mirror of
https://github.com/flutter/flutter.git
synced 2026-02-20 02:29:02 +08:00
170 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
b476e9674e
|
Bump github/codeql-action from 3.24.3 to 3.24.4 (#143971)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.24.4 - 21 Feb 2024</h2> <ul> <li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li> <li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li> </ul> <h2>3.24.3 - 15 Feb 2024</h2> <ul> <li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li> </ul> <h2>3.24.2 - 15 Feb 2024</h2> <ul> <li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li> </ul> <h2>3.24.1 - 13 Feb 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li> <li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li> </ul> <h2>3.24.0 - 02 Feb 2024</h2> <ul> <li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li> </ul> <h2>3.23.2 - 26 Jan 2024</h2> <ul> <li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li> <li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li> </ul> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cef33536aa
|
Bump github/codeql-action from 3.24.1 to 3.24.3 (#143546)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.1 to 3.24.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.24.3 - 15 Feb 2024</h2> <ul> <li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li> </ul> <h2>3.24.2 - 15 Feb 2024</h2> <ul> <li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li> </ul> <h2>3.24.1 - 13 Feb 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li> <li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li> </ul> <h2>3.24.0 - 02 Feb 2024</h2> <ul> <li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li> </ul> <h2>3.23.2 - 26 Jan 2024</h2> <ul> <li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li> <li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li> </ul> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5025681129
|
Bump github/codeql-action from 3.24.0 to 3.24.1 (#143395)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.24.1 - 13 Feb 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li> <li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li> </ul> <h2>3.24.0 - 02 Feb 2024</h2> <ul> <li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li> </ul> <h2>3.23.2 - 26 Jan 2024</h2> <ul> <li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li> <li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li> </ul> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
81dcba5fb3
|
Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#142944)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.3.1</h2> <ul> <li>Bump <code>@âactions/artifacts</code> to latest version to include <a href="https://redirect.github.com/actions/toolkit/pull/1648">updated GHES host check</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fab207791d
|
Bump github/codeql-action from 3.23.2 to 3.24.0 (#142839)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.24.0 - 02 Feb 2024</h2> <ul> <li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li> </ul> <h2>3.23.2 - 26 Jan 2024</h2> <ul> <li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li> <li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li> </ul> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7550baff75
|
Bump codecov/codecov-action from 3.1.6 to 4.0.1 (#142838)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/thomasrockhu-codecov"><code>@âthomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1243">codecov/codecov-action#1243</a></li> <li>Add all args by <a href="https://github.com/thomasrockhu-codecov"><code>@âthomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1245">codecov/codecov-action#1245</a></li> <li>fix: show both token uses in readme by <a href="https://github.com/thomasrockhu-codecov"><code>@âthomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1250">codecov/codecov-action#1250</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v4.0.0...v4.0.1">https://github.com/codecov/codecov-action/compare/v4.0.0...v4.0.1</a></p> <h2>v4.0.0</h2> <p>v4 of the Codecov Action uses the <a href="https://docs.codecov.com/docs/the-codecov-cli">CLI</a> as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.</p> <h2>Breaking Changes</h2> <ul> <li>The Codecov Action runs as a <code>node20</code> action due to <code>node16</code> deprecation. See <a href="https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/">this post from GitHub</a> on how to migrate.</li> <li>Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This <a href="https://docs.codecov.com/docs/adding-the-codecov-token#github-actions">doc</a> shows instructions on how to add the Codecov token.</li> <li>OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our <a href="https://cli.codecov.io">CLI download page</a></li> <li>Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs</li> </ul> <p><code>v3</code> versions and below will not have access to CLI features (e.g. global upload token, ATS).</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump openpgp from 5.8.0 to 5.9.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/985">codecov/codecov-action#985</a></li> <li>build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1000">codecov/codecov-action#1000</a></li> <li>build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1006">codecov/codecov-action#1006</a></li> <li>build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1013">codecov/codecov-action#1013</a></li> <li>build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1024">codecov/codecov-action#1024</a></li> <li>build(deps): bump node-fetch from 3.3.1 to 3.3.2 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1031">codecov/codecov-action#1031</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.1.4 to 20.4.5 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1032">codecov/codecov-action#1032</a></li> <li>build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1033">codecov/codecov-action#1033</a></li> <li>build commit,report and upload args based on codecovcli by <a href="https://github.com/dana-yaish"><code>@âdana-yaish</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/943">codecov/codecov-action#943</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.4.5 to 20.5.3 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1055">codecov/codecov-action#1055</a></li> <li>build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1051">codecov/codecov-action#1051</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.5.3 to 20.5.4 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1058">codecov/codecov-action#1058</a></li> <li>chore(deps): update outdated deps by <a href="https://github.com/thomasrockhu-codecov"><code>@âthomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1059">codecov/codecov-action#1059</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.5.4 to 20.5.6 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1060">codecov/codecov-action#1060</a></li> <li>build(deps-dev): bump <code>@âtypescript-eslint/parser</code> from 6.4.1 to 6.5.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1065">codecov/codecov-action#1065</a></li> <li>build(deps-dev): bump <code>@âtypescript-eslint/eslint-plugin</code> from 6.4.1 to 6.5.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1064">codecov/codecov-action#1064</a></li> <li>build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1063">codecov/codecov-action#1063</a></li> <li>build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1061">codecov/codecov-action#1061</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.5.6 to 20.5.7 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1062">codecov/codecov-action#1062</a></li> <li>build(deps): bump openpgp from 5.9.0 to 5.10.1 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1066">codecov/codecov-action#1066</a></li> <li>build(deps-dev): bump <code>@âtypes/node</code> from 20.5.7 to 20.5.9 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1070">codecov/codecov-action#1070</a></li> <li>build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1069">codecov/codecov-action#1069</a></li> <li>build(deps-dev): bump <code>@âtypescript-eslint/eslint-plugin</code> from 6.5.0 to 6.6.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1072">codecov/codecov-action#1072</a></li> <li>Update README.md by <a href="https://github.com/thomasrockhu-codecov"><code>@âthomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1073">codecov/codecov-action#1073</a></li> <li>build(deps-dev): bump <code>@âtypescript-eslint/parser</code> from 6.5.0 to 6.6.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1071">codecov/codecov-action#1071</a></li> <li>build(deps-dev): bump <code>@âvercel/ncc</code> from 0.36.1 to 0.38.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1074">codecov/codecov-action#1074</a></li> <li>build(deps): bump <code>@âactions/core</code> from 1.10.0 to 1.10.1 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1081">codecov/codecov-action#1081</a></li> <li>build(deps-dev): bump <code>@âtypescript-eslint/eslint-plugin</code> from 6.6.0 to 6.7.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1080">codecov/codecov-action#1080</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.2</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/1085">#1085</a> not adding -n if empty to do-upload command</li> </ul> <h2>4.0.0-beta.1</h2> <p><code>v4</code> represents a move from the <a href="https://github.com/codecov/uploader">universal uploader</a> to the <a href="https://github.com/codecov/codecov-cli">Codecov CLI</a>. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.</p> <h3>Breaking Changes</h3> <ul> <li>No current support for <code>aarch64</code> and <code>alpine</code> architectures.</li> <li>Tokenless uploading is unsuported</li> <li>Various arguments to the Action have been removed</li> </ul> <h2>3.1.4</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a> Fix typo in README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a> fix: add back in working dir</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a> fix: CLI option names for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a> build(deps-dev): bump <code>@âtypes/node</code> from 18.15.12 to 18.16.3</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a> build(deps-dev): bump <code>@âtypes/node</code> from 20.1.0 to 20.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a> build(deps-dev): bump <code>@âtypes/node</code> from 20.1.2 to 20.1.4</li> </ul> <h2>3.1.3</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a> fix: allow for aarch64 build</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a> build(deps): bump openpgp from 5.7.0 to 5.8.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a> build(deps-dev): bump <code>@âtypes/node</code> from 18.15.10 to 18.15.12</li> </ul> <h2>3.1.2</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a> Update README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a> Remove unsupported path_to_write_report argument</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a> codeql-analysis.yml</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a> Update README to contain correct information - inputs and negate feature</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a> fix: add in all the extra arguments for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a> build(deps): bump openpgp from 5.4.0 to 5.5.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a> build(deps): bump node-fetch from 3.2.4 to 3.2.10</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a> build(deps): bump <code>@âactions/core</code> from 1.9.1 to 1.10.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a> build(deps): bump <code>@âactions/github</code> from 5.0.3 to 5.1.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a> build(deps): bump node-fetch from 3.2.10 to 3.3.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a> build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a> build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Xilai Zhang
|
be4be30cc8
|
[github actions] ping actor of workflow on cherry pick pr creation (#142676)
Context: Follow up from sync with @itsjustkevin today. Tag and ping the actor of workflow, when the cherry pick pull request is successfully created. 1. actor of workflow will be the username of the user that triggered the initial workflow run. i.e., whoever labels the PR. This person might not necessarily be the author of the cherry pick PR. 2. PR number of newly created cherry pick PR is parsed from the output of "gh pr create" as a multi line string. Tested: on cp success: https://github.com/flutter/flutter/pull/142674 pings the actor of workflow (not the pr author). on cp failure: [example workflow](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7734400373/job/21088324523) leaves a msg on the original PR. |
||
|
dependabot[bot]
|
354803f705
|
Bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#142650)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.2 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v6.0.0</h2> <h2>Behaviour changes</h2> <ul> <li>The default values for <code>author</code> and <code>committer</code> have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.</li> <li>On completion, the action now removes the temporary git remote configuration it adds when using <code>push-to-fork</code>. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.</li> </ul> <h2>What's new</h2> <ul> <li>Updated runtime to Node.js 20 <ul> <li>The action now requires a minimum version of <a href="https://github.com/actions/runner/releases/tag/v2.308.0">v2.308.0</a> for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.</li> </ul> </li> <li>The default value for <code>author</code> has been changed to <code>${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com></code>. The change adds the <code>${{ github.actor_id }}+</code> prefix to the email address to align with GitHub's standard format for the author email address.</li> <li>The default value for <code>committer</code> has been changed to <code>github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com></code>. This is to align with the default GitHub Actions bot user account.</li> <li>Adds input <code>git-token</code>, the <a href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">Personal Access Token (PAT)</a> that the action will use for git operations. This input defaults to the value of <code>token</code>. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.</li> <li><code>push-to-fork</code> now supports pushing to sibling repositories in the same network.</li> <li>Previously, when using <code>push-to-fork</code>, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.</li> <li>If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...<em>[Pull request body truncated]</em>" to indicate that the body has been truncated.</li> <li>The action now uses <code>--unshallow</code> only when necessary, rather than as a default argument of <code>git fetch</code>. This should improve performance, particularly for large git repositories with extensive commit history.</li> <li>The action can now be executed on one GitHub server and create pull requests on a <em>different</em> GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.</li> </ul> <h2>What's Changed</h2> <ul> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2086">peter-evans/create-pull-request#2086</a></li> <li>fix crazy-max/ghaction-import-gp parameters by <a href="https://github.com/fharper"><code>@âfharper</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2364">peter-evans/create-pull-request#2364</a></li> <li>Use checkout v4 by <a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li> <li>Note about <code>delete-branch</code> by <a href="https://github.com/dezren39"><code>@âdezren39</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li> <li>98 dependency updates by <a href="https://github.com/dependabot"><code>@âdependabot</code></a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/fharper"><code>@âfharper</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li> <li><a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li> <li><a href="https://github.com/dezren39"><code>@âdezren39</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0">https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c40acdad15
|
Bump codecov/codecov-action from 3.1.5 to 3.1.6 (#142553)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 3.1.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>v3.1.6</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6">https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a386473e32
|
Bump github/codeql-action from 3.23.1 to 3.23.2 (#142345)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.23.2 - 26 Jan 2024</h2> <ul> <li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li> <li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li> </ul> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ab30122f6b
|
Bump codecov/codecov-action from 3.1.4 to 3.1.5 (#142259)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>v3.1.5</h2> <h2>What's Changed</h2> <ul> <li>action.yml: Update to Node.js 20 by <a href="https://github.com/hallabro"><code>@âhallabro</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hallabro"><code>@âhallabro</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5">https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Xilai Zhang
|
23c08bf08f
|
[github actions] FINALLY fix the mysterious token error in github actions (#142058)
This should finally (with high confidence) fix https://github.com/flutter/flutter/issues/141980, the mysterious error where git push sometimes fail. **Root cause**: When a pull request merges onto flutter's master branch, it is actually a merge from a branch on a flutter contributor's repository, to flutter's repository. Therefore, the [actor](https://stackoverflow.com/questions/58737785/github-actions-empty-env-secrets) of the pull request event, is the user that opened the pull request. And this actor would not have write access to repo and therefore the repo secret resolves to empty. Therefore [running your pull_request workflow when a pull request merges](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges) doesn't work because even though we are not running our workflows on a forked repository, the **actor** of the pull_request event comes from a forked repository, and secrets are not passed to this actor. The correct way is using [pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event instead of pull_request event. In workflows triggered by this event, GITHUB_TOKEN is granted read/write repository permission unless the permissions key is specified and the workflow **can** access secrets, even when the actor of the workflow trigger comes from a fork. Note that workflows of this event runs in the context of the base commit and not the merge commit. But this doesn't matter for our use case since we are good with using the actions file from the base commit in the pull request event. **Tested**: I was finally able to reproduce the error by: 1. create a pull request under the username of different user other than the repository owner 2. merge and label the pull request, and use the token of this different user, but use it as repository secrets in the workflow [reproduced error](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7619699924/job/20753210562) previously I wasn't able to reproduce this error on my personal repo because the actors in my tests are the same user. Also tested on my personal repo, following the steps mentioned above, that using the pull_request_event type fixes the error. [succeeded run](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7630017020/job/20784762242) **The Debug Process**: spent quite a while looking at other things during debugging, but they turned out to be unrelated. things that we experimented with are workflow conditions, ssh setup, git push url, manual trigger, workflow env, secret setup, dependency on market place actions (actions/checkout and peter-evans/create-pullrequest) |
||
|
dependabot[bot]
|
5dd667a6da
|
Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#142075)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>Reorganize upload code in prep for merge logic & add more tests by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/504">actions/upload-artifact#504</a></li> <li>Add sub-action to merge artifacts by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/505">actions/upload-artifact#505</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.3.0">https://github.com/actions/upload-artifact/compare/v4...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fac26c575d
|
Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#141803)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <h2>What's Changed</h2> <ul> <li>Ability to overwrite an Artifact by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/501">actions/upload-artifact#501</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.2.0">https://github.com/actions/upload-artifact/compare/v4...v4.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Xilai Zhang
|
6e39eb75a1
|
[github actions] Fix token issue on actions/checkout package (#141652)
revision 01/17: instead of removing actions/checkout, keep actions/checkout but remove the `token` field and add `persist-credentials` field. tested with a [mirror script](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) and creates [expected pull request](https://github.com/flutter/flutter/pull/141730) Issue: when running github actions, the [tokens not found error](https://github.com/actions/checkout/issues/298) still happens( `Input required and not supplied: token`). We are not using fork PR or dependabot, and it's flaky when the well defined token isn't find in the inputs. We hit this error when invoking [market place actions/checkout](https://github.com/actions/checkout): [example failed run 1](https://github.com/flutter/flutter/actions/runs/7546108771/job/20543199801), [example failed run 2](https://github.com/flutter/flutter/actions/runs/7546141972/job/20543265842) In this PR, Remove the dependency on marketplace actions to make our workflow more reliable and less flaky. other changes to remove actions/checkout dependency: 1. embedded token url for git push Tried a number of ways and this is the only / best workaround I found to resolve [the notorious problem of pushing without ssh key](https://stackoverflow.com/questions/22147574/github-fatal-could-not-read-username-for-https-github-com-no-such-file-o). 2. added back `--head` `--head` is now needed to avoid [abort](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548409479/job/20550397014) Test: a [replicate of the actions file](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) is [tested](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548448024/job/20550521341) on my personal repo, and it creates the [expected PR](https://github.com/flutter/flutter/pull/141647) |
||
|
dependabot[bot]
|
a3c11cdc66
|
Bump github/codeql-action from 3.23.0 to 3.23.1 (#141715)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.23.1 - 17 Jan 2024</h2> <ul> <li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li> <li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li> </ul> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6b91fcb20f
|
Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#141480)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Add migrations docs by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/482">actions/upload-artifact#482</a></li> <li>Update README.md by <a href="https://github.com/samuelwine"><code>@âsamuelwine</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li> <li>Support artifact-url output by <a href="https://github.com/konradpabjan"><code>@âkonradpabjan</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/496">actions/upload-artifact#496</a></li> <li>Update readme to reflect new 500 artifact per job limit by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/497">actions/upload-artifact#497</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samuelwine"><code>@âsamuelwine</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.1.0">https://github.com/actions/upload-artifact/compare/v4...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a18ca800aa
|
Bump github/codeql-action from 3.22.11 to 3.23.0 (#141132)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.23.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.23.0 - 08 Jan 2024</h2> <ul> <li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li> <li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li> </ul> <h2>3.22.12 - 22 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li> </ul> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Xilai Zhang
|
f0e616e2b1
|
[github actions] refactor and fix cherry pick actions (#140499)
This PR makes the following changes: 1. Remove dependency on [peters/evans package](https://github.com/marketplace/actions/create-pull-request)<br> The market place action introduces overheads that don't properly consume tokens. e.g. :[failed workflow that says token is not supplied](https://github.com/flutter/flutter/actions/runs/7282529195/job/19845096943) This PR changes the market place action to git commands that we have full control over, provides better error msg for debug, and properly consumes token. 2. Align usage of tokens:<br> All tokens in the workflow now uses flutter actions bot PAT token. From experiments, a mixed usage of different tokens in different steps sometimes cause the workflow to fail on authentication. Tested: Tested with [a similar workflow on my personal repository](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml), and it produces the [expected cherry pick PR as end result](https://github.com/flutter/flutter/pull/140497) |
||
|
godofredoc
|
cf3760bce0
|
Update job permissions (#140476)
Updates to use contents: write and pull-requests: write. ## Pre-launch Checklist - [X] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [X] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [X] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [X] I signed the [CLA]. - [X] I listed at least one issue that this PR fixes in the description above. - [X] I updated/added relevant documentation (doc comments with `///`). - [X] I added new tests to check the change I am making, or this PR is [test-exempt]. - [X] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/wiki/Tree-hygiene#overview [Tree Hygiene]: https://github.com/flutter/flutter/wiki/Tree-hygiene [test-exempt]: https://github.com/flutter/flutter/wiki/Tree-hygiene#tests [Flutter Style Guide]: https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo [Features we expect every widget to implement]: https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/wiki/Tree-hygiene#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/wiki/Chat |
||
|
Xilai Zhang
|
62d699961f
|
[github actions] change minimal example workflow to be manually dispatched (#140435)
This would allow easier testing of the minimal example. Might need Github Admin power to trigger the manual dispatches. |
||
|
Xilai Zhang
|
e86b825819
|
[github actions] add minimal workflow to test token (#140363)
Add a workflow that simply: 1. checkout repo 2. write a file 3. create a PR This is used to verify the permissions and validity of the github token we use to create PR. context: https://chat.google.com/room/AAAAc_4rqiI/Ck593Sg7mvs If we think the triggering condition is complicated, I can also change this workflow to be manual dispatch, to make it truly minimal. |
||
|
Xilai Zhang
|
8c1d723d11
|
[github actions] use token from real user flutter mirror bot (#140191)
sir @godofredoc pointed out that we should use a real user to create PRs with, and we already have one account with such credentials -- the mirror bot. |
||
|
dependabot[bot]
|
ea1e2dfa3e
|
Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#140177)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <h2>What's Changed</h2> <p>The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.</p> <p>For more information, see the <a href="https://github.com/actions/toolkit/tree/main/packages/artifact"><code>@âactions/artifact</code></a> documentation.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vmjoseph"><code>@âvmjoseph</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/464">actions/upload-artifact#464</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v4.0.0">https://github.com/actions/upload-artifact/compare/v3...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cea2726be8
|
Bump github/codeql-action from 2.22.10 to 3.22.11 (#140087)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.22.11 - 13 Dec 2023</h2> <ul> <li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li> </ul> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3da9bc1698
|
Bump github/codeql-action from 2.22.9 to 2.22.10 (#140003)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.10 - 12 Dec 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li> </ul> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Xilai Zhang
|
32c7c310db
|
[github actions] Automate Flutter Chery Picks (#139524)
**design doc: go/easy-cp** umbrella design doc: go/flutter-actions umbrella bug: https://github.com/flutter/flutter/issues/139604 **Sample Results**: 1. If cherry pick succeeds, a pull request with cherry pick template and label is created. https://github.com/flutter/flutter/pull/139523 2. If cherry pick fails, a comment is added under the original Pull Request. https://github.com/flutter/cocoon/pull/3305 In tests, [7d9010]( |
||
|
dependabot[bot]
|
45a4c7a432
|
Bump github/codeql-action from 2.22.6 to 2.22.9 (#139767)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 2.22.9. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.9 - 07 Dec 2023</h2> <p>No user facing changes.</p> <h2>2.22.8 - 23 Nov 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li> </ul> <h2>2.22.7 - 16 Nov 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> </ul> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Drew Roen
|
a82ae2322d
|
Update labeler version, fix yaml to work with v5 (#139564)
This fixes https://github.com/flutter/flutter/issues/139511 * A bug has been fixed with `sync-labels`, meaning this needs to be a boolean now. Setting to `true` to match v4 logic. * in `labeler.yml`, all labels must be a list of globs, so updated them all to be a list of `any`. * Update the version to v5 This is a little annoying to test, since the way github actions works means that changes to workflows aren't run until after they are merged. A workaround is I forked these labeler changes to a new branch in my own repo and created a PR to merge to that branch, seen here: https://github.com/drewroengoogle/flutter/actions/runs/7102118110/job/19331743809?pr=2. Note the step `Run actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9` which ensures we are running on the latest labeler version in that check. |
||
|
auto-submit[bot]
|
b278f0f1bf
|
Reverts "Bump actions/labeler from 4.3.0 to 5.0.0" (#139534)
Reverts flutter/flutter#139506 Initiated by: godofredoc This change reverts the following previous change: Original Description: Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p>This release contains the following breaking changes:</p> <ol> <li> <p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p> </li> <li> <p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p> </li> <li> <p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p> </li> <li> <p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p> </li> </ol> <p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joshdales"><code>@joshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li> <li><a href="https://github.com/dusan-trickovic"><code>@dusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li> <li><a href="https://github.com/sungh0lim"><code>@sungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li> <li><a href="https://github.com/TrianguloY"><code>@TrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p> <h2>v5.0.0-beta.1</h2> <h2>What's Changed</h2> <p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p> <pre lang="yml"><code>LabelName: - any: - changed-files: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] - all: - changed-files: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] </code></pre> <p>to</p> <pre lang="yml"><code>LabelName: - any: - changed-files: - AnyGlobToAnyFile: ['list', 'of', 'globs'] - AnyGlobToAllFiles: ['list', 'of', 'globs'] - AllGlobsToAnyFile: ['list', 'of', 'globs'] - AllGlobsToAllFiles: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] - all: - changed-files: - AnyGlobToAnyFile: ['list', 'of', 'globs'] - AnyGlobToAllFiles: ['list', 'of', 'globs'] - AllGlobsToAnyFile: ['list', 'of', 'globs'] </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
auto-submit[bot]
|
5422af7481
|
Reverts "Update sync-labels to use boolean" (#139533)
Reverts flutter/flutter#139516 Initiated by: godofredoc This change reverts the following previous change: Original Description: https://github.com/actions/labeler/issues/112 has been fixed, and now requires boolean to be used. Related infra issue that this fixes: https://github.com/flutter/flutter/issues/139511 |
||
|
Drew Roen
|
e1a2bb376a
|
Update sync-labels to use boolean (#139516)
https://github.com/actions/labeler/issues/112 has been fixed, and now requires boolean to be used. Related infra issue that this fixes: https://github.com/flutter/flutter/issues/139511 |
||
|
dependabot[bot]
|
bbe980cfe8
|
Bump actions/labeler from 4.3.0 to 5.0.0 (#139506)
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p>This release contains the following breaking changes:</p> <ol> <li> <p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p> </li> <li> <p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p> </li> <li> <p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p> </li> <li> <p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p> </li> </ol> <p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joshdales"><code>@âjoshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li> <li><a href="https://github.com/dusan-trickovic"><code>@âdusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li> <li><a href="https://github.com/sungh0lim"><code>@âsungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li> <li><a href="https://github.com/TrianguloY"><code>@âTrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p> <h2>v5.0.0-beta.1</h2> <h2>What's Changed</h2> <p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p> <pre lang="yml"><code>LabelName: - any: - changed-files: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] - all: - changed-files: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] </code></pre> <p>to</p> <pre lang="yml"><code>LabelName: - any: - changed-files: - AnyGlobToAnyFile: ['list', 'of', 'globs'] - AnyGlobToAllFiles: ['list', 'of', 'globs'] - AllGlobsToAnyFile: ['list', 'of', 'globs'] - AllGlobsToAllFiles: ['list', 'of', 'globs'] - base-branch: ['list', 'of', 'regexps'] - head-branch: ['list', 'of', 'regexps'] - all: - changed-files: - AnyGlobToAnyFile: ['list', 'of', 'globs'] - AnyGlobToAllFiles: ['list', 'of', 'globs'] - AllGlobsToAnyFile: ['list', 'of', 'globs'] </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
106667eb4b
|
Bump dessant/lock-threads from 5.0.0 to 5.0.1 (#138921)
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.0 to 5.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p> <h2><a href="https://github.com/dessant/lock-threads/compare/v5.0.0...v5.0.1">5.0.1</a> (2023-11-22)</h2> <h3>Bug Fixes</h3> <ul> <li>support filtering threads by labels with spaces (<a href=" |
||
|
dependabot[bot]
|
391908929a
|
Bump dessant/lock-threads from 4.0.1 to 5.0.0 (#138437)
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4.0.1 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p> <h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2> <h3>â BREAKING CHANGES</h3> <ul> <li>Discussions are also processed by default, set the <code>process-only</code> input parameter to preserve the old behavior</li> </ul> <pre lang="yaml"><code> steps: - uses: dessant/lock-threads@v5 with: process-only: 'issues, prs' </code></pre> <ul> <li>the action now requires Node.js 20</li> </ul> <h3>Features</h3> <ul> <li>lock discussions (<a href=" |
||
|
dependabot[bot]
|
72080e6048
|
Bump github/codeql-action from 2.22.5 to 2.22.6 (#138438)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 2.22.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.6 - 14 Nov 2023</h2> <ul> <li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li> <li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li> </ul> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> <ul> <li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li> </ul> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
auto-submit[bot]
|
591e10bb46
|
Reverts "Use no-response from cocoon." (#138042)
Reverts flutter/flutter#138037 Initiated by: godofredoc This change reverts the following previous change: Original Description: Migrate no-response to the version imported in cocoon. |
||
|
godofredoc
|
a68d3c3b02
|
Use no-response from cocoon. (#138037)
Migrate no-response to the version imported in cocoon. |
||
|
dependabot[bot]
|
ea6aea9823
|
Bump github/codeql-action from 2.22.4 to 2.22.5 (#137450)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.5 - 27 Oct 2023</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> <ul> <li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li> </ul> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> </ul> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
88ebc26a59
|
Bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#137103)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.3.1</h2> <h2>What's Changed</h2> <ul> <li>🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1282">ossf/scorecard-action#1282</a> <ul> <li>Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.1">v4.13.1</a> release notes</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1">https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1</a></p> <h2>v2.3.0</h2> <h2>What's Changed</h2> <ul> <li>🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1270">ossf/scorecard-action#1270</a> <ul> <li>For a full changelist of what this includes, see the <a href="https://github.com/ossf/scorecard/releases/tag/v4.12.0">v4.12.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.0">v4.13.0</a> release notes</li> </ul> </li> <li>✨ Send rekor tlog index to webapp when publishing results by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1169">ossf/scorecard-action#1169</a></li> <li>🐛 Prevent url clipping for GHES instances by <a href="https://github.com/rajbos"><code>@ârajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1225">ossf/scorecard-action#1225</a></li> </ul> <h3>Documentation</h3> <ul> <li>📖 Update access rights needed to see the results in code scanning by <a href="https://github.com/rajbos"><code>@ârajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1229">ossf/scorecard-action#1229</a></li> <li>📖 Add package comments. by <a href="https://github.com/spencerschrock"><code>@âspencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1221">ossf/scorecard-action#1221</a></li> <li>📖 Add SECURITY.md file by <a href="https://github.com/david-a-wheeler"><code>@âdavid-a-wheeler</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li> <li>📖 Fix typo in token input docs by <a href="https://github.com/aabouzaid"><code>@âaabouzaid</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/david-a-wheeler"><code>@âdavid-a-wheeler</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li> <li><a href="https://github.com/aabouzaid"><code>@âaabouzaid</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0">https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9beb98aabf
|
Bump github/codeql-action from 2.22.3 to 2.22.4 (#136985)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.4 - 20 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li> <li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. <ul> <li>All code scanning workflows should continue to succeed regardless of the warning.</li> <li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li> <li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li> </ul> </li> </ul> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> <ul> <li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li> </ul> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li> </ul> <h2>2.21.7 - 14 Sep 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
380520d41d
|
Bump actions/checkout from 3.6.0 to 4.1.1 (#136762)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.1.1</h2> <h2>What's Changed</h2> <ul> <li>Update CODEOWNERS to Launch team by <a href="https://github.com/joshmgross"><code>@âjoshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1510">actions/checkout#1510</a></li> <li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@âpeterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li> <li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@âcory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joshmgross"><code>@âjoshmgross</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1510">actions/checkout#1510</a></li> <li><a href="https://github.com/peterbe"><code>@âpeterbe</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.1.1">https://github.com/actions/checkout/compare/v4...v4.1.1</a></p> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md for V4 by <a href="https://github.com/sivapalan"><code>@âsivapalan</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1452">actions/checkout#1452</a></li> <li>Add support for partial checkout filters by <a href="https://github.com/finleygn"><code>@âfinleygn</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1396">actions/checkout#1396</a></li> <li>Prepare 4.1.0 release by <a href="https://github.com/cory-miller"><code>@âcory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1496">actions/checkout#1496</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sivapalan"><code>@âsivapalan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1452">actions/checkout#1452</a></li> <li><a href="https://github.com/finleygn"><code>@âfinleygn</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1396">actions/checkout#1396</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.0.0...v4.1.0">https://github.com/actions/checkout/compare/v4.0.0...v4.1.0</a></p> <h2>v4.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update default runtime to node20 by <a href="https://github.com/takost"><code>@âtakost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li> <li>Support fetching without the --progress option by <a href="https://github.com/simonbaird"><code>@âsimonbaird</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li> <li>Release 4.0.0 by <a href="https://github.com/takost"><code>@âtakost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1447">actions/checkout#1447</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@âtakost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li> <li><a href="https://github.com/simonbaird"><code>@âsimonbaird</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v4.0.0">https://github.com/actions/checkout/compare/v3...v4.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li> </ul> <h2>v4.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1067">Support fetching without the --progress option</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1436">Update to node20</a></li> </ul> <h2>v3.6.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth > 0</a></li> </ul> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@âactions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@âactions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@âactions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5f9965cf6f
|
Bump github/codeql-action from 2.22.0 to 2.22.3 (#136563)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.3 - 13 Oct 2023</h2> <ul> <li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li> </ul> <h2>2.22.2 - 12 Oct 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li> <li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li> </ul> <h2>2.22.1 - 09 Oct 2023</h2> <ul> <li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li> </ul> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li> </ul> <h2>2.21.7 - 14 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li> </ul> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bc31514434
|
Bump github/codeql-action from 2.21.6 to 2.22.0 (#136095)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.6 to 2.22.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.22.0 - 06 Oct 2023</h2> <ul> <li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li> <li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li> <li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li> </ul> <h2>2.21.9 - 27 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li> <li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li> <li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li> <li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li> </ul> <h2>2.21.8 - 19 Sep 2023</h2> <ul> <li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a> <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li> </ul> <h2>2.21.7 - 14 Sep 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li> </ul> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> <li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li> </ul> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
04ad1da1ae
|
Bump github/codeql-action from 2.21.5 to 2.21.6 (#134692)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.6 - 13 Sep 2023</h2> <ul> <li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li> <li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li> <li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li> <li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li> </ul> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cf1968aa66
|
Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#134173)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v3.1.3</h2> <h2>What's Changed</h2> <ul> <li>chore(github): remove trailing whitespaces by <a href="https://github.com/ljmf00"><code>@âljmf00</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/313">actions/upload-artifact#313</a></li> <li>Bump <code>@âactions/artifact</code> version to v1.1.2 by <a href="https://github.com/bethanyj28"><code>@âbethanyj28</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/436">actions/upload-artifact#436</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v3.1.3">https://github.com/actions/upload-artifact/compare/v3...v3.1.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c046627482
|
Bump github/codeql-action from 2.21.4 to 2.21.5 (#133504)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.5 - 28 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li> <li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li> <li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li> </ul> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d387f551a7
|
Bump actions/checkout from 3.5.3 to 3.6.0 (#133281)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <h2>What's Changed</h2> <ul> <li>Mark test scripts with Bash'isms to be run via Bash by <a href="https://github.com/dscho"><code>@âdscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1377">actions/checkout#1377</a></li> <li>Add option to fetch tags even if fetch-depth > 0 by <a href="https://github.com/RobertWieczoreck"><code>@âRobertWieczoreck</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li>Release 3.6.0 by <a href="https://github.com/luketomlinson"><code>@âluketomlinson</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/RobertWieczoreck"><code>@âRobertWieczoreck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li><a href="https://github.com/luketomlinson"><code>@âluketomlinson</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.3...v3.6.0">https://github.com/actions/checkout/compare/v3.5.3...v3.6.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.6.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth > 0</a></li> </ul> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@âactions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@âactions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@âactions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
99dd6b4972
|
Bump github/codeql-action from 2.21.3 to 2.21.4 (#132525)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.4 - 14 Aug 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li> <li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li> <li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li> <li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li> <li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li> </ul> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9b261a7700
|
Bump github/codeql-action from 2.21.2 to 2.21.3 (#132165)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.21.3 - 08 Aug 2023</h2> <ul> <li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li> <li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li> <li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li> </ul> <h2>2.21.2 - 28 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li> <li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li> </ul> <h2>2.21.1 - 26 Jul 2023</h2> <ul> <li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li> <li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li> </ul> <h2>2.21.0 - 19 Jul 2023</h2> <ul> <li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li> </ul> <h2>2.20.4 - 14 Jul 2023</h2> <ul> <li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0). <ul> <li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li> <li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li> </ul> </li> <li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li> <li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li> </ul> <h2>2.20.3 - 06 Jul 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li> </ul> <h2>2.20.2 - 03 Jul 2023</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |