Bump github/codeql-action from 1 to 2 #44

Merged
dependabot[bot] merged 1 commits from dependabot/github_actions/github/codeql-action-2 into v3 2022-04-26 23:42:24 +03:00
dependabot[bot] commented 2022-04-26 12:21:01 +03:00 (Migrated from github.com)

Bumps github/codeql-action from 1 to 2.

Changelog

Sourced from github/codeql-action's changelog.

2.1.8 - 08 Apr 2022

  • Update default CodeQL bundle version to 2.8.5. #1014
  • Fix error where the init action would fail due to a GitHub API request that was taking too long to complete #1025

2.1.7 - 05 Apr 2022

  • A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. #1018

2.1.6 - 30 Mar 2022

  • [v2+ only] The CodeQL Action now runs on Node.js v16. #1000
  • Update default CodeQL bundle version to 2.8.4. #990
  • Fix a bug where an invalid commit_oid was being sent to code scanning when a custom checkout path was being used. #956
Commits
  • 2c03704 Allow the version of the ML-powered pack to depend on the CLI version
  • dd6b592 Simplify ML-powered query status report definition
  • a90d8bf Merge pull request #1011 from github/henrymercer/ml-powered-queries-pr-check
  • dc0338e Use latest major version of actions/upload-artifact
  • 57096fe Add a PR check to validate that ML-powered queries are run correctly
  • b0ddf36 Merge pull request #1012 from github/henrymercer/update-actions-major-versions
  • 1ea2f2d Merge branch 'main' into henrymercer/update-actions-major-versions
  • 9dcc141 Merge pull request #1010 from github/henrymercer/stop-running-ml-powered-quer...
  • ea751a9 Update other Actions from v2 to v3
  • a2949f4 Update actions/checkout from v2 to v3
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h2>2.1.8 - 08 Apr 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.8.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1014">#1014</a></li> <li>Fix error where the init action would fail due to a GitHub API request that was taking too long to complete <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1025">#1025</a></li> </ul> <h2>2.1.7 - 05 Apr 2022</h2> <ul> <li>A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1018">#1018</a></li> </ul> <h2>2.1.6 - 30 Mar 2022</h2> <ul> <li>[v2+ only] The CodeQL Action now runs on Node.js v16. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1000">#1000</a></li> <li>Update default CodeQL bundle version to 2.8.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/990">#990</a></li> <li>Fix a bug where an invalid <code>commit_oid</code> was being sent to code scanning when a custom checkout path was being used. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/956">#956</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/2c03704a6c1a830d08e4d9bec16d5e11341fdfbd"><code>2c03704</code></a> Allow the version of the ML-powered pack to depend on the CLI version</li> <li><a href="https://github.com/github/codeql-action/commit/dd6b592e3e5e9cb8d577f77fcbac3e0a277834f4"><code>dd6b592</code></a> Simplify ML-powered query status report definition</li> <li><a href="https://github.com/github/codeql-action/commit/a90d8bf7113ff4d559a93e924657f47182b7ff14"><code>a90d8bf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1011">#1011</a> from github/henrymercer/ml-powered-queries-pr-check</li> <li><a href="https://github.com/github/codeql-action/commit/dc0338e4932696fa7e12853666bd55126f578ec7"><code>dc0338e</code></a> Use latest major version of actions/upload-artifact</li> <li><a href="https://github.com/github/codeql-action/commit/57096fe795dd4d80156b5aca370361a411c788ac"><code>57096fe</code></a> Add a PR check to validate that ML-powered queries are run correctly</li> <li><a href="https://github.com/github/codeql-action/commit/b0ddf36abe59aeef1e1161800244ed201a198092"><code>b0ddf36</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1012">#1012</a> from github/henrymercer/update-actions-major-versions</li> <li><a href="https://github.com/github/codeql-action/commit/1ea2f2d7f1d93eaf4eac2be602aac0c587fd74ec"><code>1ea2f2d</code></a> Merge branch 'main' into henrymercer/update-actions-major-versions</li> <li><a href="https://github.com/github/codeql-action/commit/9dcc141f122e30f8d48b9927b17b081acd406b1d"><code>9dcc141</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1010">#1010</a> from github/henrymercer/stop-running-ml-powered-quer...</li> <li><a href="https://github.com/github/codeql-action/commit/ea751a9fae12fc5267ceb93f51622421afc5e87b"><code>ea751a9</code></a> Update other Actions from v2 to v3</li> <li><a href="https://github.com/github/codeql-action/commit/a2949f47b3d667fc2d35d39f10089aa60cbd7071"><code>a2949f4</code></a> Update actions/checkout from v2 to v3</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/v1...v2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-04-26 12:21:18 +03:00
Sign in to join this conversation.
No description provided.