github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 09:10:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,174 Commits 297 Branches 500 Tags
codeql-bundle-20220128
Commit Graph

171 Commits

Author SHA1 Message Date
Edoardo Pirovano
5643f45615 Merge branch 'main' into dependabot/npm_and_yarn/query-string-7.0.1 2021-07-27 22:31:33 +01:00
Edoardo Pirovano
fb65207e91 Merge branch 'main' into dependabot/npm_and_yarn/query-string-7.0.1 2021-07-27 21:46:54 +01:00
Edoardo Pirovano
fde64716e1 Merge branch 'main' into dependabot/npm_and_yarn/js-yaml-4.1.0 2021-07-27 20:33:28 +01:00
Edoardo Pirovano
04e8743013 Merge branch 'main' into dependabot/npm_and_yarn/types/node-16.4.3 2021-07-27 20:15:15 +01:00
dependabot[bot]
8536203ad8 Bump @types/node from 12.12.14 to 16.4.3 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.12.14 to 16.4.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 19:00:10 +00:00
dependabot[bot]
5a7f86f625 Bump query-string from 6.14.0 to 7.0.1 
Bumps [query-string](https://github.com/sindresorhus/query-string) from 6.14.0 to 7.0.1.
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](https://github.com/sindresorhus/query-string/compare/v6.14.0...v7.0.1)

---
updated-dependencies:
- dependency-name: query-string
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 19:00:01 +00:00
dependabot[bot]
dbb1b44b8f Bump @types/sinon from 7.5.2 to 10.0.2 
Bumps [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) from 7.5.2 to 10.0.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon)

---
updated-dependencies:
- dependency-name: "@types/sinon"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 18:59:55 +00:00
dependabot[bot]
07578cd9e7 Bump @octokit/types from 5.5.0 to 6.21.1 
Bumps [@octokit/types](https://github.com/octokit/types.ts) from 5.5.0 to 6.21.1.
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](https://github.com/octokit/types.ts/compare/v5.5.0...v6.21.1)

---
updated-dependencies:
- dependency-name: "@octokit/types"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 18:59:49 +00:00
dependabot[bot]
cec3af8bb0 Bump js-yaml from 3.13.1 to 4.1.0 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.13.1 to 4.1.0.
- [Release notes](https://github.com/nodeca/js-yaml/releases)
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.13.1...4.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 18:59:42 +00:00
Edoardo Pirovano
ddd2696b4e Merge branch 'main' into dependabot/npm_and_yarn/eslint-plugin-github-4.1.5 2021-07-27 19:20:07 +01:00
Edoardo Pirovano
8c3255bc78 Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 19:01:17 +01:00
Edoardo Pirovano
df6f81e49c Merge branch 'main' into dependabot/npm_and_yarn/nock-13.1.1 2021-07-27 18:41:59 +01:00
Edoardo Pirovano
70f5789ed2 Merge branch 'main' into dependabot/npm_and_yarn/actions/http-client-1.0.11 2021-07-27 18:18:44 +01:00
Edoardo Pirovano
99afdfbfbd Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 18:14:25 +01:00
dependabot[bot]
9ce2456348 Bump typescript from 3.7.5 to 4.3.5 
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 3.7.5 to 4.3.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v3.7.5...v4.3.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:52:03 +00:00
dependabot[bot]
3ab5d6d4d6 Bump @actions/exec from 1.0.1 to 1.1.0 
Bumps [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/@actions/core@1.1.0/packages/exec)

---
updated-dependencies:
- dependency-name: "@actions/exec"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:54 +00:00
dependabot[bot]
35f1961385 Bump nock from 12.0.3 to 13.1.1 
Bumps [nock](https://github.com/nock/nock) from 12.0.3 to 13.1.1.
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v12.0.3...v13.1.1)

---
updated-dependencies:
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:47 +00:00
dependabot[bot]
6b0d45a5c6 Bump eslint-plugin-github from 4.1.1 to 4.1.5 
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.1.1 to 4.1.5.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.1.1...v4.1.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:39 +00:00
dependabot[bot]
4867598089 Bump @actions/http-client from 1.0.8 to 1.0.11 
Bumps [@actions/http-client](https://github.com/actions/http-client) from 1.0.8 to 1.0.11.
- [Release notes](https://github.com/actions/http-client/releases)
- [Changelog](https://github.com/actions/http-client/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/http-client/commits)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:17 +00:00
github-actions[bot]
fb19072237 Update checked-in dependencies 2021-07-27 08:53:06 +00:00
github-actions[bot]
c4e99325d0 1.0.9 2021-07-26 23:35:55 +00:00
Edoardo Pirovano
934fb86c58 Address PR comments from @robertbrignull 2021-07-26 14:47:03 +01:00
github-actions[bot]
63603427ef 1.0.8 2021-07-21 14:22:34 +00:00
github-actions[bot]
01b1510da2 1.0.7 2021-07-19 09:32:59 +00:00
Andrew Eisenberg
ae97d8f96d Fix dependabot vulnerabilities 
This adds some forced resolutions to ensure that vulnerable versions
of packages are not installed.
 2021-07-14 14:40:10 -07:00
github-actions[bot]
92df23808d 1.0.6 2021-07-12 23:03:41 +00:00
github-actions[bot]
5c3c29fd3f 1.0.5 2021-06-28 15:23:49 +00:00
Andrew Eisenberg
c5434c91d8 Merge branch 'main' into csharp-loc 2021-06-23 16:22:14 -07:00
Edoardo Pirovano
68b68732c6 Fix C# line counting and add test 2021-06-23 23:39:44 +01:00
Andrew Eisenberg
c98b43187d Merge branch 'main' into mergeback/v1.0.3-to-main-cf6e0194 2021-06-23 08:08:49 -07:00
github-actions[bot]
1496843315 1.0.4 2021-06-23 14:56:35 +00:00
Chris Gavin
476f13ea18 Upgrade Actions Tool Cache. 2021-06-23 14:28:33 +01:00
github-actions[bot]
4954c371d1 1.0.3 2021-06-17 18:01:57 +00:00
github-actions[bot]
fbb9046bf6 1.0.2 2021-06-07 20:59:15 +00:00
Edoardo Pirovano
0cbd4b56d3 Add some dependencies for uploading artifacts 2021-06-02 10:32:48 +01:00
Andrew Eisenberg
539d968ad7 Use commander preAction hook for setMode 
Hooks are new to commander v8. We can use hooks to ensure that `setMode`
is called before every command is invoked.
 2021-06-01 11:17:49 -07:00
Andrew Eisenberg
f0e82b7d63 1.0.1 2021-05-31 10:56:52 -07:00
Andrew Eisenberg
8566f9b061 Add a changelog 
Adds an empty changelog file and a reminder to update it when opening
pull requests.

Also, adds a 1.0.0 version number in the package.json, which is what
we _could_ use for version numbering.
 2021-05-19 15:19:36 -07:00
Andrew Eisenberg
ddcb299283 Update loc count library 
This version will count lines of code in each file serially. It still
runs all file system operations asynchronously. The only difference now
is that it will only count one file at a time. It is slower, but it
is able to count large repositories without running out of memory.
 2021-05-12 16:33:05 -07:00
Andrew Eisenberg
489dbb0e02 Fix security vulnerabilities 
Ran `npm audit fix`.

Even though this fixes a "high" severity vulnerability, all affected
packages are dev packages only.
 2021-05-10 10:14:48 -07:00
Andrew Eisenberg
5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
Andrew Eisenberg
b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Andrew Eisenberg
c4a84a93d4 Add the github-linguist package 
This commit only adds a single package and all of its transitive
dependencies. The github-linguist package will be used for counting
lines of code as a baseline for databases we are analyzing.
 2021-04-22 15:59:49 -07:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
dependabot[bot]
d0b1259bbe Bump y18n from 4.0.0 to 4.0.1 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-31 22:46:11 +00:00
Chris Gavin
f8c5dacab5 Also look for the CodeQL bundle at the custom GitHub AE endpoint. 2021-02-15 19:41:41 +00:00
Chris Gavin
d182a0e3aa Fix deduplication of bundle download sources. 2021-01-26 16:56:43 +00:00
dependabot[bot]
46c74bba1d Bump ini from 1.3.5 to 1.3.8 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-12-12 17:32:00 +00:00
Chris Gavin
726cfc8441 Ensure unqualified program names are present on PATH before executing them. 2020-11-18 22:20:13 +00:00
Chris Raynor
0907cd5a41 Merge branch 'main' into cbraynor/fix201 2020-10-05 10:35:27 +01:00