntrigger when the CodeQL Action is triggered via a\nworkflow_call event. #2274
    • \n
  • The tools: latest input to the init Action\nhas been renamed to tools: linked. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #2281
    • \n
\n

3.25.4 - 08 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.2. #2270
    • \n
\n

3.25.3 - 25 Apr 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.1. #2247
    • \n
  • Workflows running on macos-latest using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nas macos-12. ARM machines with SIP disabled, including the\nnewest macos-latest image, are unsupported for CLI versions\nbefore 2.15.1. #2261
    • \n
\n

3.25.2 - 22 Apr 2024

\n

No user facing changes.

\n

3.25.1 - 17 Apr 2024

\n
    \n
  • We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the autobuild build\nmode. #2235
    • \n
  • Fix a bug where the init Action would fail if\n--overwrite was specified in\nCODEQL_ACTION_EXTRA_OPTIONS. #2245
    • \n
\n

3.25.0 - 15 Apr 2024

\n
    \n
  • \n

    The deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224

    \n

    As a result, the following inputs and environment variables are now\nignored:

    \n
      \n
    • The setup-python-dependencies input to the\ninit Action
      • \n
    • The\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION\nenvironment variable
      • \n
    \n
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n
    \n
  • f079b84\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1
    • \n
  • e1a4268\nUpdate changelog for v3.25.7
    • \n
  • a095bf2\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...
    • \n
  • bbd4e19\nRevert "Update default bundle to 2.17.4"
    • \n
  • 9ab5d16\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4
    • \n
  • 028346e\nAdd changelog note
    • \n
  • 5fe0847\nUpdate default bundle to codeql-bundle-v2.17.4
    • \n
  • 9550da9\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error
    • \n
  • 6548a4d\nAdd configuration error for missing auth to package registry
    • \n
  • 7927df0\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)
    • \n
  • Additional commits viewable in compare\nview
    • \n
\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.13.4&new-version=3.25.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)"}},{"before":"a876ce9da8b1e331ecef666dc9a5ac58f1bd2c3c","after":null,"ref":"refs/heads/gh-readonly-queue/main/pr-6156-093a8d335a66ea136eb1f16b3a1ce6237ee353ab","pushedAt":"2024-06-01T16:07:44.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"}},{"before":null,"after":"a876ce9da8b1e331ecef666dc9a5ac58f1bd2c3c","ref":"refs/heads/gh-readonly-queue/main/pr-6156-093a8d335a66ea136eb1f16b3a1ce6237ee353ab","pushedAt":"2024-06-01T15:56:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action)\nfrom 2.13.4 to 3.25.7.\n
\nRelease notes\n

Sourced from github/codeql-action's\nreleases.

\n
\n

CodeQL Bundle v2.17.4

\n

Bundles CodeQL CLI v2.17.4

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.4:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.3

\n

Bundles CodeQL CLI v2.17.3

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.3:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
  • codeql/cpp-all (changelog,\nsource)
    • \n
  • codeql/csharp-queries (changelog,\nsource)
    • \n
  • codeql/csharp-all (changelog,\nsource)
    • \n
  • codeql/go-queries (changelog,\nsource)
    • \n
  • codeql/go-all (changelog,\nsource)
    • \n
  • codeql/java-queries (changelog,\nsource)
    • \n
  • codeql/java-all (changelog,\nsource)
    • \n
  • codeql/javascript-queries (changelog,\nsource)
    • \n
  • codeql/javascript-all (changelog,\nsource)
    • \n
  • codeql/python-queries (changelog,\nsource)
    • \n
  • codeql/python-all (changelog,\nsource)
    • \n
  • codeql/ruby-queries (changelog,\nsource)
    • \n
  • codeql/ruby-all (changelog,\nsource)
    • \n
  • codeql/swift-queries (changelog,\nsource)
    • \n
  • codeql/swift-all (changelog,\nsource)
    • \n
\n

CodeQL Bundle v2.17.2

\n

Bundles CodeQL CLI v2.17.2

\n
    \n
  • (changelog,\nrelease)
    • \n
\n

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.2:

\n
    \n
  • codeql/cpp-queries (changelog,\nsource)
    • \n
\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from github/codeql-action's\nchangelog.

\n
\n

CodeQL Action Changelog

\n

See the releases\npage for the relevant changes to the CodeQL CLI and language\npacks.

\n

Note that the only difference between v2 and\nv3 of the CodeQL Action is the node version they support,\nwith v3 running on node 20 while we continue to release\nv2 to support running on node 16. For example\n3.22.11 was the first v3 release and is\nfunctionally identical to 2.22.11. This approach ensures an\neasy way to track exactly which features are included in different\nversions, indicated by the minor and patch version numbers.

\n

[UNRELEASED]

\n

No user facing changes.

\n

3.25.7 - 31 May 2024

\n
    \n
  • We are rolling out a feature in May/June 2024 that will reduce the\nActions cache usage of the Action by keeping only the newest TRAP cache\nfor each language. #2306
    • \n
\n

3.25.6 - 20 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.3. #2295
    • \n
\n

3.25.5 - 13 May 2024

\n
    \n
  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,\nand GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md.\n#2273
    • \n
  • Avoid printing out a warning for a missing on.push\ntrigger when the CodeQL Action is triggered via a\nworkflow_call event. #2274
    • \n
  • The tools: latest input to the init Action\nhas been renamed to tools: linked. This option specifies\nthat the Action should use the tools shipped at the same time as the\nAction. The old name will continue to work for backwards compatibility,\nbut we recommend that new workflows use the new name. #2281
    • \n
\n

3.25.4 - 08 May 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.2. #2270
    • \n
\n

3.25.3 - 25 Apr 2024

\n
    \n
  • Update default CodeQL bundle version to 2.17.1. #2247
    • \n
  • Workflows running on macos-latest using CodeQL CLI\nversions before v2.15.1 will need to either upgrade their CLI version to\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\nas macos-12. ARM machines with SIP disabled, including the\nnewest macos-latest image, are unsupported for CLI versions\nbefore 2.15.1. #2261
    • \n
\n

3.25.2 - 22 Apr 2024

\n

No user facing changes.

\n

3.25.1 - 17 Apr 2024

\n
    \n
  • We are rolling out a feature in April/May 2024 that improves the\nreliability and performance of analyzing code when analyzing a compiled\nlanguage with the autobuild build\nmode. #2235
    • \n
  • Fix a bug where the init Action would fail if\n--overwrite was specified in\nCODEQL_ACTION_EXTRA_OPTIONS. #2245
    • \n
\n

3.25.0 - 15 Apr 2024

\n
    \n
  • \n

    The deprecated feature for extracting dependencies for a Python\nanalysis has been removed. #2224

    \n

    As a result, the following inputs and environment variables are now\nignored:

    \n
      \n
    • The setup-python-dependencies input to the\ninit Action
      • \n
    • The\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION\nenvironment variable
      • \n
    \n
    • \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n
    \n
  • f079b84\nMerge pull request #2317\nfrom github/update-v3.25.7-a095bf2a1
    • \n
  • e1a4268\nUpdate changelog for v3.25.7
    • \n
  • a095bf2\nMerge pull request #2313\nfrom github/revert-2312-update-bundle/codeql-bundle-...
    • \n
  • bbd4e19\nRevert "Update default bundle to 2.17.4"
    • \n
  • 9ab5d16\nMerge pull request #2312\nfrom github/update-bundle/codeql-bundle-v2.17.4
    • \n
  • 028346e\nAdd changelog note
    • \n
  • 5fe0847\nUpdate default bundle to codeql-bundle-v2.17.4
    • \n
  • 9550da9\nMerge pull request #2311\nfrom github/henrymercer/pack-missing-auth-config-error
    • \n
  • 6548a4d\nAdd configuration error for missing auth to package registry
    • \n
  • 7927df0\nBump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)
    • \n
  • Additional commits viewable in compare\nview
    • \n
\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.13.4&new-version=3.25.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n
\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump github/codeql-action from 2.13.4 to 3.25.7 (#6156)"}},{"before":null,"after":"27ae4fa05ca77377b31c0b56f50e0cb7f37b40aa","ref":"refs/heads/dependabot/github_actions/ZedThree/clang-tidy-review-0.19.0","pushedAt":"2024-06-01T15:37:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ZedThree/clang-tidy-review from 0.18.0 to 0.19.0\n\nBumps [ZedThree/clang-tidy-review](https://github.com/zedthree/clang-tidy-review) from 0.18.0 to 0.19.0.\n- [Release notes](https://github.com/zedthree/clang-tidy-review/releases)\n- [Changelog](https://github.com/ZedThree/clang-tidy-review/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/zedthree/clang-tidy-review/compare/900895863e31d749b3a97e8d4de93f15927d235f...85799d63d217e8d0686b7735fb923acc986d8043)\n\n---\nupdated-dependencies:\n- dependency-name: ZedThree/clang-tidy-review\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ZedThree/clang-tidy-review from 0.18.0 to 0.19.0"}},{"before":null,"after":"ba09d196064fe852fdec773607abc8f7c6fa7f1a","ref":"refs/heads/dependabot/github_actions/github/codeql-action-3.25.7","pushedAt":"2024-06-01T15:37:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump github/codeql-action from 2.13.4 to 3.25.7\n\nBumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.7.\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/cdcdbb579706841c47f7063dda365e292e5cad7a...f079b8493333aace61c81488f8bd40919487bd9f)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump github/codeql-action from 2.13.4 to 3.25.7"}},{"before":null,"after":"aef13133b04280da8f57214aca537461cd22996b","ref":"refs/heads/dependabot/github_actions/reviewdog/action-cpplint-1.3.0","pushedAt":"2024-06-01T15:36:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump reviewdog/action-cpplint from 1.2.0 to 1.3.0\n\nBumps [reviewdog/action-cpplint](https://github.com/reviewdog/action-cpplint) from 1.2.0 to 1.3.0.\n- [Release notes](https://github.com/reviewdog/action-cpplint/releases)\n- [Commits](https://github.com/reviewdog/action-cpplint/compare/f4595711c17503b596166b81782d83774541c2d8...61869daa530674de5aec805f3eac22e6fdcf7dfe)\n\n---\nupdated-dependencies:\n- dependency-name: reviewdog/action-cpplint\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump reviewdog/action-cpplint from 1.2.0 to 1.3.0"}},{"before":null,"after":"ec296fd1f470e21fd17c8f809c03e1d57ae9c217","ref":"refs/heads/dependabot/github_actions/ossf/scorecard-action-2.3.3","pushedAt":"2024-06-01T15:36:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.\n- [Release notes](https://github.com/ossf/scorecard-action/releases)\n- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)\n- [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534)\n\n---\nupdated-dependencies:\n- dependency-name: ossf/scorecard-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3"}},{"before":"244c7e43f23fd3ac57c7c3c615f8034aeb9a6af1","after":null,"ref":"refs/heads/1.16.1-pick","pushedAt":"2024-05-23T16:33:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"}},{"before":"52ebb5d668918c6b1d40250f9c0bee0165d8f4a3","after":"595228d99e3977ac27cb79d5963adda262af99ad","ref":"refs/heads/rel-1.16.1","pushedAt":"2024-05-23T16:33:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"},"commit":{"message":"Pin onnxruntime to 1.17.3 for release CIs (#6143) (#6148)\n\n### Description\r\nThe latest ORT 1.18.0 does not implement ML ops required for\r\ntest_backend_onnxruntime.py. Pin to the previous ort release to pass the\r\nrelease CIs.\r\n\r\n### Motivation and Context\r\nhttps://github.com/onnx/onnx/pull/6138#issuecomment-2118368537\r\n\r\n---------\r\n\r\nSigned-off-by: Liqun Fu \r\n(cherry picked from commit 093a8d335a66ea136eb1f16b3a1ce6237ee353ab)\r\n\r\nCo-authored-by: liqun Fu ","shortMessageHtmlLink":"Pin onnxruntime to 1.17.3 for release CIs (#6143) (#6148)"}},{"before":null,"after":"244c7e43f23fd3ac57c7c3c615f8034aeb9a6af1","ref":"refs/heads/1.16.1-pick","pushedAt":"2024-05-23T12:46:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"},"commit":{"message":"Pin onnxruntime to 1.17.3 for release CIs (#6143)\n\n### Description\nThe latest ORT 1.18.0 does not implement ML ops required for\ntest_backend_onnxruntime.py. Pin to the previous ort release to pass the\nrelease CIs.\n\n### Motivation and Context\nhttps://github.com/onnx/onnx/pull/6138#issuecomment-2118368537\n\n---------\n\nSigned-off-by: Liqun Fu \n(cherry picked from commit 093a8d335a66ea136eb1f16b3a1ce6237ee353ab)","shortMessageHtmlLink":"Pin onnxruntime to 1.17.3 for release CIs (#6143)"}},{"before":"beed4a4f11a36f5817788c77340a832438e04962","after":null,"ref":"refs/heads/liqun/rel-ci-pin-ort-version","pushedAt":"2024-05-23T05:58:14.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"liqunfu","name":"liqun Fu","path":"/liqunfu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3318051?s=80&v=4"}},{"before":"093a8d335a66ea136eb1f16b3a1ce6237ee353ab","after":null,"ref":"refs/heads/gh-readonly-queue/main/pr-6143-b90e252da11dea9bdc191d6b9b8d01511ef3e3bd","pushedAt":"2024-05-23T05:58:13.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"}},{"before":"b90e252da11dea9bdc191d6b9b8d01511ef3e3bd","after":"093a8d335a66ea136eb1f16b3a1ce6237ee353ab","ref":"refs/heads/main","pushedAt":"2024-05-23T05:58:12.000Z","pushType":"merge_queue_merge","commitsCount":1,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Pin onnxruntime to 1.17.3 for release CIs (#6143)\n\n### Description\nThe latest ORT 1.18.0 does not implement ML ops required for\ntest_backend_onnxruntime.py. Pin to the previous ort release to pass the\nrelease CIs.\n\n### Motivation and Context\nhttps://github.com/onnx/onnx/pull/6138#issuecomment-2118368537\n\n---------\n\nSigned-off-by: Liqun Fu ","shortMessageHtmlLink":"Pin onnxruntime to 1.17.3 for release CIs (#6143)"}},{"before":null,"after":"093a8d335a66ea136eb1f16b3a1ce6237ee353ab","ref":"refs/heads/gh-readonly-queue/main/pr-6143-b90e252da11dea9bdc191d6b9b8d01511ef3e3bd","pushedAt":"2024-05-23T05:41:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"github-merge-queue[bot]","name":null,"path":"/apps/github-merge-queue","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9919?s=80&v=4"},"commit":{"message":"Pin onnxruntime to 1.17.3 for release CIs (#6143)\n\n### Description\nThe latest ORT 1.18.0 does not implement ML ops required for\ntest_backend_onnxruntime.py. Pin to the previous ort release to pass the\nrelease CIs.\n\n### Motivation and Context\nhttps://github.com/onnx/onnx/pull/6138#issuecomment-2118368537\n\n---------\n\nSigned-off-by: Liqun Fu ","shortMessageHtmlLink":"Pin onnxruntime to 1.17.3 for release CIs (#6143)"}},{"before":"a76af0f2d9acb1a2da915932dc38fd22397d277f","after":"beed4a4f11a36f5817788c77340a832438e04962","ref":"refs/heads/liqun/rel-ci-pin-ort-version","pushedAt":"2024-05-22T19:42:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"liqunfu","name":"liqun Fu","path":"/liqunfu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3318051?s=80&v=4"},"commit":{"message":"aarch64 to use ort 1.16.3\n\nSigned-off-by: Liqun Fu ","shortMessageHtmlLink":"aarch64 to use ort 1.16.3"}},{"before":null,"after":"a76af0f2d9acb1a2da915932dc38fd22397d277f","ref":"refs/heads/liqun/rel-ci-pin-ort-version","pushedAt":"2024-05-22T07:27:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"liqunfu","name":"liqun Fu","path":"/liqunfu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3318051?s=80&v=4"},"commit":{"message":"pin onnxruntime==1.17.3 for rel CIs\n\nSigned-off-by: Liqun Fu ","shortMessageHtmlLink":"pin onnxruntime==1.17.3 for rel CIs"}},{"before":"50c76f0a2dcd1f88e80f25d52c1841926d415f1f","after":null,"ref":"refs/heads/set-final-1.16.1","pushedAt":"2024-05-17T18:08:36.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"}},{"before":"f0f5a4a80e5dfd4ea19fad85cecf63920d23add0","after":"52ebb5d668918c6b1d40250f9c0bee0165d8f4a3","ref":"refs/heads/rel-1.16.1","pushedAt":"2024-05-17T18:08:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"},"commit":{"message":"Set version number for official 1.16.1 release (#6138)\n\n### Description\r\nRemove \"rc*\" from version number in preparation for final 1.16.1\r\nrelease.\r\n\r\nSigned-off-by: Charles Volzka \r\n\r\nSigned-off-by: Charles Volzka ","shortMessageHtmlLink":"Set version number for official 1.16.1 release (#6138)"}},{"before":null,"after":"50c76f0a2dcd1f88e80f25d52c1841926d415f1f","ref":"refs/heads/set-final-1.16.1","pushedAt":"2024-05-14T14:18:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"cjvolzka","name":"Charles Volzka","path":"/cjvolzka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/42243335?s=80&v=4"},"commit":{"message":"Set version number for official 1.16.1 release\n\n### Description\nRemove \"rc*\" from version number in preparation for final 1.16.1 release.\n\nSigned-off-by: Charles Volzka ","shortMessageHtmlLink":"Set version number for official 1.16.1 release"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEWd5gRAA","startCursor":null,"endCursor":null}},"title":"Activity · onnx/onnx"}