Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create codeql-analysis.yml #3784

Closed
wants to merge 55 commits into from
Closed

Create codeql-analysis.yml #3784

wants to merge 55 commits into from

Conversation

Jimimaku
Copy link

@Jimimaku Jimimaku commented Aug 31, 2022
edited
Loading

What does this PR do?

Where should the reviewer start?

How should this be manually tested?

Any background context you want to provide?

What are the relevant tickets?

Screenshots

Additional questions

dependabot bot and others added 4 commits August 16, 2022 06:52
@dependabot
chore(deps): bump node-uuid
bc0f15f 
Bumps [node-uuid](https://github.com/broofa/node-uuid) from 1.4.0 to 1.4.8.
- [Release notes](https://github.com/broofa/node-uuid/releases)
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

---
updated-dependencies:
- dependency-name: node-uuid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@snyk-bot
fix: upgrade typescript from 4.3.2 to 4.7.4
e3d071f 
Snyk has created this PR to upgrade typescript from 4.3.2 to 4.7.4.

See this package in npm:
https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/jimimaku/project/00472e4c-118b-4f33-9f7c-c429ff5fdb2d?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade @octokit/rest from 18.5.4 to 18.12.0
bb9a14c 
Snyk has created this PR to upgrade @octokit/rest from 18.5.4 to 18.12.0.

See this package in npm:
https://www.npmjs.com/package/@octokit/rest

See this project in Snyk:
https://app.snyk.io/org/jimimaku/project/00472e4c-118b-4f33-9f7c-c429ff5fdb2d?utm_source=github&utm_medium=referral&page=upgrade-pr
@Jimimaku
Create codeql-analysis.yml
a9e6dde
@Jimimaku Jimimaku requested a review from a team as a code owner August 31, 2022 09:18
@CLAassistant
Copy link

CLAassistant commented Aug 31, 2022
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 4 committers have signed the CLA.

✅ Jimimaku
❌ snyk-bot
❌ dependabot[bot]
❌ mend-bolt-for-github[bot]
You have signed the CLA already but the status is still pending? Let us recheck it.

snyk-bot and others added 9 commits September 14, 2022 01:16
@snyk-bot
fix: docker/Dockerfile.python-3.6 to reduce vulnerabilities
5af6f6b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-DPKG-2847942
- https://snyk.io/vuln/SNYK-DEBIAN11-GZIP-2444256
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2426309
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2807596
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2933518
@Jimimaku
Merge branch 'snyk:master' into master
a22142b
@Jimimaku
Merge branch 'snyk:master' into master
aaee420
@Jimimaku
Merge pull request #29 from snyk/master
2269ef9 
[pull] master from snyk:master
@Jimimaku
Merge remote-tracking branch 'upstream/master'
8cca851
@Jimimaku
Merge remote-tracking branch 'upstream/master'
3282f86
@Jimimaku
Merge remote-tracking branch 'upstream/master'
16450a0
@dependabot
chore(deps): bump actionpack
a90bd66 
Bumps [actionpack](https://github.com/rails/rails) from 4.2.5 to 4.2.11.3.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.0.4/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v4.2.5...v4.2.11.3)

---
updated-dependencies:
- dependency-name: actionpack
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Transferring API Description file from Apiary.io
a5f548e
@Jimimaku Jimimaku requested a review from a team as a code owner November 1, 2022 11:37
Jimimaku and others added 11 commits November 1, 2022 12:38
@Jimimaku
Merge remote-tracking branch 'upstream/master'
a0a70c3
@Jimimaku
Merge branch 'master' of https://github.com/Jimimaku/cli
a60d883
@Jimimaku
Merge remote-tracking branch 'upstream/master'
bca4e50
@Jimimaku
Merge remote-tracking branch 'upstream/master'
ce41e2d
@Jimimaku
Merge remote-tracking branch 'upstream/master'
2401219
@Jimimaku
Merge remote-tracking branch 'upstream/master'
48f28ed
@Jimimaku
Merge remote-tracking branch 'upstream/master'
ef633e9
@dependabot
chore(deps): bump loader-utils from 1.4.0 to 1.4.2
e564ec8 
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge remote-tracking branch 'upstream/master'
3e40c72
@Jimimaku
Merge branch 'snyk:master' into master
5a1c686
@Jimimaku
Merge remote-tracking branch 'upstream/master'
438b936
Jimimaku and others added 8 commits November 21, 2022 13:22
@Jimimaku
Merge pull request #5 from Jimimaku/dependabot/npm_and_yarn/test/acce…
9d5c545 
…ptance/workspaces/large-mono-repo/npm-project-3/node-uuid-1.4.8

chore(deps): bump node-uuid from 1.4.0 to 1.4.8 in /test/acceptance/workspaces/large-mono-repo/npm-project-3
@dependabot
chore(deps): bump node-uuid
7854868 
Bumps [node-uuid](https://github.com/broofa/node-uuid) from 1.4.0 to 1.4.8.
- [Release notes](https://github.com/broofa/node-uuid/releases)
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

---
updated-dependencies:
- dependency-name: node-uuid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #48 from Jimimaku/dependabot/npm_and_yarn/loader-u…
e0f4a8a 
…tils-1.4.2

chore(deps): bump loader-utils from 1.4.0 to 1.4.2
@Jimimaku
Merge pull request #42 from Jimimaku/dependabot/bundler/test/acceptan…
7653db0 
…ce/workspaces/mono-repo-project-manifests-only/actionpack-4.2.11.3

chore(deps): bump actionpack from 4.2.5 to 4.2.11.3 in /test/acceptance/workspaces/mono-repo-project-manifests-only
@dependabot
chore(deps): bump nokogiri
0c1f77f 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.5 to 1.13.9.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.8.5...v1.13.9)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump actionpack
5191e95 
Bumps [actionpack](https://github.com/rails/rails) from 4.2.5 to 7.0.4.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.0.4/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v4.2.5...v7.0.4)

---
updated-dependencies:
- dependency-name: actionpack
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #52 from Jimimaku/dependabot/bundler/test/acceptan…
75d2a78 
…ce/workspaces/mono-repo-project/actionpack-7.0.4

chore(deps): bump actionpack from 4.2.5 to 7.0.4 in /test/acceptance/workspaces/mono-repo-project
@Jimimaku
Merge pull request #37 from Jimimaku/dependabot/bundler/test/acceptan…
241ea3a 
…ce/workspaces/ruby-app-thresholds/nokogiri-1.13.9

chore(deps): bump nokogiri from 1.8.5 to 1.13.9 in /test/acceptance/workspaces/ruby-app-thresholds
@Jimimaku
Copy link
Author

Jimimaku commented Nov 21, 2022
edited
Loading

Was macht diese PR?

Wo sollte der Gutachter anfangen?

Wie sollte dies manuell getestet werden?

Gibt es einen Hintergrundkontext, den Sie bereitstellen möchten?

Was sind die relevanten Tickets?

Screenshots

Weitere Fragen

@Jimimaku
Copy link
Author

Jimimaku commented Nov 21, 2022
edited
Loading

CLA-Assistenten-Check Vielen Dank für Ihre Einsendung! Wir wissen es wirklich zu schätzen. Wie viele Open-Source-Projekte bitten wir Sie, unsereContributor License Agreementzu unterzeichnen, bevor wir Ihren Beitrag annehmen können. 1von4Committern hat den GAV unterzeichnet.✅ Jimimaku❌ dependabot[bot]❌ snyk-bot❌ mend-bolt-for-github[bot]Sie haben den GAV bereits unterschrieben, aber der Status steht noch aus? Lassen Sie es unsnoch einmal überprüfen.

dependabot bot and others added 13 commits November 21, 2022 22:36
@dependabot
chore(deps): bump yiisoft/yii
26855a2 
Bumps [yiisoft/yii](https://github.com/yiisoft/yii) from 1.1.14 to 1.1.27.
- [Release notes](https://github.com/yiisoft/yii/releases)
- [Changelog](https://github.com/yiisoft/yii/blob/master/CHANGELOG)
- [Commits](yiisoft/yii@1.1.14...1.1.27)

---
updated-dependencies:
- dependency-name: yiisoft/yii
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #53 from Jimimaku/dependabot/composer/test/accepta…
1e540fc 
…nce/workspaces/composer-app/yiisoft/yii-1.1.27

chore(deps): bump yiisoft/yii from 1.1.14 to 1.1.27 in /test/acceptance/workspaces/composer-app
@Jimimaku
Merge pull request #6 from Jimimaku/dependabot/npm_and_yarn/test/acce…
51d67de 
…ptance/workspaces/large-mono-repo/npm-project-4/node-uuid-1.4.8

chore(deps): bump node-uuid from 1.4.0 to 1.4.8 in /test/acceptance/workspaces/large-mono-repo/npm-project-4
@dependabot
chore(deps): bump twig/twig in /test/acceptance/workspaces/composer-app
a0b4d8b 
Bumps [twig/twig](https://github.com/twigphp/Twig) from 1.35.0 to 1.43.1.
- [Release notes](https://github.com/twigphp/Twig/releases)
- [Changelog](https://github.com/twigphp/Twig/blob/v1.43.1/CHANGELOG)
- [Commits](twigphp/Twig@v1.35.0...v1.43.1)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #7 from Jimimaku/snyk-upgrade-00f3b2b3ea3a5a45bd0f…
fab5e76 
…bc005858da80

[Snyk] Upgrade typescript from 4.3.2 to 4.7.4
@dependabot
chore(deps): bump node-uuid
abec52b 
Bumps [node-uuid](https://github.com/broofa/node-uuid) from 1.4.0 to 1.4.8.
- [Release notes](https://github.com/broofa/node-uuid/releases)
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

---
updated-dependencies:
- dependency-name: node-uuid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #4 from Jimimaku/dependabot/npm_and_yarn/test/acce…
60d8911 
…ptance/workspaces/large-mono-repo/npm-project-5/node-uuid-1.4.8

chore(deps): bump node-uuid from 1.4.0 to 1.4.8 in /test/acceptance/workspaces/large-mono-repo/npm-project-5
@dependabot
chore(deps): bump qs
b00fea7 
Bumps [qs](https://github.com/ljharb/qs) from 0.0.6 to 6.0.4.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/commits/v6.0.4)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #3 from Jimimaku/dependabot/npm_and_yarn/test/acce…
ab5aaab 
…ptance/workspaces/large-mono-repo/npm-project-3/qs-6.0.4

chore(deps): bump qs from 0.0.6 to 6.0.4 in /test/acceptance/workspaces/large-mono-repo/npm-project-3
@dependabot
chore(deps): bump node-uuid
4744b65 
Bumps [node-uuid](https://github.com/broofa/node-uuid) from 1.4.0 to 1.4.8.
- [Release notes](https://github.com/broofa/node-uuid/releases)
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

---
updated-dependencies:
- dependency-name: node-uuid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Jimimaku
Merge pull request #8 from Jimimaku/snyk-upgrade-60a30f98fef13e804bcb…
20f1a0f 
…17d45c72df9a

[Snyk] Upgrade @octokit/rest from 18.5.4 to 18.12.0
@Jimimaku
Merge pull request #22 from Jimimaku/dependabot/npm_and_yarn/test/acc…
7dd5fd1 
…eptance/workspaces/large-mono-repo/npm-project-19/node-uuid-1.4.8

chore(deps): bump node-uuid from 1.4.0 to 1.4.8 in /test/acceptance/workspaces/large-mono-repo/npm-project-19
@Jimimaku
Merge pull request #27 from Jimimaku/dependabot/composer/test/accepta…
8433f2b 
…nce/workspaces/composer-app/twig/twig-1.43.1

chore(deps): bump twig/twig from 1.35.0 to 1.43.1 in /test/acceptance/workspaces/composer-app
@Jimimaku
Copy link
Author

Jimimaku commented Nov 22, 2022
edited
Loading

CLA assistant check Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.1 out of 4 committers have signed the CLA.✅ Jimimaku❌ snyk-bot❌ dependabot[bot]❌ mend-bolt-for-github[bot]You have signed the CLA already but the status is still pending? Let us recheck it.

@thisislawatts
Copy link
Member

🧹 Closing as stale. No activity in more than 1 year.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gitphill gitphill Awaiting requested review from gitphill gitphill was automatically assigned from snyk/snyk-open-source

@danielroymoore danielroymoore Awaiting requested review from danielroymoore danielroymoore was automatically assigned from snyk/snyk-open-source

@DoronElir DoronElir Awaiting requested review from DoronElir DoronElir was automatically assigned from snyk/snyk-open-source

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@Jimimaku @CLAassistant @thisislawatts @snyk-bot