DEV/flutter_flutter
1
0
Fork 0
mirror of https://github.com/flutter/flutter.git synced 2026-02-04 19:00:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
38,861 Commits 872 Branches 1,064 Tags
Commit Graph

157 Commits

Author SHA1 Message Date
dependabot[bot]
fac26c575d
Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#141803) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ability to overwrite an Artifact by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/501">actions/upload-artifact#501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.2.0">https://github.com/actions/upload-artifact/compare/v4...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="694cdabd8b"><code>694cdab</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/501">#501</a> from actions/robherley/overwrite-artifact</li>
<li><a href="05d4fe6702"><code>05d4fe6</code></a> run licensed against version that matches ci</li>
<li><a href="40b3052821"><code>40b3052</code></a> update readme</li>
<li><a href="49552fcb82"><code>49552fc</code></a> add overwrite tests to workflow</li>
<li><a href="79615904cc"><code>7961590</code></a> licensed cache</li>
<li><a href="11ff42c7b1"><code>11ff42c</code></a> add new overwrite input &amp; docs</li>
<li>See full diff in <a href="1eb3cb2b3e...694cdabd8b">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.1.0&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2024-01-18 22:21:03 +00:00
Xilai Zhang
6e39eb75a1
[github actions] Fix token issue on actions/checkout package (#141652) 
revision 01/17: instead of removing actions/checkout, keep actions/checkout but remove the `token` field and add `persist-credentials` field. tested with a [mirror script](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) and creates [expected pull request](https://github.com/flutter/flutter/pull/141730)

Issue: when running github actions, the [tokens not found error](https://github.com/actions/checkout/issues/298) still happens( `Input required and not supplied: token`). We are not using fork PR or dependabot, and it's flaky when the well defined token isn't find in the inputs. We hit this error when invoking [market place actions/checkout](https://github.com/actions/checkout): [example failed run 1](https://github.com/flutter/flutter/actions/runs/7546108771/job/20543199801), [example failed run 2](https://github.com/flutter/flutter/actions/runs/7546141972/job/20543265842)

In this PR, Remove the dependency on marketplace actions  to make our workflow more reliable and less flaky.

other changes to remove actions/checkout dependency:
1. embedded token url for git push
Tried a number of ways and this is the only / best workaround I found to resolve [the notorious problem of pushing without ssh key](https://stackoverflow.com/questions/22147574/github-fatal-could-not-read-username-for-https-github-com-no-such-file-o). 
2. added back `--head`
`--head` is now needed to avoid [abort](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548409479/job/20550397014)

Test: a [replicate of the actions file](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) is [tested](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548448024/job/20550521341) on my personal repo, and it creates the [expected PR](https://github.com/flutter/flutter/pull/141647)
 2024-01-18 18:48:00 +00:00
dependabot[bot]
a3c11cdc66
Bump github/codeql-action from 3.23.0 to 3.23.1 (#141715) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0b21cf2492"><code>0b21cf2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2089">#2089</a> from github/update-v3.23.1-f65ecd09c</li>
<li><a href="ae616145ed"><code>ae61614</code></a> Update changelog for v3.23.1</li>
<li><a href="f65ecd09c7"><code>f65ecd0</code></a> Only delete SARIF in PR check if not running on a fork  (<a href="https://redirect.github.com/github/codeql-action/issues/2084">#2084</a>)</li>
<li><a href="4d75a10efa"><code>4d75a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2073">#2073</a> from github/update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="e65c5d92f7"><code>e65c5d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2086">#2086</a> from github/dependabot/npm_and_yarn/npm-c0441c84d9</li>
<li><a href="6b12e3d9d9"><code>6b12e3d</code></a> Update checked-in dependencies</li>
<li><a href="e292db6207"><code>e292db6</code></a> Bump the npm group with 4 updates</li>
<li><a href="1fea7a57e7"><code>1fea7a5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="96531062ba"><code>9653106</code></a> Stop setting <code>CODEQL_RUNNER</code> environment variable if CLI already sets it (<a href="https://redirect.github.com/github/codeql-action/issues/2081">#2081</a>)</li>
<li><a href="eb14aeb61d"><code>eb14aeb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2080">#2080</a> from github/henrymercer/fix-unconditional-warning</li>
<li>Additional commits viewable in <a href="e5f05b81d5...0b21cf2492">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.23.0&new-version=3.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2024-01-17 21:53:07 +00:00
dependabot[bot]
6b91fcb20f
Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#141480) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add migrations docs by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/482">actions/upload-artifact#482</a></li>
<li>Update README.md by <a href="https://github.com/samuelwine"><code>@​samuelwine</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li>
<li>Support artifact-url output by <a href="https://github.com/konradpabjan"><code>@​konradpabjan</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/496">actions/upload-artifact#496</a></li>
<li>Update readme to reflect new 500 artifact per job limit by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/497">actions/upload-artifact#497</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/samuelwine"><code>@​samuelwine</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.1.0">https://github.com/actions/upload-artifact/compare/v4...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1eb3cb2b3e"><code>1eb3cb2</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/497">#497</a> from actions/robherley/update-readme-limit</li>
<li><a href="8688a86492"><code>8688a86</code></a> Update readme to reflect new artifact/job limit</li>
<li><a href="73d8b66ede"><code>73d8b66</code></a> Support artifact-url output (<a href="https://redirect.github.com/actions/upload-artifact/issues/496">#496</a>)</li>
<li><a href="c320f57948"><code>c320f57</code></a> Update README.md (<a href="https://redirect.github.com/actions/upload-artifact/issues/492">#492</a>)</li>
<li><a href="cf8714cfea"><code>cf8714c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/482">#482</a> from actions/robherley/add-migration-docs</li>
<li><a href="7f16e37e88"><code>7f16e37</code></a> add migrations docs</li>
<li><a href="353073034f"><code>3530730</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/468">#468</a> from actions/robherley/misc-updates</li>
<li><a href="6c139afa6f"><code>6c139af</code></a> update imports and old v4-beta references</li>
<li>See full diff in <a href="c7d193f32e...1eb3cb2b3e">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.0.0&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2024-01-12 22:30:57 +00:00
dependabot[bot]
a18ca800aa
Bump github/codeql-action from 3.22.11 to 3.23.0 (#141132) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.23.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e5f05b81d5"><code>e5f05b8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2066">#2066</a> from github/update-v3.23.0-fd55bb0b0</li>
<li><a href="48e7b8b751"><code>48e7b8b</code></a> Update changelog for v3.23.0</li>
<li><a href="fd55bb0b00"><code>fd55bb0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2065">#2065</a> from github/henrymercer/further-run-queries-cleanup</li>
<li><a href="838a022982"><code>838a022</code></a> Clean up running queries workflow now that the queries are determined by the CLI</li>
<li><a href="8516954d60"><code>8516954</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2062">#2062</a> from github/henrymercer/remove-action-config-parsing</li>
<li><a href="a533ec62b3"><code>a533ec6</code></a> Merge branch 'main' into henrymercer/remove-action-config-parsing</li>
<li><a href="08ae9bf4d0"><code>08ae9bf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2063">#2063</a> from github/henrymercer/remove-ml-powered-queries-repo</li>
<li><a href="58ff74adc3"><code>58ff74a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2031">#2031</a> from github/rasmuswl/no-dep-inst-default</li>
<li><a href="9926570d4c"><code>9926570</code></a> Generate JS</li>
<li><a href="2e27b3c56b"><code>2e27b3c</code></a> Create helper <code>isPythonDependencyInstallationDisabled</code></li>
<li>Additional commits viewable in <a href="b374143c11...e5f05b81d5">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.22.11&new-version=3.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2024-01-09 04:03:24 +00:00
Xilai Zhang
f0e616e2b1
[github actions] refactor and fix cherry pick actions (#140499) 
This PR makes the following changes:

1. Remove dependency on [peters/evans package](https://github.com/marketplace/actions/create-pull-request)<br>
The market place action introduces overheads that don't properly consume tokens. e.g. :[failed workflow that says token is not supplied](https://github.com/flutter/flutter/actions/runs/7282529195/job/19845096943)
This PR changes the market place action to git commands that we have full control over, provides better error msg for debug, and properly consumes token.

2. Align usage of tokens:<br>
All tokens in the workflow now uses flutter actions bot PAT token. From experiments, a mixed usage of different tokens in different steps sometimes cause the workflow to fail on authentication.

Tested: Tested with [a similar workflow on my personal repository](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml), and it produces the [expected cherry pick PR as end result](https://github.com/flutter/flutter/pull/140497)
 2024-01-03 23:08:59 +00:00
godofredoc
cf3760bce0
Update job permissions (#140476) 
Updates to use contents: write and pull-requests: write.

## Pre-launch Checklist

- [X] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [X] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [X] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [X] I signed the [CLA].
- [X] I listed at least one issue that this PR fixes in the description
above.
- [X] I updated/added relevant documentation (doc comments with `///`).
- [X] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [X] All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-new channel
on [Discord].

<!-- Links -->
[Contributor Guide]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#overview
[Tree Hygiene]: https://github.com/flutter/flutter/wiki/Tree-hygiene
[test-exempt]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[flutter/tests]: https://github.com/flutter/tests
[breaking change policy]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#handling-breaking-changes
[Discord]: https://github.com/flutter/flutter/wiki/Chat
 2023-12-20 14:59:24 -08:00
Xilai Zhang
62d699961f
[github actions] change minimal example workflow to be manually dispatched (#140435) 
This would allow easier testing of the minimal example.

Might need Github Admin power to trigger the manual dispatches.
 2023-12-20 04:59:27 +00:00
Xilai Zhang
e86b825819
[github actions] add minimal workflow to test token (#140363) 
Add a workflow that simply:
1. checkout repo
2. write a file
3. create a PR

This is used to verify the permissions and validity of the github token we use to create PR.
context: https://chat.google.com/room/AAAAc_4rqiI/Ck593Sg7mvs

If we think the triggering condition is complicated, I can also change this workflow to be manual dispatch, to make it truly minimal.
 2023-12-20 01:18:07 +00:00
Xilai Zhang
8c1d723d11
[github actions] use token from real user flutter mirror bot (#140191) 
sir @godofredoc pointed out that we should use a real user to create PRs with, and we already have one account with such credentials -- the mirror bot.
 2023-12-15 04:55:54 +00:00
dependabot[bot]
ea1e2dfa3e
Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#140177) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<p>The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.</p>
<p>For more information, see the <a href="https://github.com/actions/toolkit/tree/main/packages/artifact"><code>@​actions/artifact</code></a> documentation.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/464">actions/upload-artifact#464</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v4.0.0">https://github.com/actions/upload-artifact/compare/v3...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c7d193f32e"><code>c7d193f</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/466">#466</a> from actions/v4-beta</li>
<li><a href="13131bb095"><code>13131bb</code></a> licensed cache</li>
<li><a href="4a6c273b98"><code>4a6c273</code></a> Merge branch 'main' into v4-beta</li>
<li><a href="f391bb91a3"><code>f391bb9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/465">#465</a> from actions/robherley/v4-documentation</li>
<li><a href="9653d03c4b"><code>9653d03</code></a> Apply suggestions from code review</li>
<li><a href="875b630764"><code>875b630</code></a> add limitations section</li>
<li><a href="ecb21463e9"><code>ecb2146</code></a> add compression example</li>
<li><a href="5e7604f84a"><code>5e7604f</code></a> trim some repeated info</li>
<li><a href="d6437d0758"><code>d6437d0</code></a> naming</li>
<li><a href="1b56155703"><code>1b56155</code></a> s/v4-beta/v4/g</li>
<li>Additional commits viewable in <a href="a8a3f3ad30...c7d193f32e">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3.1.3&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-14 22:34:21 +00:00
dependabot[bot]
cea2726be8
Bump github/codeql-action from 2.22.10 to 3.22.11 (#140087) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b374143c11"><code>b374143</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2034">#2034</a> from github/update-v3.22.11-64e61baea</li>
<li><a href="e2b5cc75ce"><code>e2b5cc7</code></a> Update changelog for v3.22.11</li>
<li><a href="64e61baeac"><code>64e61ba</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2006">#2006</a> from github/nickfyson/node-20</li>
<li><a href="c757f9f6de"><code>c757f9f</code></a> Apply suggestions from code review</li>
<li><a href="7898bc2041"><code>7898bc2</code></a> add pr check for node version consistency</li>
<li><a href="6b5b958063"><code>6b5b958</code></a> remove dedundant single quotes from node version strings</li>
<li><a href="ea1e72c669"><code>ea1e72c</code></a> Update .github/workflows/pr-checks.yml</li>
<li><a href="b974542e9f"><code>b974542</code></a> Merge branch 'main' into nickfyson/node-20</li>
<li><a href="b995212303"><code>b995212</code></a> Bump the actions group with 2 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2024">#2024</a>)</li>
<li><a href="3c1878d8f9"><code>3c1878d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2029">#2029</a> from github/mergeback/v2.22.10-to-main-305f6546</li>
<li>Additional commits viewable in <a href="305f654631...b374143c11">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.10&new-version=3.22.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-14 00:19:44 +00:00
dependabot[bot]
3da9bc1698
Bump github/codeql-action from 2.22.9 to 2.22.10 (#140003) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="305f654631"><code>305f654</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2028">#2028</a> from github/update-v2.22.10-fe23b5a3e</li>
<li><a href="31e94d8cb1"><code>31e94d8</code></a> Update changelog for v2.22.10</li>
<li><a href="fe23b5a3e1"><code>fe23b5a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2016">#2016</a> from github/update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="183559cea8"><code>183559c</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="382a50a028"><code>382a50a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2021">#2021</a> from github/mergeback/v2.22.9-to-main-c0d1daa7</li>
<li><a href="458b4226ad"><code>458b422</code></a> Update checked-in dependencies</li>
<li><a href="5e0f9dbc48"><code>5e0f9db</code></a> Update changelog and version after v2.22.9</li>
<li><a href="b6dc4ba94b"><code>b6dc4ba</code></a> Add changelog note</li>
<li><a href="1c3b8c867b"><code>1c3b8c8</code></a> Update default bundle to codeql-bundle-v2.15.4</li>
<li>See full diff in <a href="c0d1daa7f7...305f654631">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.9&new-version=2.22.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-12 21:59:10 +00:00
Xilai Zhang
32c7c310db
[github actions] Automate Flutter Chery Picks (#139524) 
**design doc: go/easy-cp**
umbrella design doc: go/flutter-actions
umbrella bug: https://github.com/flutter/flutter/issues/139604 

**Sample Results**:
1. If cherry pick succeeds, a pull request with cherry pick template and label is created.
https://github.com/flutter/flutter/pull/139523
2. If cherry pick fails, a comment is added under the original Pull Request.
https://github.com/flutter/cocoon/pull/3305

In tests, [7d9010](7d9010c357) was used to simulate a clean cherry pick, and [cf71a5](cf71a55f7d) was used to simulate a merge conflict during cherry pick.

**Implementation Details:**
1. triggered when 'cp: beta' or 'cp:stable' label is added to the original PR
4. parses release channel and gets release candidate branch name
5. get commit sha from event payload
6. checks out framework repo and revision history
7. Attempt a cherry pick without any resolution strategy
8. If cp is successful, uses a PR template to open a pull request. 
9. If cp isn't successful, leave a comment on the original PR.

**PR template**
Since PR template doesn't support web form, the cherry pick PR template we used is https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/template/cherrypick.md, which is adapted from the [web form cherry pick issue template](https://cs.opensource.google/flutter/flutter/+/master:.github/ISSUE_TEMPLATE/7_cherry_pick.yml).
This PR template should be reviewed and added to be under the .github path in framework repository. 

**Decisions Taken**
1. place of source code
I put the source code under the framework repository. Acknowledges the risk of duplication of code, in favor of not needing to package and publish our own actions to market place.
more details in [open discussions section of design doc](https://docs.google.com/document/d/1EUyJ9NCAltxJq3P3pIzIRVF2ArPUO4cj_eqIUvzl8cw/edit#heading=h.e3zrsz9gwxmp)

2. Resolution strategy
No resolution strategy is applied at all during the cherry pick process. [more details](https://docs.google.com/document/d/1EUyJ9NCAltxJq3P3pIzIRVF2ArPUO4cj_eqIUvzl8cw/edit#heading=h.3za1b9qx6pi2)

**Future Work**
A PAT token is needed for authorization to create branch and add comment. We would need to create a new bot and update its credentials in the secrets section of flutter/flutter repository.
 2023-12-12 01:41:58 +00:00
dependabot[bot]
45a4c7a432
Bump github/codeql-action from 2.22.6 to 2.22.9 (#139767) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 2.22.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c0d1daa7f7"><code>c0d1daa</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2020">#2020</a> from github/update-v2.22.9-e1d1fad1b</li>
<li><a href="c6e24c94be"><code>c6e24c9</code></a> Update changelog for v2.22.9</li>
<li><a href="e1d1fad1b8"><code>e1d1fad</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2014">#2014</a> from github/nickfyson/update-release-process</li>
<li><a href="0e9a210226"><code>0e9a210</code></a> update workflows to run on all release branches</li>
<li><a href="47e90f23ea"><code>47e90f2</code></a> Merge branch 'main' into nickfyson/update-release-process</li>
<li><a href="ee748cf360"><code>ee748cf</code></a> respond to more review comments</li>
<li><a href="57932be6d4"><code>57932be</code></a> remove unused function</li>
<li><a href="a6ea3c5a45"><code>a6ea3c5</code></a> define backport commit message in constant</li>
<li><a href="3537bea580"><code>3537bea</code></a> Apply suggestions from code review</li>
<li><a href="3675be0110"><code>3675be0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2017">#2017</a> from cklin/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a href="689fdc5193...c0d1daa7f7">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.6&new-version=2.22.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-07 22:22:52 +00:00
Drew Roen
a82ae2322d
Update labeler version, fix yaml to work with v5 (#139564) 
This fixes https://github.com/flutter/flutter/issues/139511

* A bug has been fixed with `sync-labels`, meaning this needs to be a boolean now. Setting to `true` to match v4 logic.
* in `labeler.yml`, all labels must be a list of globs, so updated them all to be a list of `any`.
* Update the version to v5

This is a little annoying to test, since the way github actions works means that changes to workflows aren't run until after they are merged. A workaround is I forked these labeler changes to a new branch in my own repo and created a PR to merge to that branch, seen here: https://github.com/drewroengoogle/flutter/actions/runs/7102118110/job/19331743809?pr=2. Note the step `Run actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9` which ensures we are running on the latest labeler version in that check.
 2023-12-05 16:22:56 +00:00
auto-submit[bot]
b278f0f1bf
Reverts "Bump actions/labeler from 4.3.0 to 5.0.0" (#139534) 
Reverts flutter/flutter#139506
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@​joshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@​dusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@​sungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@​TrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
  - changed-files: 
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
    - AllGlobsToAllFiles: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files:
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.3.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-05 03:00:26 +00:00
auto-submit[bot]
5422af7481
Reverts "Update sync-labels to use boolean" (#139533) 
Reverts flutter/flutter#139516
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
https://github.com/actions/labeler/issues/112 has been fixed, and now requires boolean to be used. 

Related infra issue that this fixes: https://github.com/flutter/flutter/issues/139511
 2023-12-05 02:57:17 +00:00
Drew Roen
e1a2bb376a
Update sync-labels to use boolean (#139516) 
https://github.com/actions/labeler/issues/112 has been fixed, and now requires boolean to be used. 

Related infra issue that this fixes: https://github.com/flutter/flutter/issues/139511
 2023-12-04 23:30:17 +00:00
dependabot[bot]
bbe980cfe8
Bump actions/labeler from 4.3.0 to 5.0.0 (#139506) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@​joshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@​dusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@​sungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@​TrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
  - changed-files: 
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
    - AllGlobsToAllFiles: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files:
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.3.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-12-04 22:11:01 +00:00
dependabot[bot]
106667eb4b
Bump dessant/lock-threads from 5.0.0 to 5.0.1 (#138921) 
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.0 to 5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p>
<h2><a href="https://github.com/dessant/lock-threads/compare/v5.0.0...v5.0.1">5.0.1</a> (2023-11-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>support filtering threads by labels with spaces (<a href="0a63678232">0a63678</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/40">#40</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Discussions are also processed by default,
set the <code>process-only</code> input parameter to preserve the old behavior</li>
</ul>
<pre lang="yaml"><code>    steps:
      - uses: dessant/lock-threads@v5
        with:
          process-only: 'issues, prs'
</code></pre>
<ul>
<li>the action now requires Node.js 20</li>
</ul>
<h3>Features</h3>
<ul>
<li>lock discussions (<a href="0a0976f3de">0a0976f</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/25">#25</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="5a25b54eae">5a25b54</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1bf7ec2505"><code>1bf7ec2</code></a> chore(release): 5.0.1</li>
<li><a href="adf4aa5f8a"><code>adf4aa5</code></a> chore: update package</li>
<li><a href="0a63678232"><code>0a63678</code></a> fix: support filtering threads by labels with spaces</li>
<li>See full diff in <a href="d42e5f4980...1bf7ec2505">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dessant/lock-threads&package-manager=github_actions&previous-version=5.0.0&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-11-22 22:15:57 +00:00
dependabot[bot]
391908929a
Bump dessant/lock-threads from 4.0.1 to 5.0.0 (#138437) 
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4.0.1 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p>
<h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Discussions are also processed by default,
set the <code>process-only</code> input parameter to preserve the old behavior</li>
</ul>
<pre lang="yaml"><code>    steps:
      - uses: dessant/lock-threads@v5
        with:
          process-only: 'issues, prs'
</code></pre>
<ul>
<li>the action now requires Node.js 20</li>
</ul>
<h3>Features</h3>
<ul>
<li>lock discussions (<a href="0a0976f3de">0a0976f</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/25">#25</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="5a25b54eae">5a25b54</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="38e9185581">38e9185</a>)</li>
<li>update docs (<a href="32986e2696">32986e2</a>)</li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a> (2021-09-27)</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d42e5f4980"><code>d42e5f4</code></a> chore(release): 5.0.0</li>
<li><a href="d8da6c1485"><code>d8da6c1</code></a> chore: update package</li>
<li><a href="c1eab4b45f"><code>c1eab4b</code></a> chore: update workflow</li>
<li><a href="0a0976f3de"><code>0a0976f</code></a> feat: lock discussions</li>
<li><a href="53f3f0c0b9"><code>53f3f0c</code></a> chore: migrate package to ESM</li>
<li><a href="5a25b54eae"><code>5a25b54</code></a> fix: update dependencies</li>
<li>See full diff in <a href="be8aa5be94...d42e5f4980">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dessant/lock-threads&package-manager=github_actions&previous-version=4.0.1&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-11-14 22:40:06 +00:00
dependabot[bot]
72080e6048
Bump github/codeql-action from 2.22.5 to 2.22.6 (#138438) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 2.22.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">&quot;CodeQL code scanning deprecates ML-powered alerts.&quot;</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="689fdc5193"><code>689fdc5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1990">#1990</a> from github/update-v2.22.6-8c8c7b4d8</li>
<li><a href="33bfd1de92"><code>33bfd1d</code></a> Update changelog for v2.22.6</li>
<li><a href="8c8c7b4d80"><code>8c8c7b4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1979">#1979</a> from github/aeisenberg/python-on-mac</li>
<li><a href="64981bbb5a"><code>64981bb</code></a> Merge branch 'main' into aeisenberg/python-on-mac</li>
<li><a href="e280207df7"><code>e280207</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1978">#1978</a> from github/update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="e46740a99e"><code>e46740a</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="6abf8569a1"><code>6abf856</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1984">#1984</a> from github/aeisenberg/fix-debug-integration-tests</li>
<li><a href="59252d9bfb"><code>59252d9</code></a> Update setup-swift deficiency compensation</li>
<li><a href="dcf348a0d3"><code>dcf348a</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="82284f1b28"><code>82284f1</code></a> Fix failing workflows</li>
<li>Additional commits viewable in <a href="74483a38d3...689fdc5193">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.5&new-version=2.22.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-11-14 22:25:00 +00:00
auto-submit[bot]
591e10bb46
Reverts "Use no-response from cocoon." (#138042) 
Reverts flutter/flutter#138037
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
Migrate no-response to the version imported in cocoon.
 2023-11-07 22:46:19 +00:00
godofredoc
a68d3c3b02
Use no-response from cocoon. (#138037) 
Migrate no-response to the version imported in cocoon.
 2023-11-07 22:11:56 +00:00
dependabot[bot]
ea6aea9823
Bump github/codeql-action from 2.22.4 to 2.22.5 (#137450) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">&quot;CodeQL code scanning deprecates ML-powered alerts.&quot;</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="74483a38d3"><code>74483a3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1972">#1972</a> from github/update-v2.22.5-2d5ffa777</li>
<li><a href="2ba6829f2b"><code>2ba6829</code></a> Update changelog for v2.22.5</li>
<li><a href="2d5ffa7773"><code>2d5ffa7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1970">#1970</a> from github/henrymercer/clean-up-init-logs</li>
<li><a href="14d0fa93b4"><code>14d0fa9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1967">#1967</a> from github/henrymercer/enable-features-on-ghes</li>
<li><a href="5744b13b66"><code>5744b13</code></a> Rebuild Action</li>
<li><a href="f3b55862ea"><code>f3b5586</code></a> Check out the right branch in <code>rebuild.yml</code></li>
<li><a href="95c219819d"><code>95c2198</code></a> Add a log in the OK case</li>
<li><a href="e8e83c3a56"><code>e8e83c3</code></a> Merge branch 'main' into henrymercer/enable-features-on-ghes</li>
<li><a href="c7abe9ca5f"><code>c7abe9c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1971">#1971</a> from github/henrymercer/bot-rebuild</li>
<li><a href="3fc281e079"><code>3fc281e</code></a> Add workflow to rebuild the Action on a label</li>
<li>Additional commits viewable in <a href="49abf0ba24...74483a38d3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.4&new-version=2.22.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-27 21:48:57 +00:00
dependabot[bot]
88ebc26a59
Bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#137103) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1282">ossf/scorecard-action#1282</a>
<ul>
<li>Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the  <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.1">v4.13.1</a> release notes</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1">https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1</a></p>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1270">ossf/scorecard-action#1270</a>
<ul>
<li>For a full changelist of what this includes, see the <a href="https://github.com/ossf/scorecard/releases/tag/v4.12.0">v4.12.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.0">v4.13.0</a> release notes</li>
</ul>
</li>
<li> Send rekor tlog index to webapp when publishing results by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1169">ossf/scorecard-action#1169</a></li>
<li>🐛 Prevent url clipping for GHES instances by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1225">ossf/scorecard-action#1225</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>📖 Update access rights needed to see the results in code scanning by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1229">ossf/scorecard-action#1229</a></li>
<li>📖 Add package comments. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1221">ossf/scorecard-action#1221</a></li>
<li>📖 Add SECURITY.md file by <a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li>📖 Fix typo in token input docs by <a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li><a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0">https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0864cf1902"><code>0864cf1</code></a> 🌱 Bump docker tag to for v2.3.1 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1284">#1284</a>)</li>
<li><a href="72df3bff66"><code>72df3bf</code></a> 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1282">#1282</a>)</li>
<li><a href="0ea411f94a"><code>0ea411f</code></a> 🌱 Bump the docker-images group with 1 update (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1281">#1281</a>)</li>
<li><a href="dbfd042453"><code>dbfd042</code></a> 🌱 Bump the github-actions group with 1 update (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1280">#1280</a>)</li>
<li><a href="2fa1e2fa15"><code>2fa1e2f</code></a> 🌱 Bump golang.org/x/net from 0.16.0 to 0.17.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1278">#1278</a>)</li>
<li><a href="652ddd06c8"><code>652ddd0</code></a> 🌱 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1277">#1277</a>)</li>
<li><a href="28d0c92b8b"><code>28d0c92</code></a> 🌱 Group Dependabot updates for GitHub Actions and Dockerfiles (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1276">#1276</a>)</li>
<li><a href="cb50491a46"><code>cb50491</code></a> 🌱 Bump distroless/base from <code>a35b652</code> to <code>b31a6e0</code> (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1275">#1275</a>)</li>
<li><a href="87157ac77d"><code>87157ac</code></a> 🌱 Bump github/codeql-action from 2.21.9 to 2.22.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1274">#1274</a>)</li>
<li><a href="7c1648b23e"><code>7c1648b</code></a> 🌱 Bump step-security/harden-runner from 2.5.1 to 2.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1273">#1273</a>)</li>
<li>Additional commits viewable in <a href="08b4669551...0864cf1902">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-23 23:13:12 +00:00
dependabot[bot]
9beb98aabf
Bump github/codeql-action from 2.22.3 to 2.22.4 (#136985) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">&quot;CodeQL code scanning deprecates ML-powered alerts.&quot;</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="49abf0ba24"><code>49abf0b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1961">#1961</a> from github/update-v2.22.4-63470275e</li>
<li><a href="907abca61b"><code>907abca</code></a> Update changelog for v2.22.4</li>
<li><a href="63470275e7"><code>6347027</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1953">#1953</a> from github/update-bundle/codeql-bundle-v2.15.1</li>
<li><a href="b98a636a6b"><code>b98a636</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.1</li>
<li><a href="4a368f64ad"><code>4a368f6</code></a> Add announcement on Node 16 deprecation (<a href="https://redirect.github.com/github/codeql-action/issues/1960">#1960</a>)</li>
<li><a href="77bbb99abd"><code>77bbb99</code></a> Bump urllib3 in /python-setup/tests/poetry/python-3.8 (<a href="https://redirect.github.com/github/codeql-action/issues/1957">#1957</a>)</li>
<li><a href="a75a0d5716"><code>a75a0d5</code></a> Bump urllib3 in /python-setup/tests/poetry/requests-3 (<a href="https://redirect.github.com/github/codeql-action/issues/1956">#1956</a>)</li>
<li><a href="aa55b87f87"><code>aa55b87</code></a> Bump urllib3 in /python-setup/tests/pipenv/requests-3 (<a href="https://redirect.github.com/github/codeql-action/issues/1955">#1955</a>)</li>
<li><a href="b6b0833c3d"><code>b6b0833</code></a> Bump urllib3 in /python-setup/tests/pipenv/python-3.8 (<a href="https://redirect.github.com/github/codeql-action/issues/1954">#1954</a>)</li>
<li><a href="0132448784"><code>0132448</code></a> Add changelog note</li>
<li>Additional commits viewable in <a href="0116bc2df5...49abf0ba24">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.3&new-version=2.22.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-20 22:32:02 +00:00
dependabot[bot]
380520d41d
Bump actions/checkout from 3.6.0 to 4.1.1 (#136762) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update CODEOWNERS to Launch team by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1510">actions/checkout#1510</a></li>
<li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1510">actions/checkout#1510</a></li>
<li><a href="https://github.com/peterbe"><code>@​peterbe</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.1.1">https://github.com/actions/checkout/compare/v4...v4.1.1</a></p>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md for V4 by <a href="https://github.com/sivapalan"><code>@​sivapalan</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1452">actions/checkout#1452</a></li>
<li>Add support for partial checkout filters by <a href="https://github.com/finleygn"><code>@​finleygn</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1396">actions/checkout#1396</a></li>
<li>Prepare 4.1.0 release by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1496">actions/checkout#1496</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/sivapalan"><code>@​sivapalan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1452">actions/checkout#1452</a></li>
<li><a href="https://github.com/finleygn"><code>@​finleygn</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1396">actions/checkout#1396</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.0.0...v4.1.0">https://github.com/actions/checkout/compare/v4.0.0...v4.1.0</a></p>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node20 by <a href="https://github.com/takost"><code>@​takost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li>
<li>Support fetching without the --progress option by <a href="https://github.com/simonbaird"><code>@​simonbaird</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li>
<li>Release 4.0.0 by <a href="https://github.com/takost"><code>@​takost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1447">actions/checkout#1447</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/takost"><code>@​takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li>
<li><a href="https://github.com/simonbaird"><code>@​simonbaird</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v4.0.0">https://github.com/actions/checkout/compare/v3...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1067">Support fetching without the --progress option</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1436">Update to node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth &gt; 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@​actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@​actions/io</code> to 1.1.2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@​actions/core</code> <code>saveState</code> and <code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b4ffde65f4"><code>b4ffde6</code></a> Link to release page from what's new section (<a href="https://redirect.github.com/actions/checkout/issues/1514">#1514</a>)</li>
<li><a href="8530928916"><code>8530928</code></a> Correct link to GitHub Docs (<a href="https://redirect.github.com/actions/checkout/issues/1511">#1511</a>)</li>
<li><a href="7cdaf2fbc0"><code>7cdaf2f</code></a> Update CODEOWNERS to Launch team (<a href="https://redirect.github.com/actions/checkout/issues/1510">#1510</a>)</li>
<li><a href="8ade135a41"><code>8ade135</code></a> Prepare 4.1.0 release (<a href="https://redirect.github.com/actions/checkout/issues/1496">#1496</a>)</li>
<li><a href="c533a0a4cf"><code>c533a0a</code></a> Add support for partial checkout filters (<a href="https://redirect.github.com/actions/checkout/issues/1396">#1396</a>)</li>
<li><a href="72f2cec99f"><code>72f2cec</code></a> Update README.md for V4 (<a href="https://redirect.github.com/actions/checkout/issues/1452">#1452</a>)</li>
<li><a href="3df4ab11eb"><code>3df4ab1</code></a> Release 4.0.0 (<a href="https://redirect.github.com/actions/checkout/issues/1447">#1447</a>)</li>
<li><a href="8b5e8b7687"><code>8b5e8b7</code></a> Support fetching without the --progress option (<a href="https://redirect.github.com/actions/checkout/issues/1067">#1067</a>)</li>
<li><a href="97a652b800"><code>97a652b</code></a> Update default runtime to node20 (<a href="https://redirect.github.com/actions/checkout/issues/1436">#1436</a>)</li>
<li>See full diff in <a href="f43a0e5ff2...b4ffde65f4">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.6.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-17 22:15:11 +00:00
dependabot[bot]
5f9965cf6f
Bump github/codeql-action from 2.22.0 to 2.22.3 (#136563) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">&quot;CodeQL code scanning deprecates ML-powered alerts.&quot;</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li>
</ul>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0116bc2df5"><code>0116bc2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1947">#1947</a> from github/update-v2.22.3-82ba90b1d</li>
<li><a href="f5a984b113"><code>f5a984b</code></a> Update changelog for v2.22.3</li>
<li><a href="82ba90b1d9"><code>82ba90b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1945">#1945</a> from github/henrymercer/authenticate-api-url</li>
<li><a href="34f97d7a16"><code>34f97d7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1944">#1944</a> from github/henrymercer/sublanguage-file-coverage-fixes</li>
<li><a href="74442e0a95"><code>74442e0</code></a> Add changelog note</li>
<li><a href="bd32fab74f"><code>bd32fab</code></a> Provide token when downloading from GHES API</li>
<li><a href="b584cf8321"><code>b584cf8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1922">#1922</a> from github/nora/add-commit-sha-to-database-upload</li>
<li><a href="761255a4a3"><code>761255a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1943">#1943</a> from github/mergeback/v2.22.2-to-main-d90b8d79</li>
<li><a href="346d5c4b07"><code>346d5c4</code></a> Test sub-language file coverage in file baseline information check</li>
<li><a href="5950d13564"><code>5950d13</code></a> Enable sub-language file coverage in <code>interpret-results</code> too</li>
<li>Additional commits viewable in <a href="2cb752a87e...0116bc2df5">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.22.0&new-version=2.22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-13 22:35:18 +00:00
dependabot[bot]
bc31514434
Bump github/codeql-action from 2.21.6 to 2.22.0 (#136095) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.6 to 2.22.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">&quot;CodeQL code scanning deprecates ML-powered alerts.&quot;</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li>
</ul>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
<li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li>
</ul>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="2cb752a87e"><code>2cb752a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1924">#1924</a> from github/update-v2.22.0-3f7850a17</li>
<li><a href="e50f53baa1"><code>e50f53b</code></a> Add changelog note for tracing Go 1.21</li>
<li><a href="0a65c007f6"><code>0a65c00</code></a> Update changelog for v2.22.0</li>
<li><a href="3f7850a179"><code>3f7850a</code></a> Improve downloading log message (<a href="https://redirect.github.com/github/codeql-action/issues/1920">#1920</a>)</li>
<li><a href="27235304e0"><code>2723530</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1923">#1923</a> from github/henrymercer/fix-resolve-environment-aliases</li>
<li><a href="8f0e8b0890"><code>8f0e8b0</code></a> Tweak language parsing to improve clarity</li>
<li><a href="f243294ab7"><code>f243294</code></a> Extend PR check to test <code>resolve-environment</code> works with language alias</li>
<li><a href="1ea6a10947"><code>1ea6a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1909">#1909</a> from github/mbg/go-1.21-workaround</li>
<li><a href="e26ed57a22"><code>e26ed57</code></a> Defer language aliasing to CLI when appropriate</li>
<li><a href="0ac7669167"><code>0ac7669</code></a> Fix using <code>resolve-environment</code> Action with language aliases</li>
<li>Additional commits viewable in <a href="701f152f28...2cb752a87e">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.6&new-version=2.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-10-06 22:15:19 +00:00
dependabot[bot]
04ad1da1ae
Bump github/codeql-action from 2.21.5 to 2.21.6 (#134692) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
<li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li>
</ul>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="701f152f28"><code>701f152</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1875">#1875</a> from github/update-v2.21.6-6a6a82470</li>
<li><a href="1b6299040a"><code>1b62990</code></a> Fix misplaced changelog entry</li>
<li><a href="5462f69153"><code>5462f69</code></a> Update changelog for v2.21.6</li>
<li><a href="6a6a824702"><code>6a6a824</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1873">#1873</a> from github/update-bundle/codeql-bundle-v2.14.4</li>
<li><a href="88c7a5c4cc"><code>88c7a5c</code></a> Add changelog note</li>
<li><a href="da65035498"><code>da65035</code></a> Update default bundle to codeql-bundle-v2.14.4</li>
<li><a href="43750fe4fc"><code>43750fe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1872">#1872</a> from github/henrymercer/user-errors-for-upload-sarif</li>
<li><a href="a7c12a5225"><code>a7c12a5</code></a> Address PR comments</li>
<li><a href="7218de5369"><code>7218de5</code></a> Merge branch 'main' into henrymercer/user-errors-for-upload-sarif</li>
<li><a href="4764dce02f"><code>4764dce</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1866">#1866</a> from github/henrymercer/enable-scaling-reserved-ram-...</li>
<li>Additional commits viewable in <a href="00e563ead9...701f152f28">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.5&new-version=2.21.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-09-13 22:28:23 +00:00
dependabot[bot]
cf1968aa66
Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#134173) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v3.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(github): remove trailing whitespaces by <a href="https://github.com/ljmf00"><code>@​ljmf00</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/313">actions/upload-artifact#313</a></li>
<li>Bump <code>@​actions/artifact</code> version to v1.1.2 by <a href="https://github.com/bethanyj28"><code>@​bethanyj28</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/436">actions/upload-artifact#436</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v3.1.3">https://github.com/actions/upload-artifact/compare/v3...v3.1.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a8a3f3ad30"><code>a8a3f3a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/436">#436</a> from bethanyj28/main</li>
<li><a href="7b48769c03"><code>7b48769</code></a> update dependency cache</li>
<li><a href="66630398df"><code>6663039</code></a> update dist/index.js</li>
<li><a href="55e76b779d"><code>55e76b7</code></a> bump <code>@​actions/artifact</code> version</li>
<li><a href="65d862660a"><code>65d8626</code></a> chore(github): remove trailing whitespaces (<a href="https://redirect.github.com/actions/upload-artifact/issues/313">#313</a>)</li>
<li>See full diff in <a href="0b7f8abb15...a8a3f3ad30">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-09-06 22:18:54 +00:00
dependabot[bot]
c046627482
Bump github/codeql-action from 2.21.4 to 2.21.5 (#133504) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="00e563ead9"><code>00e563e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1858">#1858</a> from github/update-v2.21.5-100912429</li>
<li><a href="7323c2ac6b"><code>7323c2a</code></a> Update changelog for v2.21.5</li>
<li><a href="100912429f"><code>1009124</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1845">#1845</a> from github/update-bundle/codeql-bundle-v2.14.3</li>
<li><a href="a2d14d32b8"><code>a2d14d3</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.3</li>
<li><a href="ff9cb435df"><code>ff9cb43</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1853">#1853</a> from github/igfoo/kot1.9.10</li>
<li><a href="2f913c1249"><code>2f913c1</code></a> npm run build</li>
<li><a href="7dab60079b"><code>7dab600</code></a> Put upper limit on the CodeQL versions for which we override the Kotlin limit</li>
<li><a href="862b2cf102"><code>862b2cf</code></a> Add a changelog entry for the Kotlin 1.9.10 support</li>
<li><a href="070dd05edd"><code>070dd05</code></a> npm run build</li>
<li><a href="ff95d147d6"><code>ff95d14</code></a> Kotlin: Fix lint</li>
<li>Additional commits viewable in <a href="a09933a12a...00e563ead9">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.4&new-version=2.21.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-08-28 21:59:11 +00:00
dependabot[bot]
d387f551a7
Bump actions/checkout from 3.5.3 to 3.6.0 (#133281) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Mark test scripts with Bash'isms to be run via Bash by <a href="https://github.com/dscho"><code>@​dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1377">actions/checkout#1377</a></li>
<li>Add option to fetch tags even if fetch-depth &gt; 0 by <a href="https://github.com/RobertWieczoreck"><code>@​RobertWieczoreck</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li>
<li>Release 3.6.0 by <a href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/RobertWieczoreck"><code>@​RobertWieczoreck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li>
<li><a href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.3...v3.6.0">https://github.com/actions/checkout/compare/v3.5.3...v3.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.6.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth &gt; 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@​actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@​actions/io</code> to 1.1.2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@​actions/core</code> <code>saveState</code> and <code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f43a0e5ff2"><code>f43a0e5</code></a> Release 3.6.0 (<a href="https://redirect.github.com/actions/checkout/issues/1437">#1437</a>)</li>
<li><a href="7739b9ba2e"><code>7739b9b</code></a> Add option to fetch tags even if fetch-depth &gt; 0 (<a href="https://redirect.github.com/actions/checkout/issues/579">#579</a>)</li>
<li><a href="96f53100ba"><code>96f5310</code></a> Mark test scripts with Bash'isms to be run via Bash (<a href="https://redirect.github.com/actions/checkout/issues/1377">#1377</a>)</li>
<li>See full diff in <a href="c85c95e3d7...f43a0e5ff2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.5.3&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-08-24 22:25:25 +00:00
dependabot[bot]
99dd6b4972
Bump github/codeql-action from 2.21.3 to 2.21.4 (#132525) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a09933a12a"><code>a09933a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1838">#1838</a> from github/update-v2.21.4-492a68c32</li>
<li><a href="37116fb629"><code>37116fb</code></a> Fix positioning of bundle update changelog note</li>
<li><a href="c613917766"><code>c613917</code></a> Update changelog for v2.21.4</li>
<li><a href="492a68c323"><code>492a68c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1836">#1836</a> from github/henrymercer/analysis-summary-v2-ff</li>
<li><a href="ac49314877"><code>ac49314</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1834">#1834</a> from github/henrymercer/analysis-summary-v2-ff</li>
<li><a href="ac35d7a02d"><code>ac35d7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1835">#1835</a> from github/henrymercer/language-baseline-config</li>
<li><a href="d03c744ad6"><code>d03c744</code></a> Don't pass <code>--no-</code> flag as it doesn't exist yet</li>
<li><a href="a0407a8c60"><code>a0407a8</code></a> Add changelog note for rollout</li>
<li><a href="8a7b2e9c9b"><code>8a7b2e9</code></a> Enable language specific baselines via feature flag</li>
<li><a href="9a510d9b07"><code>9a510d9</code></a> Rename new analysis summary feature flag</li>
<li>Additional commits viewable in <a href="5b6282e01c...a09933a12a">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.3&new-version=2.21.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-08-14 23:04:10 +00:00
dependabot[bot]
9b261a7700
Bump github/codeql-action from 2.21.2 to 2.21.3 (#132165) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="5b6282e01c"><code>5b6282e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1829">#1829</a> from github/update-v2.21.3-f9a7c6738</li>
<li><a href="f0f7a35b85"><code>f0f7a35</code></a> Add changenote for Lombok rollout</li>
<li><a href="dda4ed3db4"><code>dda4ed3</code></a> Update changelog for v2.21.3</li>
<li><a href="f9a7c6738f"><code>f9a7c67</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1827">#1827</a> from github/dependabot/npm_and_yarn/npm-5103036bd1</li>
<li><a href="31b9dd18d4"><code>31b9dd1</code></a> Update checked-in dependencies</li>
<li><a href="7e2f56aae3"><code>7e2f56a</code></a> Bump the npm group with 3 updates</li>
<li><a href="878ae4a749"><code>878ae4a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1823">#1823</a> from github/henrymercer/setup-swift-more-consistent</li>
<li><a href="63602c0f72"><code>63602c0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1824">#1824</a> from github/henrymercer/cli-notifications-fix</li>
<li><a href="66dc883276"><code>66dc883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1826">#1826</a> from github/henrymercer/increase-reserved-scaling-fa...</li>
<li><a href="2203178090"><code>2203178</code></a> Increase scaling factor for reserved RAM to 5%</li>
<li>Additional commits viewable in <a href="0ba4244466...5b6282e01c">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.2&new-version=2.21.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-08-08 23:24:14 +00:00
dependabot[bot]
dc4ab0f5df
Bump google/mirror-branch-action from 1.0 to 2.0 (#126600) 
Bumps [google/mirror-branch-action](https://github.com/google/mirror-branch-action) from 1.0 to 2.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="30c52ee21f"><code>30c52ee</code></a> Update dependencies.</li>
<li><a href="4544d8a090"><code>4544d8a</code></a> Update deprecated action environment</li>
<li><a href="884625cd18"><code>884625c</code></a> Bump node-fetch from 2.6.0 to 2.6.1</li>
<li><a href="d9fb13d47a"><code>d9fb13d</code></a> Bump <code>@​actions/core</code> from 1.2.4 to 1.2.6</li>
<li><a href="4083f5d474"><code>4083f5d</code></a> Unify placeholders in README.md</li>
<li><a href="394f8d4604"><code>394f8d4</code></a> Bump lodash from 4.17.15 to 4.17.19 (<a href="https://redirect.github.com/google/mirror-branch-action/issues/3">#3</a>)</li>
<li><a href="5d7016e8e9"><code>5d7016e</code></a> The sample <code>uses:</code> line should reference <a href="https://github.com/v1"><code>@​v1</code></a>.0 (<a href="https://redirect.github.com/google/mirror-branch-action/issues/1">#1</a>)</li>
<li>See full diff in <a href="c6b07e441a...30c52ee21f">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/mirror-branch-action&package-manager=github_actions&previous-version=1.0&new-version=2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
 2023-08-02 07:40:14 +00:00
dependabot[bot]
e8ebbfa2a8
Bump dessant/lock-threads from 4.0.0 to 4.0.1 (#128741) 
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4.0.0 to 4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="38e9185581">38e9185</a>)</li>
<li>update docs (<a href="32986e2696">32986e2</a>)</li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a> (2021-09-27)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>
<p>input parameter names have changed</p>
<p>Rename the following input parameters when upgrading from v2 to v3:</p>
<ul>
<li><code>issue-lock-inactive-days</code> --&gt; <code>issue-inactive-days</code></li>
<li><code>issue-exclude-created-before</code> --&gt; <code>exclude-issue-created-before</code></li>
<li><code>issue-exclude-labels</code> --&gt; <code>exclude-any-issue-labels</code></li>
<li><code>issue-lock-labels</code> --&gt; <code>add-issue-labels</code></li>
<li><code>issue-lock-comment</code> --&gt; <code>issue-comment</code></li>
<li><code>pr-lock-inactive-days</code> --&gt; <code>pr-inactive-days</code></li>
<li><code>pr-exclude-created-before</code> --&gt; <code>exclude-pr-created-before</code></li>
<li><code>pr-exclude-labels</code> --&gt; <code>exclude-any-pr-labels</code></li>
<li><code>pr-lock-labels</code> --&gt; <code>add-pr-labels</code></li>
<li><code>pr-lock-comment</code> --&gt; <code>pr-comment</code></li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>add new filtering and labeling options, update input parameter names (<a href="26fd836f96">26fd836</a>)</li>
<li>allow manual triggering (<a href="a0c7da3065">a0c7da3</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v2.1.1...v2.1.2">2.1.2</a> (2021-08-17)</h3>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="be8aa5be94"><code>be8aa5b</code></a> chore(release): 4.0.1</li>
<li><a href="52f040d195"><code>52f040d</code></a> chore: update package</li>
<li><a href="1618e91da6"><code>1618e91</code></a> fix: retry and throttle GitHub API requests</li>
<li><a href="bec0993a56"><code>bec0993</code></a> chore: remove graduated preview header</li>
<li><a href="20ec7bbb28"><code>20ec7bb</code></a> chore: update dependencies</li>
<li><a href="b1f967d833"><code>b1f967d</code></a> chore: rename default branch</li>
<li>See full diff in <a href="c1b35aecc5...be8aa5be94">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dessant/lock-threads&package-manager=github_actions&previous-version=4.0.0&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
 2023-08-02 07:29:08 +00:00
dependabot[bot]
9c184d475b
Bump codecov/codecov-action from 3.1.3 to 3.1.4 (#126885) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to 18.16.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/970">codecov/codecov-action#970</a></li>
<li>Fix typo in README.md by <a href="https://github.com/hisaac"><code>@​hisaac</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li>
<li>fix: add back in working dir by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/971">codecov/codecov-action#971</a></li>
<li>fix: CLI option names for uploader by <a href="https://github.com/kleisauke"><code>@​kleisauke</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.16.3 to 20.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/975">codecov/codecov-action#975</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to 20.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/979">codecov/codecov-action#979</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to 20.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/981">codecov/codecov-action#981</a></li>
<li>release: 3.1.4 by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/983">codecov/codecov-action#983</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hisaac"><code>@​hisaac</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li>
<li><a href="https://github.com/kleisauke"><code>@​kleisauke</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4">https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a> Fix typo in README.md</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a> fix: add back in working dir</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a> fix: CLI option names for uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to 18.16.3</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a> build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to 20.1.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a> build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to 20.1.4</li>
</ul>
<h2>3.1.3</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a> fix: allow for aarch64 build</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a> build(deps): bump openpgp from 5.7.0 to 5.8.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.10 to 18.15.12</li>
</ul>
<h2>3.1.2</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a> Update README.md</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a> Remove unsupported path_to_write_report argument</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a> codeql-analysis.yml</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a> Update README to contain correct information - inputs and negate feature</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a> fix: add in all the extra arguments for uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a> build(deps): bump openpgp from 5.4.0 to 5.5.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a> build(deps): bump node-fetch from 3.2.4 to 3.2.10</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a> build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a> build(deps): bump <code>@​actions/github</code> from 5.0.3 to 5.1.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a> build(deps): bump node-fetch from 3.2.10 to 3.3.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a> build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a> build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/889">#889</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/895">#895</a> build(deps): bump json5 from 2.2.1 to 2.2.3</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/896">#896</a> build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/900">#900</a> build(deps-dev): bump <code>@​vercel/ncc</code> from 0.34.0 to 0.36.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/905">#905</a> build(deps-dev): bump typescript from 4.7.4 to 4.9.5</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/911">#911</a> build(deps-dev): bump <code>@​types/node</code> from 16.11.40 to 18.13.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/922">#922</a> build(deps-dev): bump <code>@​types/node</code> from 18.13.0 to 18.14.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/924">#924</a> build(deps): bump openpgp from 5.5.0 to 5.7.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/927">#927</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.0 to 18.14.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/933">#933</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.2 to 18.14.6</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/937">#937</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.6 to 18.15.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/938">#938</a> build(deps): bump node-fetch from 3.3.0 to 3.3.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/945">#945</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.0 to 18.15.5</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="eaaf4bedf3"><code>eaaf4be</code></a> release: 3.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/983">#983</a>)</li>
<li><a href="c2ab9ab2e1"><code>c2ab9ab</code></a> build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to 20.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a>)</li>
<li><a href="49c20db375"><code>49c20db</code></a> build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to 20.1.2 (<a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a>)</li>
<li><a href="cf8e3e4262"><code>cf8e3e4</code></a> build(deps-dev): bump <code>@​types/node</code> from 18.16.3 to 20.1.0 (<a href="https://redirect.github.com/codecov/codecov-action/issues/975">#975</a>)</li>
<li><a href="1c34415a06"><code>1c34415</code></a> fix: CLI option names for uploader (<a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a>)</li>
<li><a href="b4dfea724f"><code>b4dfea7</code></a> fix: add back in working dir (<a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a>)</li>
<li><a href="5bf250470e"><code>5bf2504</code></a> Fix typo in README.md (<a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a>)</li>
<li><a href="1dd0ce34be"><code>1dd0ce3</code></a> build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to 18.16.3 (<a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a>)</li>
<li>See full diff in <a href="894ff025c7...eaaf4bedf3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
 2023-08-02 06:57:35 +00:00
dependabot[bot]
0693d14bb2
Bump github/codeql-action from 2.21.0 to 2.21.2 (#131512) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0ba4244466"><code>0ba4244</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1813">#1813</a> from github/update-v2.21.2-10c6bfee1</li>
<li><a href="a9a416c8f4"><code>a9a416c</code></a> Update changelog for v2.21.2</li>
<li><a href="10c6bfee12"><code>10c6bfe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1811">#1811</a> from github/henrymercer/print-summary-once</li>
<li><a href="feea86eed3"><code>feea86e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1810">#1810</a> from github/henrymercer/ci/use-platform-specific-bun...</li>
<li><a href="2e6f8c08c1"><code>2e6f8c0</code></a> Add changelog note</li>
<li><a href="8342844ea7"><code>8342844</code></a> Only print the analysis summary once</li>
<li><a href="679aac1b20"><code>679aac1</code></a> Use platform specific bundles in PR checks</li>
<li><a href="de6681ceb7"><code>de6681c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1797">#1797</a> from github/update-bundle/codeql-bundle-v2.14.1</li>
<li><a href="f6fe5c5c70"><code>f6fe5c5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.1</li>
<li><a href="62762170e1"><code>6276217</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1808">#1808</a> from github/mergeback/v2.21.1-to-main-6ca1aa8c</li>
<li>Additional commits viewable in <a href="1813ca74c3...0ba4244466">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.21.0&new-version=2.21.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-29 01:17:50 +00:00
dependabot[bot]
910e87eb73
Bump github/codeql-action from 2.20.4 to 2.21.0 (#130941) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1813ca74c3"><code>1813ca7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1791">#1791</a> from github/update-v2.21.0-6ae46f7a9</li>
<li><a href="6843540876"><code>6843540</code></a> Update changelog for v2.21.0</li>
<li><a href="6ae46f7a92"><code>6ae46f7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1790">#1790</a> from github/henrymercer/aborted-user-error</li>
<li><a href="0cae69e062"><code>0cae69e</code></a> Report user errors in the abort stage appropriately</li>
<li><a href="d2ed0a05b6"><code>d2ed0a0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1786">#1786</a> from github/dependabot/npm_and_yarn/npm-0a410f26d2</li>
<li><a href="651d09131a"><code>651d091</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1788">#1788</a> from github/henrymercer/fix-feature-flag-usage</li>
<li><a href="e0f0892f83"><code>e0f0892</code></a> Add tests for new analysis summary feature flag</li>
<li><a href="27d3b2f857"><code>27d3b2f</code></a> Fix scaling reserved RAM feature flag naming</li>
<li><a href="da4e0a06c0"><code>da4e0a0</code></a> Fix CodeQL version checks</li>
<li><a href="e266801e21"><code>e266801</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="489225d82a...1813ca74c3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.20.4&new-version=2.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-19 22:51:25 +00:00
Casey Hillers
ab14a5c356
[labeler] Mark sync-labels as empty (#130642) 
https://github.com/flutter/flutter/issues/128440

Recommendation from https://github.com/actions/labeler/issues/112#issuecomment-1136485391
 2023-07-18 18:19:23 +00:00
dependabot[bot]
7064b4e935
Bump github/codeql-action from 2.2.9 to 2.20.4 (#130618) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.20.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.14.0</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.0">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0"><code>github/codeql@codeql-cli/v2.14.0</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.5</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.5">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5"><code>github/codeql@codeql-cli/v2.13.5</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.4</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
<li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="489225d82a"><code>489225d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1777">#1777</a> from github/update-v2.20.4-a148c5807</li>
<li><a href="1b6383d6be"><code>1b6383d</code></a> Update changelog for v2.20.4</li>
<li><a href="a148c58075"><code>a148c58</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1776">#1776</a> from github/aeisenberg/changelog-releases</li>
<li><a href="50527c5dba"><code>50527c5</code></a> Add link to releases page in changelog</li>
<li><a href="814b2edab6"><code>814b2ed</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1762">#1762</a> from github/update-bundle/codeql-bundle-v2.14.0</li>
<li><a href="d2baed4b69"><code>d2baed4</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.0</li>
<li><a href="c5526174a5"><code>c552617</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1774">#1774</a> from github/dependabot/npm_and_yarn/npm-a34e423e98</li>
<li><a href="c1f49580cf"><code>c1f4958</code></a> Fix dependency incompatibilities</li>
<li><a href="40a500c743"><code>40a500c</code></a> Update checked-in dependencies</li>
<li><a href="4fad06f438"><code>4fad06f</code></a> Bump the npm group with 21 updates</li>
<li>Additional commits viewable in <a href="04df1262e6...489225d82a">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.20.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-14 23:00:50 +00:00
dependabot[bot]
6865bb4c9b
Bump actions/labeler from 4.2.0 to 4.3.0 (#130291) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, the ability to specify pull request number(s) was added by <a href="https://github.com/credfeto"><code>@​credfeto</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/349">actions/labeler#349</a>.</p>
<p>Support for reading from the configuration file presented on the runner was added by <a href="https://github.com/lrstanley"><code>@​lrstanley</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/394">actions/labeler#394</a>. It allows you to use a configuration file generated during workflow run or uploaded from a separate repository.</p>
<p>Please refer to the <a href="https://github.com/actions/labeler#inputs">action documentation</a> for more information.</p>
<p>This release also includes the following changes:</p>
<ul>
<li>Improved Error message for missing config file by <a href="https://github.com/Gornoka"><code>@​Gornoka</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/475">actions/labeler#475</a></li>
<li>Early exit when no files are changed by <a href="https://github.com/nathanhammond"><code>@​nathanhammond</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/456">actions/labeler#456</a></li>
<li>Add examples to match all repo files by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/600">actions/labeler#600</a></li>
<li>Fix a typo in the example about using the action outputs by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/606">actions/labeler#606</a></li>
<li>Bump eslint from 8.43.0 to 8.44.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/601">actions/labeler#601</a></li>
<li>Bump <code>@​typescript-eslint/parser</code> from 5.60.1 to 5.61.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/602">actions/labeler#602</a></li>
<li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.1 to 5.61.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/604">actions/labeler#604</a></li>
<li>Bump tough-cookie from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/609">actions/labeler#609</a></li>
<li>Bump <code>@​octokit/plugin-retry</code> from 5.0.4 to 5.0.5 by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/610">actions/labeler#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/credfeto"><code>@​credfeto</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/349">actions/labeler#349</a></li>
<li><a href="https://github.com/lrstanley"><code>@​lrstanley</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/394">actions/labeler#394</a></li>
<li><a href="https://github.com/nathanhammond"><code>@​nathanhammond</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/456">actions/labeler#456</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v4.3.0">https://github.com/actions/labeler/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ac9175f8a1"><code>ac9175f</code></a> Bump <code>@​octokit/plugin-retry</code> from 5.0.4 to 5.0.5 (<a href="https://redirect.github.com/actions/labeler/issues/610">#610</a>)</li>
<li><a href="7542ec79bb"><code>7542ec7</code></a> Bump tough-cookie from 4.1.2 to 4.1.3 (<a href="https://redirect.github.com/actions/labeler/issues/609">#609</a>)</li>
<li><a href="be13bbd1b7"><code>be13bbd</code></a> Early exit when no files are changed. (<a href="https://redirect.github.com/actions/labeler/issues/456">#456</a>)</li>
<li><a href="994304c5d5"><code>994304c</code></a> feat(config): support reading from local file if it exists (<a href="https://redirect.github.com/actions/labeler/issues/394">#394</a>)</li>
<li><a href="327d35fdca"><code>327d35f</code></a> Added ability to pass in an optional PR number as a parameter (<a href="https://redirect.github.com/actions/labeler/issues/349">#349</a>)</li>
<li><a href="65f306b6dd"><code>65f306b</code></a> Fix a typo in the example about using the action outputs (<a href="https://redirect.github.com/actions/labeler/issues/606">#606</a>)</li>
<li><a href="b669025b7c"><code>b669025</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.1 to 5.61.0 (<a href="https://redirect.github.com/actions/labeler/issues/604">#604</a>)</li>
<li><a href="52979ba0af"><code>52979ba</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.60.1 to 5.61.0 (<a href="https://redirect.github.com/actions/labeler/issues/602">#602</a>)</li>
<li><a href="5bea1458bb"><code>5bea145</code></a> Bump eslint from 8.43.0 to 8.44.0 (<a href="https://redirect.github.com/actions/labeler/issues/601">#601</a>)</li>
<li><a href="a212485147"><code>a212485</code></a> Add examples to match all repo files (<a href="https://redirect.github.com/actions/labeler/issues/600">#600</a>)</li>
<li>Additional commits viewable in <a href="0967ca812e...ac9175f8a1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-10 23:23:12 +00:00
godofredoc
732429e35b
Revert no-response to fork. (#129775) 
The core action is not scaling well for the # of Prs and bugs of the flutter project.

Bug: https://github.com/flutter/flutter/issues/129771
 2023-06-30 04:20:09 +00:00
dependabot[bot]
15513f2c73
Bump actions/labeler from 4.1.0 to 4.2.0 (#129797) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.1.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<p>In the scope of this release, the following outputs were added by <a href="https://github.com/danielsht86"><code>@​danielsht86</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/60">#60</a>:</p>
<ul>
<li><code>new-labels</code> - a comma-separated string that contains all newly added labels.</li>
<li><code>all-labels</code> - a comma-separated string that contains all labels currently assigned to the PR.</li>
</ul>
<p>For detailed information, please refer to our <a href="0967ca812e (outputs)">updated documentation</a>.</p>
<p>The issue of encountering an <code>HttpError: Server Error</code> when adding more than 50 labels has been successfully resolved by <a href="https://github.com/markmssd"><code>@​markmssd</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/497">#497</a>. However, it's important to note that the GitHub API imposes a limit of 100 labels. To ensure smooth operation, a warning message that will alert you if the number of labels exceeds this limit was implemented. From this point forward, if more than 100 labels are specified, only the first 100 will be assigned.</p>
<p>The error handling for the <code>Resource not accessible by integration</code> error was added by <a href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/405">#405</a>. Now, if the workflow is misconfigured, the labeler provides a clear warning and guidance for correction.</p>
<p>This release also includes the following changes:</p>
<ul>
<li>Warn about the limitations of GitHub tokens by <a href="https://github.com/dfandrich"><code>@​dfandrich</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/491">actions/labeler#491</a></li>
<li>Improve readme by <a href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/589">actions/labeler#589</a></li>
<li>Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/591">actions/labeler#591</a></li>
<li>Bump eslint from 8.42.0 to 8.43.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/592">actions/labeler#592</a></li>
<li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.0 to 5.60.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/598">actions/labeler#598</a></li>
<li>Bump <code>@​typescript-eslint/parser</code> from 5.60.0 to 5.60.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/597">actions/labeler#597</a></li>
<li>Bump <code>@​octokit/plugin-retry</code> from 5.0.2 to 5.0.4 by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/599">actions/labeler#599</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dfandrich"><code>@​dfandrich</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/491">actions/labeler#491</a></li>
<li><a href="https://github.com/markmssd"><code>@​markmssd</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/497">actions/labeler#497</a></li>
<li><a href="https://github.com/danielsht86"><code>@​danielsht86</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/60">actions/labeler#60</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v4.2.0">https://github.com/actions/labeler/compare/v4...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0967ca812e"><code>0967ca8</code></a> Added output (<a href="https://redirect.github.com/actions/labeler/issues/60">#60</a>)</li>
<li><a href="375538a703"><code>375538a</code></a> Bump <code>@​octokit/plugin-retry</code> from 5.0.2 to 5.0.4 (<a href="https://redirect.github.com/actions/labeler/issues/599">#599</a>)</li>
<li><a href="8d17e8ac4c"><code>8d17e8a</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.60.0 to 5.60.1 (<a href="https://redirect.github.com/actions/labeler/issues/597">#597</a>)</li>
<li><a href="9d45a7438f"><code>9d45a74</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.0 to 5.60.1 (<a href="https://redirect.github.com/actions/labeler/issues/598">#598</a>)</li>
<li><a href="130636aba5"><code>130636a</code></a> Bump eslint from 8.42.0 to 8.43.0 (<a href="https://redirect.github.com/actions/labeler/issues/592">#592</a>)</li>
<li><a href="54aeabf7b5"><code>54aeabf</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.59.11 to 5.60.0 (<a href="https://redirect.github.com/actions/labeler/issues/593">#593</a>)</li>
<li><a href="899595ff01"><code>899595f</code></a> Bump eslint-plugin-jest from 27.2.1 to 27.2.2 (<a href="https://redirect.github.com/actions/labeler/issues/591">#591</a>)</li>
<li><a href="8056174ee0"><code>8056174</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.11 to 5.60.0 (<a href="https://redirect.github.com/actions/labeler/issues/594">#594</a>)</li>
<li><a href="7a202e6428"><code>7a202e6</code></a> fix: Limit number of labels added to 100 (<a href="https://redirect.github.com/actions/labeler/issues/497">#497</a>)</li>
<li><a href="b5ff161cf0"><code>b5ff161</code></a> Explain misconfigured workflow (<a href="https://redirect.github.com/actions/labeler/issues/405">#405</a>)</li>
<li>Additional commits viewable in <a href="9fcb2c2f55...0967ca812e">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.1.0&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-06-29 23:19:39 +00:00
Ricardo Amador
264526db87
Revert "Update labeler.yml to v5.0.0-beta.1" (#129673) 
Reverts flutter/flutter#129617
 2023-06-27 22:05:28 +00:00
Casey Hillers
b359e9072f
Update labeler.yml to v5.0.0-beta.1 (#129617) 
https://github.com/flutter/flutter/issues/128440
 2023-06-27 17:52:04 +00:00
godofredoc
9f1809b578
Fix syntax error in no-response (#129588) 
The comma needs to be enclosed in the quotes.


## Pre-launch Checklist

- [X] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [X] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [X] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [X] I signed the [CLA].
- [X] I listed at least one issue that this PR fixes in the description
above.
- [X] I updated/added relevant documentation (doc comments with `///`).
- [X] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [X] All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-new channel
on [Discord].

<!-- Links -->
[Contributor Guide]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#overview
[Tree Hygiene]: https://github.com/flutter/flutter/wiki/Tree-hygiene
[test-exempt]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[flutter/tests]: https://github.com/flutter/tests
[breaking change policy]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#handling-breaking-changes
[Discord]: https://github.com/flutter/flutter/wiki/Chat
 2023-06-26 16:22:55 -07:00