mirror of https://github.com/flutter/samples.git
Bump github/codeql-action from 2.2.12 to 2.3.0 (#1743)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li> </ul> <h2>2.2.9 - 27 Mar 2023</h2> <ul> <li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a> <ul> <li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li> <li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values: <ul> <li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li> <li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li> <li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li> <li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li> </ul> </li> </ul> </li> </ul> <h2>2.2.8 - 22 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li> </ul> <h2>2.2.7 - 15 Mar 2023</h2> <p>No user facing changes.</p> <h2>2.2.6 - 10 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.4. <a href="https://redirect.github.com/github/codeql-action/pull/1561">#1561</a></li> </ul> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="pull/1745/headb2c19fb9a2
"><code>b2c19fb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1655">#1655</a> from github/update-v2.3.0-a8affb063</li> <li><a href="b203f98343
"><code>b203f98</code></a> Update changelog for v2.3.0</li> <li><a href="a8affb0639
"><code>a8affb0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1649">#1649</a> from github/cklin/codeql-cli-2.13.0</li> <li><a href="b8cc643a23
"><code>b8cc643</code></a> Merge branch 'main' into cklin/codeql-cli-2.13.0</li> <li><a href="7019a9c6fd
"><code>7019a9c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1618">#1618</a> from github/henrymercer/remove-legacy-tracing</li> <li><a href="66f62df188
"><code>66f62df</code></a> Merge branch 'main' into henrymercer/remove-legacy-tracing</li> <li><a href="afdf30f311
"><code>afdf30f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1652">#1652</a> from github/henrymercer/fix-bundle-version</li> <li><a href="55a2e70992
"><code>55a2e70</code></a> Autoformat <code>index.ts</code></li> <li><a href="1c2f282107
"><code>1c2f282</code></a> Fix bundle version</li> <li><a href="9a866ed452
"><code>9a866ed</code></a> Bump swift-actions/setup-swift in /.github/actions/setup-swift (<a href="https://redirect.github.com/github/codeql-action/issues/1650">#1650</a>)</li> <li>Additional commits viewable in <a href="7df0ce3489...b2c19fb9a2
">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.12&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
parent
79ba199ce2
commit
90abaa2294
Loading…
Reference in new issue