Bump the github-actions group with 3 updates #499

dependabot · 2024-03-27T11:04:24Z

Bumps the github-actions group with 3 updates: actions/checkout, github/codeql-action and codecov/codecov-action.

Updates actions/checkout from 4.1.1 to 4.1.2

Release notes

Sourced from actions/checkout's releases.

v4.1.2

We are investigating the following issue with this release and have rolled-back the v4 tag to point to v4.1.1

sparse-checkout is not available on git versions prior to 2.27.0 (see actions/checkout#1651)

What's Changed

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

Bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in actions/checkout#1406

Bump @babel/traverse from 7.20.5 to 7.24.0 by @dependabot in actions/checkout#1642

New Contributors

@jww3 made their first contribution in actions/checkout#1616

Full Changelog: actions/checkout@v4.1.1...v4.1.2

Changelog

Sourced from actions/checkout's changelog.

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

Commits

9bb5618 Prep for release of v4.1.2 (#1649)
8eb1f6a Bump @babel/traverse from 7.20.5 to 7.24.0 (#1642)
556e4c3 Bump tough-cookie from 4.0.0 to 4.1.3 (#1406)
b32f140 Warn on attempts to publish test-ubuntu-git from non-main branch. (#1623)
2650dbd Give test-ubuntu-git its own README (#1620)
aadec89 Explicitly disable sparse checkout unless asked for (#1598)
df0bcdd Refine workflow for generating test-ubuntu-git (#1617)
473055b Create test-ubuntu-git Docker Container for Proxy Tests (#1616)
See full diff in compare view

Updates github/codeql-action from 3.24.5 to 3.24.9

Changelog

Sourced from github/codeql-action's changelog.

3.24.9 - 22 Mar 2024

Update default CodeQL bundle version to 2.16.5. #2203

3.24.8 - 18 Mar 2024

Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. #2195

3.24.7 - 12 Mar 2024

Update default CodeQL bundle version to 2.16.4. #2185

3.24.6 - 29 Feb 2024

No user facing changes.

Commits

1b1aada Merge pull request #2208 from github/update-v3.24.9-09d4101d2
6505708 Update changelog for v3.24.9
09d4101 Merge pull request #2203 from github/update-bundle/codeql-bundle-v2.16.5
a3ab02e Merge branch 'main' into update-bundle/codeql-bundle-v2.16.5
9cf4574 Add changelog note
964f5e7 Merge pull request #2207 from github/henrymercer/more-processing-error-catego...
9c0c35b Merge pull request #2206 from github/henrymercer/improved-autobuild-error-wit...
c84e4c8 Mark some more processing errors as invalid SARIF upload requests
4aca720 Improve error message when using build modes and autobuild fails
7f375ae Wrap configuration errors for all CLI commands
Additional commits viewable in compare view

Updates codecov/codecov-action from 4.0.2 to 4.1.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.1.1

What's Changed

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in codecov/codecov-action#1315

build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by @dependabot in codecov/codecov-action#1319

Removed mention of Mercurial by @drazisil-codecov in codecov/codecov-action#1325

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in codecov/codecov-action#1332

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in codecov/codecov-action#1331

fix: force version by @thomasrockhu-codecov in codecov/codecov-action#1329

build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by @dependabot in codecov/codecov-action#1334

build(deps): bump undici from 5.28.2 to 5.28.3 by @dependabot in codecov/codecov-action#1338

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in codecov/codecov-action#1341

fix: typo in disable_safe_directory by @mkroening in codecov/codecov-action#1343

chore(release): 4.1.1 by @thomasrockhu-codecov in codecov/codecov-action#1344

New Contributors

@mkroening made their first contribution in codecov/codecov-action#1343

Full Changelog: codecov/codecov-action@v4.1.0...v4.1.1

v4.1.0

What's Changed

fix: set safe directory by @thomasrockhu-codecov in codecov/codecov-action#1304

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in codecov/codecov-action#1306

build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @dependabot in codecov/codecov-action#1305

chore(release): v4.1.0 by @thomasrockhu-codecov in codecov/codecov-action#1307

Full Changelog: codecov/codecov-action@v4.0.2...v4.1.0

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

3.1.4

Fixes

#967 Fix typo in README.md

#971 fix: add back in working dir

#969 fix: CLI option names for uploader

Dependencies

#970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3

#979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2

#981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

#960 fix: allow for aarch64 build

Dependencies

#957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0

#958 build(deps): bump openpgp from 5.7.0 to 5.8.0

#959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

#718 Update README.md

#851 Remove unsupported path_to_write_report argument

#898 codeql-analysis.yml

#901 Update README to contain correct information - inputs and negate feature

#955 fix: add in all the extra arguments for uploader

Dependencies

#819 build(deps): bump openpgp from 5.4.0 to 5.5.0

#835 build(deps): bump node-fetch from 3.2.4 to 3.2.10

#840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4

#841 build(deps): bump @actions/core from 1.9.1 to 1.10.0

#843 build(deps): bump @actions/github from 5.0.3 to 5.1.1

#869 build(deps): bump node-fetch from 3.2.10 to 3.3.0

#872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0

#879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

c16abc2 chore(release): 4.1.1 (#1344)
3e33441 fix: typo in disable_safe_directory (#1343)
85aacc9 build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 (#1341)
4ea9be0 build(deps): bump undici from 5.28.2 to 5.28.3 (#1338)
164fade build(deps-dev): bump typescript from 5.4.2 to 5.4.3 (#1334)
4621ecc fix: force version (#1329)
251ba34 build(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1331)
5a593a5 build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 (#1332)
a15c0e4 Removed mention of Mercurial (#1325)
8be6ba5 build(deps-dev): bump typescript from 5.3.3 to 5.4.2 (#1319)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.1...v4.1.2) Updates `github/codeql-action` from 3.24.5 to 3.24.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.24.5...v3.24.9) Updates `codecov/codecov-action` from 4.0.2 to 4.1.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4.0.2...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-04-04T11:45:39Z

Superseded by #501.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 27, 2024

dependabot bot requested a review from gabriel-vasile March 27, 2024 11:04

dependabot bot mentioned this pull request Mar 27, 2024

Bump the github-actions group with 3 updates #498

Closed

dependabot bot closed this Apr 4, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-d64a037e01 branch April 4, 2024 11:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 3 updates #499

Bump the github-actions group with 3 updates #499

dependabot bot commented on behalf of github Mar 27, 2024 •

edited

dependabot bot commented on behalf of github Apr 4, 2024

Bump the github-actions group with 3 updates #499

Bump the github-actions group with 3 updates #499

Conversation

dependabot bot commented on behalf of github Mar 27, 2024 • edited

v4.1.2

What's Changed

New Contributors

v4.1.2

3.24.9 - 22 Mar 2024

3.24.8 - 18 Mar 2024

3.24.7 - 12 Mar 2024

3.24.6 - 29 Feb 2024

v4.1.1

What's Changed

New Contributors

v4.1.0

What's Changed

4.0.0-beta.2

Fixes

4.0.0-beta.1

Breaking Changes

3.1.4

Fixes

Dependencies

3.1.3

Fixes

Dependencies

3.1.2

Fixes

Dependencies

dependabot bot commented on behalf of github Apr 4, 2024

dependabot bot commented on behalf of github Mar 27, 2024 •

edited