chore(deps): bump github/codeql-action from 2 to 3 #3806

dependabot · 2023-12-18T22:58:12Z

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.15.4

Bundles CodeQL CLI v2.15.4

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.4:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

codeql/javascript-queries (changelog, source)

codeql/javascript-all (changelog, source)

codeql/python-queries (changelog, source)

codeql/python-all (changelog, source)

codeql/ruby-queries (changelog, source)

codeql/ruby-all (changelog, source)

codeql/swift-queries (changelog, source)

codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.3

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.3:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

codeql/javascript-queries (changelog, source)

codeql/javascript-all (changelog, source)

codeql/python-queries (changelog, source)

codeql/python-all (changelog, source)

codeql/ruby-queries (changelog, source)

codeql/ruby-all (changelog, source)

codeql/swift-queries (changelog, source)

codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.2

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.2:

codeql/cpp-queries (changelog, source)

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

Commits

3a9f6a8 update javascript files
cc4fead update version in various hardcoded locations
183559c Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4
5b52b36 reintroduce PR check that confirm action can be still be compiled on node16
5b19bef change to node20 for all actions
f2d0c2e upgrade node type definitions
d651fbc change to node20 for all actions
382a50a Merge pull request #2021 from github/mergeback/v2.22.9-to-main-c0d1daa7
458b422 Update checked-in dependencies
5e0f9db Update changelog and version after v2.22.9
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: catch-all conflicting wildcard * add: test cases * chore: update GitHub Actions configuration (#3792) - Change the cron schedule from `'0 17 * * 5'` to `"0 17 * * 5"` in the file `.github/workflows/codeql.yml` - Change the value of `language` from `['go']` to `["go"]` in the file `.github/workflows/codeql.yml` - Change the value of `go-version` from `'^1.18'` to `"^1.18"` in the file `.github/workflows/gin.yml` - Add `1.21` to the list of `go` versions and change the value of `test-tags` in the file `.github/workflows/gin.yml` - Change the value of `if` condition from `matrix.go-version == '1.20.x'` to `matrix.go-version == '1.21.x'` in the file `.github/workflows/gin.yml` - Change the value of `on` from `'*'` to `"*"` in the file `.github/workflows/goreleaser.yml` - Change the name of the job from `name: Checkout` to `name: Checkout` in the file `.github/workflows/goreleaser.yml` - Change the name of the job from `name: Set up Go` to `name: Set up Go` in the file `.github/workflows/goreleaser.yml` - Change the value of `go-version` from `1.20` to `"^1"` in Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore(deps): bump github/codeql-action from 2 to 3 (#3806) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(sec): upgrade golang.org/x/crypto to 0.17.0 (#3832) * ci(lint): update tooling and workflows for consistency (#3834) * chore: update tooling and workflows for consistency - Update the version of a tool in the GitHub workflow from `v1.52.2` to `v1.55.2` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: refactor linter configuration in CI - Remove the `depguard` linter from the `.golangci.yml` configuration Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: refine CI workflow and test configurations - Disable caching in the GitHub Actions workflow for `gin.yml` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * refactor: refactor return logic in tree operations - Modify multiple return statements in `tree.go` to return a specific value instead of nothing Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore(deps): update dependencies to latest versions (#3835) * chore: update dependencies to latest versions - Update `sonic` library from `v1.9.1` to `v1.10.2` - Update `validator` library from `v10.16.0` to `v10.17.0` - Update `go-isatty` library from `v0.0.19` to `v0.0.20` - Update `go/codec`, `x/net`, and `protobuf` libraries to newer versions - Update `base64x` to a newer commit and add `iasm` library as an indirect dependency - Update `mimetype`, `cpuid`, `go-urn`, `x/arch`, `x/crypto`, and `x/sys` libraries to newer versions Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: refactor CI workflows and improve robustness - Update GitHub Actions cache from v3 to v4 in the workflow configuration Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * wip: fix tests * wip: fix tests --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: caption <101684156+chncaption@users.noreply.github.com>

* fix: catch-all conflicting wildcard * add: test cases * chore: update GitHub Actions configuration (gin-gonic#3792) - Change the cron schedule from `'0 17 * * 5'` to `"0 17 * * 5"` in the file `.github/workflows/codeql.yml` - Change the value of `language` from `['go']` to `["go"]` in the file `.github/workflows/codeql.yml` - Change the value of `go-version` from `'^1.18'` to `"^1.18"` in the file `.github/workflows/gin.yml` - Add `1.21` to the list of `go` versions and change the value of `test-tags` in the file `.github/workflows/gin.yml` - Change the value of `if` condition from `matrix.go-version == '1.20.x'` to `matrix.go-version == '1.21.x'` in the file `.github/workflows/gin.yml` - Change the value of `on` from `'*'` to `"*"` in the file `.github/workflows/goreleaser.yml` - Change the name of the job from `name: Checkout` to `name: Checkout` in the file `.github/workflows/goreleaser.yml` - Change the name of the job from `name: Set up Go` to `name: Set up Go` in the file `.github/workflows/goreleaser.yml` - Change the value of `go-version` from `1.20` to `"^1"` in Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore(deps): bump github/codeql-action from 2 to 3 (gin-gonic#3806) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(sec): upgrade golang.org/x/crypto to 0.17.0 (gin-gonic#3832) * ci(lint): update tooling and workflows for consistency (gin-gonic#3834) * chore: update tooling and workflows for consistency - Update the version of a tool in the GitHub workflow from `v1.52.2` to `v1.55.2` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: refactor linter configuration in CI - Remove the `depguard` linter from the `.golangci.yml` configuration Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: refine CI workflow and test configurations - Disable caching in the GitHub Actions workflow for `gin.yml` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * refactor: refactor return logic in tree operations - Modify multiple return statements in `tree.go` to return a specific value instead of nothing Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore(deps): update dependencies to latest versions (gin-gonic#3835) * chore: update dependencies to latest versions - Update `sonic` library from `v1.9.1` to `v1.10.2` - Update `validator` library from `v10.16.0` to `v10.17.0` - Update `go-isatty` library from `v0.0.19` to `v0.0.20` - Update `go/codec`, `x/net`, and `protobuf` libraries to newer versions - Update `base64x` to a newer commit and add `iasm` library as an indirect dependency - Update `mimetype`, `cpuid`, `go-urn`, `x/arch`, `x/crypto`, and `x/sys` libraries to newer versions Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: refactor CI workflows and improve robustness - Update GitHub Actions cache from v3 to v4 in the workflow configuration Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * wip: fix tests * wip: fix tests --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: caption <101684156+chncaption@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 18, 2023

appleboy approved these changes Jan 19, 2024

View reviewed changes

appleboy merged commit 857db39 into master Jan 19, 2024
3 of 4 checks passed

dependabot bot deleted the dependabot/github_actions/github/codeql-action-3 branch January 19, 2024 00:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github/codeql-action from 2 to 3 #3806

chore(deps): bump github/codeql-action from 2 to 3 #3806

dependabot bot commented on behalf of github Dec 18, 2023 •

edited

Loading

chore(deps): bump github/codeql-action from 2 to 3 #3806

chore(deps): bump github/codeql-action from 2 to 3 #3806

Conversation

dependabot bot commented on behalf of github Dec 18, 2023 • edited Loading

CodeQL Bundle v2.15.4

CodeQL Bundle

CodeQL Bundle

dependabot bot commented on behalf of github Dec 18, 2023 •

edited

Loading