github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-17 08:40:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,479 Commits 359 Branches 546 Tags
d4eab006fabe61a323150f46499699238f871c0a
Commit Graph

9479 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot] d4eab006fa Bump sinon from 21.1.2 to 22.0.0 
Bumps [sinon](https://github.com/sinonjs/sinon) from 21.1.2 to 22.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v21.1.2...v22.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 22.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-14 10:34:00 +00:00
Henry Mercer ea37b337cd Merge pull request #3897 from github/dependabot/npm_and_yarn/npm-minor-afb85bbff8 
Bump the npm-minor group across 1 directory with 3 updates
 2026-05-14 10:09:31 +00:00
Henry Mercer ba0a2f91b7 Merge pull request #3896 from github/dependabot/github_actions/dot-github/workflows/actions-minor-9f1c31c749 
Bump actions/create-github-app-token from 3.1.1 to 3.2.0 in /.github/workflows in the actions-minor group across 1 directory
 2026-05-14 10:06:09 +00:00
dependabot[bot] 4041a11865 Bump the npm-minor group across 1 directory with 3 updates 
Bumps the npm-minor group with 3 updates in the / directory: [globals](https://github.com/sindresorhus/globals), [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) and [yaml](https://github.com/eemeli/yaml).


Updates `globals` from 17.5.0 to 17.6.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0)

Updates `typescript-eslint` from 8.59.1 to 8.59.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.2/packages/typescript-eslint)

Updates `yaml` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.3...v2.8.4)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 17.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: typescript-eslint
  dependency-version: 8.59.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: yaml
  dependency-version: 2.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 18:29:17 +00:00
dependabot[bot] 2a6fe1608c Bump actions/create-github-app-token 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 18:28:51 +00:00
Mads Navntoft 3d6ea97f26 Merge pull request #3891 from github/navntoft/dep/remove-brace-expansion-override 
Bump brace-expansion and 4 dev dependencies
 2026-05-13 15:46:57 +00:00
Michael B. Gale 7d25a3e590 Merge pull request #3892 from github/mbg/analysis-kinds/warn-on-multiple 
Log error and only enable `code-scanning` if multiple analysis kinds are specified
 2026-05-13 15:44:21 +00:00
Michael B. Gale 4dc72761a6 Merge remote-tracking branch 'origin/main' into mbg/analysis-kinds/warn-on-multiple 2026-05-13 16:20:45 +01:00
Henry Mercer c559992c9e Merge pull request #3880 from github/henrymercer/overlay-match-codeql-version 
Overlay: Use overlay-aware CLI version when analyzing PRs
 2026-05-12 17:36:31 +00:00
Henry Mercer 8d217609b0 Nit: Tweak JSDoc for getRawLanguagesNoAutodetect 2026-05-12 16:21:44 +01:00
Michael B. Gale 257b3d3fc8 Enable only code-scanning 2026-05-12 15:46:28 +01:00
Henry Mercer 201a96b541 Use overlay-aware version for code scanning exclusively 2026-05-12 15:25:40 +01:00
Michael B. Gale 312a2fee96 Add changelog entry 2026-05-12 15:03:58 +01:00
Mads Navntoft 2ca0fbdca8 Rebuild 2026-05-12 15:59:34 +02:00
Mads Navntoft 12c1d88854 Bump five transitive dependencies 
Bumps the following to their latest patched versions:

brace-expansion (under readdir-glob): 2.0.2 → 2.1.0
picomatch (under micromatch): 2.3.1 → 2.3.2
picomatch (top level): 4.0.3 → 4.0.4
flatted: 3.3.3 → 3.4.2
js-yaml (under supertap): 3.14.1 → 3.14.2

The brace-expansion bump requires removing the brace-expansion override
in package.json, which had been pinning resolution below the existing
^2.0.1 constraint declared by readdir-glob.
 2026-05-12 15:59:34 +02:00
Michael B. Gale 70419e3273 Throw error if multiple analysis kinds are specified 2026-05-12 14:54:11 +01:00
Michael B. Gale b62aaa99a5 Merge pull request #3889 from github/dependabot/npm_and_yarn/fast-xml-builder-1.2.0 
Bump fast-xml-builder from 1.1.5 to 1.2.0
 2026-05-11 14:59:28 +00:00
dependabot[bot] 2f2dbd2e78 Bump fast-xml-builder from 1.1.5 to 1.2.0 
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.5 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 19:05:11 +00:00
Henry Mercer b4ea7aa65a Improve tests 2026-05-08 19:16:48 +01:00
Henry Mercer 87ac48dae6 Improve error message 2026-05-08 19:16:47 +01:00
Henry Mercer 42d7f62579 Remove dead code 2026-05-08 19:16:46 +01:00
Henry Mercer 540699dcca Remove makeOverlayMatchFeatures indirection 2026-05-08 19:14:05 +01:00
Henry Mercer 9a85234875 Add JSDoc for getRawLanguagesNoAutodetect 2026-05-08 19:14:05 +01:00
Henry Mercer 2a950b930c Enable overlay-aware version selection in setup-codeql 2026-05-08 19:14:05 +01:00
Henry Mercer 4f815a68d3 Minor: Introduce constant to avoid duplication 2026-05-08 19:14:04 +01:00
Henry Mercer 0aedbb71d8 Merge branch 'main' into henrymercer/overlay-match-codeql-version 2026-05-08 19:10:45 +01:00
Henry Mercer 868e2ea564 Merge pull request #3886 from github/mergeback/v4.35.4-to-main-68bde559 
Mergeback v4.35.4 refs/heads/releases/v4 into main
 2026-05-08 14:25:20 +00:00
Henry Mercer 792c223bc1 Merge pull request #3875 from github/dependabot/npm_and_yarn/npm-minor-c8e071f5f8 
Bump the npm-minor group across 1 directory with 4 updates
 2026-05-08 14:25:05 +00:00
Henry Mercer efc9b0a9e3 Improve changelog note 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2026-05-07 18:44:08 +01:00
github-actions[bot] 272ada693f Rebuild 2026-05-07 15:58:38 +00:00
github-actions[bot] 610a6682b6 Merge remote-tracking branch 'origin/main' into mergeback/v4.35.4-to-main-68bde559 2026-05-07 15:57:56 +00:00
github-actions[bot] 1627096569 Update changelog and version after v4.35.4 2026-05-07 15:54:04 +00:00
Paolo Tranquilli 68bde559de Merge pull request #3885 from github/update-v4.35.4-803d9e8c3 
Merge main into releases/v4
v4.35.4 		2026-05-07 17:52:37 +02:00
github-actions[bot] 9739ad2d18 Update changelog for v4.35.4 2026-05-07 15:21:52 +00:00
Henry Mercer b81d0d250f Merge pull request #3874 from github/henrymercer/slow-tests-ci-only 
Tests: Run slow `scanArtifactsForTokens` test in CI only by default
 2026-05-07 15:04:47 +00:00
Michael B. Gale a16cb53dd8 Merge pull request #3884 from github/mbg/dev/no-build-metadata 
Do not run `bundle-metadata.ts` as part of `npm run build`
 2026-05-07 15:02:21 +00:00
Michael B. Gale 803d9e8c3c Merge pull request #3883 from github/mbg/test/macro-wrapper 
Add more strongly typed wrapper around `test.macro`
 2026-05-07 14:46:34 +00:00
Henry Mercer 0c80cee806 Add explicit error on Windows 2026-05-07 15:39:42 +01:00
Michael B. Gale d032ee8c47 Do not run bundle-metadata.ts as part of npm run build 2026-05-07 15:38:28 +01:00
Michael B. Gale 0fd9c7d135 Merge pull request #3882 from github/dependabot/github_actions/dot-github/workflows/actions-minor-4a0b9de8bd 
Bump ruby/setup-ruby from 1.305.0 to 1.306.0 in /.github/workflows in the actions-minor group across 1 directory
 2026-05-07 14:17:36 +00:00
Michael B. Gale 922d6fb888 Use makeMacro instead of test.macro 2026-05-07 14:59:42 +01:00
Michael B. Gale df77e87896 Update test macro snippet 2026-05-07 14:59:42 +01:00
Michael B. Gale 6e3f985e4f Add wrapper for test.macro 2026-05-07 14:59:42 +01:00
Paolo Tranquilli e7a347dfb1 Merge pull request #3881 from github/update-bundle/codeql-bundle-v2.25.4 
Update default bundle to 2.25.4
 2026-05-07 13:41:36 +00:00
github-actions[bot] 17eabb2500 Rebuild 2026-05-07 13:23:54 +00:00
dependabot[bot] aaef09c48d Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.305.0 to 1.306.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/0cb964fd540e0a24c900370abf38a33466142735...c4e5b1316158f92e3d49443a9d58b31d25ac0f8f)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.306.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 13:21:45 +00:00
github-actions[bot] ae1b9155d3 Add changelog note 2026-05-07 12:49:22 +00:00
github-actions[bot] 9f82f88f07 Update default bundle to codeql-bundle-v2.25.4 2026-05-07 12:49:13 +00:00
Henry Mercer 7525c68ea1 Nit: Dedupe languages 2026-05-07 11:01:15 +01:00
Henry Mercer 01bc9be56a Filter to code scanning only 2026-05-07 11:00:54 +01:00