github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-28 02:00:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,693 Commits 297 Branches 500 Tags
7eaba0dbc6944d748141d70b70d84c83a0badcb4
Commit Graph

6693 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
7eaba0dbc6 build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.229.0 to 1.230.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](354a1ad156...e5ac7b085f)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.230.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-14 17:57:59 +00:00
Andrew Eisenberg
4c3e536282 Merge pull request #2853 from github/dependabot/npm_and_yarn/npm-7d84c66b66 
build(deps-dev): bump the npm group with 3 updates
codeql-bundle-v2.21.1 		2025-04-10 16:31:21 -07:00
Nick Fyson
56dd02f26d Merge pull request #2852 from github/dependabot/github_actions/actions-4575878e06 
build(deps): bump actions/create-github-app-token from 1.12.0 to 2.0.2 in the actions group
 2025-04-09 17:18:03 +01:00
Nick Fyson
192406dd84 Merge branch 'main' into dependabot/github_actions/actions-4575878e06 2025-04-09 16:59:59 +01:00
Nick Fyson
c7dbb2084e Merge pull request #2857 from github/nickfyson/address-vulns 
move use of input variables into env vars
 2025-04-09 16:05:04 +01:00
nickfyson
9a45cd8c50 move use of input variables into env vars 2025-04-09 14:13:35 +01:00
Andrew Eisenberg
d26c46acea Merge pull request #2855 from github/mergeback/v3.28.15-to-main-45775bd8 
Mergeback v3.28.15 refs/heads/releases/v3 into main
 2025-04-07 14:48:19 -07:00
github-actions[bot]
51c83e1588 Update checked-in dependencies 2025-04-07 21:34:58 +00:00
github-actions[bot]
8774e3f945 Update changelog and version after v3.28.15 2025-04-07 21:32:19 +00:00
Andrew Eisenberg
45775bd823 Merge pull request #2854 from github/update-v3.28.15-a35ae8c38 
Merge main into releases/v3
v3.28.15 		2025-04-07 14:31:50 -07:00
Andrew Eisenberg
dd78aab407 Update CHANGELOG.md with bug fix details 2025-04-07 14:15:05 -07:00
github-actions[bot]
e40af59174 Update changelog for v3.28.15 2025-04-07 21:05:03 +00:00
Chuan-kai Lin
a35ae8c380 Merge pull request #2843 from github/cklin/diff-informed-compat 
Set checkPresence in diff-range data extension
 2025-04-07 13:29:16 -07:00
github-actions[bot]
5bddbeb2bf Update checked-in dependencies 2025-04-07 17:59:50 +00:00
dependabot[bot]
c7102cdca1 build(deps-dev): bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [nock](https://github.com/nock/nock) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@eslint/js` from 9.23.0 to 9.24.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.24.0/packages/js)

Updates `nock` from 14.0.2 to 14.0.3
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.2...v14.0.3)

Updates `typescript` from 5.8.2 to 5.8.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.24.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-version: 14.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: typescript
  dependency-version: 5.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:59:17 +00:00
dependabot[bot]
a1ca4846bc build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.12.0 to 2.0.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.2)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:53:11 +00:00
Andrew Eisenberg
bb59df6c17 Merge pull request #2842 from github/henrymercer/zip64 
Raise the file limit for debug artifacts by producing zip64 files where necessary
 2025-04-07 10:50:46 -07:00
Arthur Baars
4b508f5964 Merge pull request #2845 from github/mergeback/v3.28.14-to-main-fc7e4a0f 
Mergeback v3.28.14 refs/heads/releases/v3 into main
 2025-04-07 13:04:29 +02:00
github-actions[bot]
ca00afb5f1 Update checked-in dependencies 2025-04-07 09:33:21 +00:00
github-actions[bot]
2969c78ce0 Update changelog and version after v3.28.14 2025-04-07 09:27:28 +00:00
Arthur Baars
fc7e4a0fa0 Merge pull request #2844 from github/update-v3.28.14-362ef4ce2 
Merge main into releases/v3
v3.28.14 		2025-04-07 11:26:56 +02:00
github-actions[bot]
be0175c800 Update changelog for v3.28.14 2025-04-07 09:09:01 +00:00
Andrew Eisenberg
a8be43c24e Don't throw error for ENOENT 2025-04-04 13:42:00 -07:00
Chuan-kai Lin
94102d99b0 Set checkPresence in diff-range data extension 
This commit updates the diff-range data extension to use the new
checkPresence field being introduced in CodeQL CLI 2.21.0, so that
diff-informed analysis no longer fails when a query pack does not have
the restrictAlertsTo extensible predicate.
 2025-04-04 08:41:50 -07:00
github-actions[bot]
fd8685f16e Update checked-in dependencies 2025-04-04 13:46:53 +00:00
Henry Mercer
56feaac968 Raise file limit in debug artifacts by using zip64 2025-04-04 14:40:53 +01:00
Arthur Baars
362ef4ce20 Merge pull request #2838 from github/update-bundle/codeql-bundle-v2.21.0 
Update default bundle to 2.21.0
 2025-04-03 15:40:24 +02:00
Arthur Baars
2b85c00718 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.0 2025-04-03 15:28:09 +02:00
Angela P Wen
41aa437638 Merge pull request #2841 from github/angelapwen/log-init-post-telemetry 
Add logs around status report telemetry in `init-post` step
 2025-04-03 14:51:03 +02:00
Angela P Wen
92864f48b0 Add logs around status report telemetry in init-post step 2025-04-03 14:37:27 +02:00
Fotis Koutoulakis
e13fe0dd2d Merge pull request #2833 from github/NlightNFotis/reclassify_upload_sarif_issues 
feat: further error re-classification
 2025-04-02 20:09:36 +01:00
Fotis Koutoulakis
06703ce3e5 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-04-02 19:06:45 +01:00
Fotis Koutoulakis (@NlightNFotis)
676a422916 review-comments: nest validateSariFileSchema into try-catch block to better discriminate error thrown 2025-04-02 19:06:31 +01:00
Fotis Koutoulakis (@NlightNFotis)
498c7f37e8 review-comments: unwrap error in upload-sarif-action and re-classify as ConfigurationError if in known error category 2025-04-02 15:20:03 +01:00
Fotis Koutoulakis (@NlightNFotis)
efd29bef22 refactor: revert getActionsStatus taking an extra argument 2025-04-02 15:13:00 +01:00
Angela P Wen
dab8a02091 Merge pull request #2836 from github/dependabot/github_actions/actions-02c935407f 
build(deps): bump the actions group with 2 updates
 2025-04-02 14:57:29 +02:00
Angela P Wen
10771737a9 Merge pull request #2840 from github/dependabot/npm_and_yarn/npm-05c8aca45e 
build(deps-dev): bump the npm group across 1 directory with 4 updates
 2025-04-02 14:56:55 +02:00
Angela P Wen
17379bcd20 Manually update PR check workflow 2025-04-02 14:43:55 +02:00
github-actions[bot]
dbb232a3d8 Update checked-in dependencies 2025-04-02 12:43:14 +00:00
dependabot[bot]
4b72bef651 build(deps-dev): bump the npm group across 1 directory with 4 updates 
Bumps the npm group with 4 updates in the / directory: [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [nock](https://github.com/nock/nock).


Updates `@types/semver` from 7.5.8 to 7.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `@typescript-eslint/eslint-plugin` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/parser)

Updates `nock` from 14.0.1 to 14.0.2
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.1...v14.0.2)

---
updated-dependencies:
- dependency-name: "@types/semver"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-02 12:42:37 +00:00
Fotis Koutoulakis (@NlightNFotis)
b53826d56d review-comments: remove syntax-error handling for SARIF from upload-lib 2025-04-01 15:10:16 +01:00
Fotis Koutoulakis (@NlightNFotis)
55ee663d5f review-comments: refactor getActionsStatus to accept an extra parameter designating if the analysis is third-party 2025-04-01 14:58:59 +01:00
github-actions[bot]
a27e401674 Add changelog note 2025-04-01 13:51:07 +00:00
github-actions[bot]
a69f5113b7 Update default bundle to codeql-bundle-v2.21.0 2025-04-01 13:51:03 +00:00
dependabot[bot]
b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](1a615958ad...354a1ad156)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
Fotis Koutoulakis (@NlightNFotis)
01f1a1f2c9 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-03-31 16:29:02 +01:00
Chuan-kai Lin
efffb483ec Merge pull request #2831 from github/cklin/diff-informed-query-filtering 
Respect `exclude-from-incremental` query tag for diff-informed analysis
codeql-bundle-v2.21.0 		2025-03-31 08:00:50 -07:00
Fotis Koutoulakis (@NlightNFotis)
f21cf0bbd7 feat: reclassify InvalidSarifUploadError as a user-error when final status report is produced 2025-03-31 12:22:18 +01:00
Fotis Koutoulakis (@NlightNFotis)
72a2b1295e feat: classify some observed SARIF errors as InvalidSarifUploadError 2025-03-31 12:17:23 +01:00
Fotis Koutoulakis (@NlightNFotis)
a022653e2d feat: classify more HTTP errors as configuration errors in api-client 2025-03-31 11:54:16 +01:00