Skip to content

Bump github/codeql-action from 2.2.12 to 2.3.2 #3838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 28, 2023
Merged

Bump github/codeql-action from 2.2.12 to 2.3.2 #3838

merged 1 commit into from
Apr 28, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 28, 2023

Bumps github/codeql-action from 2.2.12 to 2.3.2.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.3.2 - 27 Apr 2023

No user facing changes.

2.3.1 - 26 Apr 2023

No user facing changes.

2.3.0 - 21 Apr 2023

  • Update default CodeQL bundle version to 2.13.0. #1649
  • Bump the minimum CodeQL bundle version to 2.8.5. #1618

2.2.12 - 13 Apr 2023

  • Include the value of the GITHUB_RUN_ATTEMPT environment variable in the telemetry sent to GitHub. #1640
  • Improve the ease of debugging failed runs configured using default setup. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the tool status page. #1619

2.2.11 - 06 Apr 2023

No user facing changes.

2.2.10 - 05 Apr 2023

  • Update default CodeQL bundle version to 2.12.6. #1629

2.2.9 - 27 Mar 2023

  • Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
    • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
    • The upload input to the analyze Action now accepts the following values:
      • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
      • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
      • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
      • The legacy true and false options will be interpreted as always and failure-only respectively.

2.2.8 - 22 Mar 2023

  • Update default CodeQL bundle version to 2.12.5. #1585

2.2.7 - 15 Mar 2023

No user facing changes.

... (truncated)

Commits
  • f3feb00 Merge pull request #1662 from github/update-v2.3.2-8b12d99ee
  • 1c9e206 Update changelog for v2.3.2
  • 8b12d99 Fix bug where run attempt was reported as run ID (#1661)
  • dcf71cf Merge pull request #1660 from github/mergeback/v2.3.1-to-main-8662eabe
  • 194450b Update checked-in dependencies
  • e78ef45 Update changelog and version after v2.3.1
  • 8662eab Merge pull request #1659 from github/update-v2.3.1-da583b07a
  • 1f2f707 Update changelog for v2.3.1
  • da583b0 Add workload_run_attempt to analysis upload (#1658)
  • a9648ea Throw full error for CLI bundle download (#1657)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/codeql-action from 2.2.12 to 2.3.2
f9ba1d8 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@7df0ce3...f3feb00)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added team Infra upgrades, team productivity, code health, technical debt. See also team: labels. team: infra Infrastructure like devicelab, Cirrus, or LUCI. labels Apr 28, 2023
@dependabot dependabot bot requested review from godofredoc and Hixie April 28, 2023 08:59
@dependabot dependabot bot mentioned this pull request Apr 28, 2023
Closed
@godofredoc godofredoc added the autosubmit Merge PR when tree becomes green via auto submit App label Apr 28, 2023
@auto-submit auto-submit bot merged commit 32a645b into main Apr 28, 2023
@auto-submit auto-submit bot deleted the dependabot/github_actions/github/codeql-action-2.3.2 branch April 28, 2023 18:17
sybrands-place pushed a commit to sybrands-place/packages that referenced this pull request May 1, 2023
Merge branch 'main' into webview_patchedv5
9965c00 
* main: (46 commits)
  [go_router] Cleans up route match API and introduces dart fix (flutter#3819)
  [camerax] Add `LifecycleOwner` Proxy (flutter#3837)
  [file_selector] Add getDirectoryPaths implementation for Windows (flutter#3704)
  [various] Update Android example min SDKs (flutter#3847)
  Bump github/codeql-action from 2.2.12 to 2.3.2 (flutter#3838)
  [camerax] Implement Image Streaming (flutter#3454)
  [various] update agp and gradle for all examples in packages (flutter#3822)
  Update xcode to 14c18 (flutter#3774)
  [camera_android] Add NV21 as an image stream format flutter#3277 (flutter#3639)
  [go_router] Remove unused navigator keys (flutter#3708)
  [image_picker] Move I/O operations to a separate thread (flutter#3506)
  [pigeon]: Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.8.20 to 1.8.21 in /packages/pigeon/platform_tests/test_plugin/android (flutter#3824)
  [pigeon] Reland: Add an initial example app (flutter#3832)
  Roll Flutter from c9004ff to 66fa4c5 (68 revisions) (flutter#3830)
  [various] Conditionalize the namespace in all Android plugins (flutter#3836)
  [in_app_pur]: Bump com.android.billingclient:billing from 5.1.0 to 5.2.0 in /packages/in_app_purchase/in_app_purchase_android/android (flutter#3672)
  [auick_action_ios] Retries multiple times to not fail ci when there is a flake (flutter#3823)
  Swap some iOS package CODEOWNERS (flutter#3793)
  [various] Add `targetCompatibility` to build.gradle (flutter#3825)
  [various] Set cmake_policy versions (flutter#3828)
  ...
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request May 1, 2023
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/flutter that referenced this pull request May 1, 2023
@engine-flutter-autoroll
32a645b Bump github/codeql-action from 2.2.12 to 2.3.2 (flutter/packa…
558cc61 
…ges#3838)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request May 1, 2023
Merged
engine-flutter-autoroll added a commit to engine-flutter-autoroll/flutter that referenced this pull request May 1, 2023
@engine-flutter-autoroll
32a645b Bump github/codeql-action from 2.2.12 to 2.3.2 (flutter/packa…
774a81f 
…ges#3838)
auto-submit bot pushed a commit to flutter/flutter that referenced this pull request May 1, 2023
@engine-flutter-autoroll
Roll Packages from 7e3f5da to de6131d (41 revisions) (#125811)
ff248d2 
Roll Packages from 7e3f5da to de6131d (41 revisions)

flutter/packages@7e3f5da...de6131d

2023-05-01 [email protected] I122213 update non examples (flutter/packages#3846)
2023-04-29 [email protected] [go_router] Cleans up route match API and introduces dart fix (flutter/packages#3819)
2023-04-29 [email protected] [camerax] Add `LifecycleOwner` Proxy (flutter/packages#3837)
2023-04-29 [email protected] [file_selector] Add getDirectoryPaths implementation for Windows (flutter/packages#3704)
2023-04-29 [email protected] [various] Update Android example min SDKs (flutter/packages#3847)
2023-04-28 49699333+dependabot[bot]@users.noreply.github.com Bump github/codeql-action from 2.2.12 to 2.3.2 (flutter/packages#3838)
2023-04-28 [email protected] [camerax] Implement Image Streaming (flutter/packages#3454)
2023-04-28 [email protected] [various] update agp and gradle for all examples in packages (flutter/packages#3822)
2023-04-28 [email protected] Update xcode to 14c18 (flutter/packages#3774)
2023-04-28 [email protected] [camera_android] Add NV21 as an image stream format #3277 (flutter/packages#3639)
2023-04-28 [email protected] [go_router] Remove unused navigator keys (flutter/packages#3708)
2023-04-28 [email protected] [image_picker] Move I/O operations to a separate thread (flutter/packages#3506)
2023-04-28 49699333+dependabot[bot]@users.noreply.github.com [pigeon]: Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.8.20 to 1.8.21 in /packages/pigeon/platform_tests/test_plugin/android (flutter/packages#3824)
2023-04-28 [email protected] [pigeon] Reland: Add an initial example app (flutter/packages#3832)
2023-04-28 [email protected] Roll Flutter from c9004ff to 66fa4c5 (68 revisions) (flutter/packages#3830)
2023-04-28 [email protected] [various] Conditionalize the namespace in all Android plugins (flutter/packages#3836)
2023-04-27 49699333+dependabot[bot]@users.noreply.github.com [in_app_pur]: Bump com.android.billingclient:billing from 5.1.0 to 5.2.0 in /packages/in_app_purchase/in_app_purchase_android/android (flutter/packages#3672)
2023-04-27 [email protected] [auick_action_ios] Retries multiple times to not fail ci when there is a flake (flutter/packages#3823)
2023-04-26 [email protected] Swap some iOS package CODEOWNERS (flutter/packages#3793)
2023-04-26 [email protected] [various] Add `targetCompatibility` to build.gradle (flutter/packages#3825)
2023-04-26 [email protected] [various] Set cmake_policy versions (flutter/packages#3828)
2023-04-26 [email protected] [path_provider] Allow `win32` up to version 4.x (flutter/packages#3820)
2023-04-26 [email protected] [tool] Move Android lint checks (flutter/packages#3816)
2023-04-25 [email protected] [google_maps_flutter_android] Fix Android lint warnings (flutter/packages#3751)
2023-04-25 49699333+dependabot[bot]@users.noreply.github.com [in_app_pur]: Bump androidx.annotation:annotation from 1.5.0 to 1.6.0 in /packages/in_app_purchase/in_app_purchase_android/android (flutter/packages#3381)
2023-04-25 [email protected] Update test golden images for the latest Skia roll (flutter/packages#3787)
2023-04-25 [email protected] [various] Adds Android namespace (flutter/packages#3791)
2023-04-25 [email protected] [shared_preferences] Update gradle/agp in example apps (flutter/packages#3809)
2023-04-24 [email protected] [go_router] Adds name to TypedGoRoute (flutter/packages#3702)
2023-04-22 [email protected] [webview_flutter] Adds support to receive permission requests (flutter/packages#3543)
2023-04-21 [email protected] [google_sign_in] Fix Android Java warnings (flutter/packages#3762)
2023-04-21 [email protected] [local_auth] Fix enum return on Android (flutter/packages#3780)
2023-04-21 [email protected] [pigeon] Warn when trying to use enums in collections (flutter/packages#3782)
2023-04-21 [email protected] [webview_flutter_android] [webview_flutter_wkwebview] Platform implementations for supporting permission requests (flutter/packages#3792)
2023-04-21 [email protected] [pigeon] Update for compatibility with a future change to the analyzer. (flutter/packages#3789)
2023-04-21 [email protected] [camera_android] Fix Android lint warnings  (flutter/packages#3716)
2023-04-21 [email protected] [webview_flutter_platform_interface] Adds method to receive permission requests (flutter/packages#3767)
2023-04-21 [email protected] [image_picker_ios] In unit test write and read kCGImagePropertyExifUserComment property (flutter/packages#3783)
2023-04-21 [email protected] [go_router_builder] Fixed the return value of the generated push method (flutter/packages#3650)
2023-04-21 [email protected] [image_picker] Mention `launchMode: singleInstance` in README (flutter/packages#3759)
2023-04-21 [email protected] Revert "[pigeon] Add an initial example app" (flutter/packages#3785)

If this roll has caused a breakage, revert this CL and stop the roller
using the controls here:
https://autoroll.skia.org/r/flutter-packages-flutter-autoroll
Please CC [email protected],[email protected] on the revert to ensure that a human
...
nploi pushed a commit to nploi/packages that referenced this pull request Jul 16, 2023
@dependabot @nploi
Bump github/codeql-action from 2.2.12 to 2.3.2 (flutter#3838)
031fda7 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
<li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li>
</ul>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/f3feb00acb00f31a6f60280e6ace9ca31d91c76a"><code>f3feb00</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1662">#1662</a> from github/update-v2.3.2-8b12d99ee</li>
<li><a href="https://github.com/github/codeql-action/commit/1c9e206df383bfc09ee3e171f439c1c17eec2e8f"><code>1c9e206</code></a> Update changelog for v2.3.2</li>
<li><a href="https://github.com/github/codeql-action/commit/8b12d99ee5a822a549eddd7b4d0fa8debbb5229e"><code>8b12d99</code></a> Fix bug where run attempt was reported as run ID (<a href="https://redirect.github.com/github/codeql-action/issues/1661">#1661</a>)</li>
<li><a href="https://github.com/github/codeql-action/commit/dcf71cf79bcf5f35de270a5eaece62a77b559094"><code>dcf71cf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1660">#1660</a> from github/mergeback/v2.3.1-to-main-8662eabe</li>
<li><a href="https://github.com/github/codeql-action/commit/194450bdd6b6d3ba51090467f99d0db4a9894718"><code>194450b</code></a> Update checked-in dependencies</li>
<li><a href="https://github.com/github/codeql-action/commit/e78ef455a83f42e33e3a5102cc2657468c126668"><code>e78ef45</code></a> Update changelog and version after v2.3.1</li>
<li><a href="https://github.com/github/codeql-action/commit/8662eabe0e9f338a07350b7fd050732745f93848"><code>8662eab</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1659">#1659</a> from github/update-v2.3.1-da583b07a</li>
<li><a href="https://github.com/github/codeql-action/commit/1f2f707d999190f10a1f8a336f3d6e7972cbf00a"><code>1f2f707</code></a> Update changelog for v2.3.1</li>
<li><a href="https://github.com/github/codeql-action/commit/da583b07a7c587e17604358c799ad8adf110f3e4"><code>da583b0</code></a> Add <code>workload_run_attempt</code> to analysis upload (<a href="https://redirect.github.com/github/codeql-action/issues/1658">#1658</a>)</li>
<li><a href="https://github.com/github/codeql-action/commit/a9648ea7c684e61497d9a56b7b560a9640298dce"><code>a9648ea</code></a> Throw full error for CLI bundle download (<a href="https://redirect.github.com/github/codeql-action/issues/1657">#1657</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...f3feb00acb00f31a6f60280e6ace9ca31d91c76a">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.12&new-version=2.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fluttergithubbot fluttergithubbot fluttergithubbot approved these changes

@godofredoc godofredoc godofredoc approved these changes

@Hixie Hixie Awaiting requested review from Hixie

Assignees
No one assigned
Labels
autosubmit Merge PR when tree becomes green via auto submit App team: infra Infrastructure like devicelab, Cirrus, or LUCI. team Infra upgrades, team productivity, code health, technical debt. See also team: labels.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fluttergithubbot @godofredoc