github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-20 22:08:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,491 Commits 342 Branches 538 Tags
codeql-bundle-v2.20.5
Commit Graph

511 Commits

Author SHA1 Message Date
Edoardo Pirovano 8c3255bc78 Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 19:01:17 +01:00
Edoardo Pirovano df6f81e49c Merge branch 'main' into dependabot/npm_and_yarn/nock-13.1.1 2021-07-27 18:41:59 +01:00
Edoardo Pirovano 70f5789ed2 Merge branch 'main' into dependabot/npm_and_yarn/actions/http-client-1.0.11 2021-07-27 18:18:44 +01:00
Edoardo Pirovano 99afdfbfbd Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 18:14:25 +01:00
dependabot[bot] 9ce2456348 Bump typescript from 3.7.5 to 4.3.5 
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 3.7.5 to 4.3.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v3.7.5...v4.3.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:52:03 +00:00
dependabot[bot] 3ab5d6d4d6 Bump @actions/exec from 1.0.1 to 1.1.0 
Bumps [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/@actions/core@1.1.0/packages/exec)

---
updated-dependencies:
- dependency-name: "@actions/exec"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:54 +00:00
dependabot[bot] 35f1961385 Bump nock from 12.0.3 to 13.1.1 
Bumps [nock](https://github.com/nock/nock) from 12.0.3 to 13.1.1.
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v12.0.3...v13.1.1)

---
updated-dependencies:
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:47 +00:00
dependabot[bot] 6b0d45a5c6 Bump eslint-plugin-github from 4.1.1 to 4.1.5 
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.1.1 to 4.1.5.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.1.1...v4.1.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:39 +00:00
dependabot[bot] 4867598089 Bump @actions/http-client from 1.0.8 to 1.0.11 
Bumps [@actions/http-client](https://github.com/actions/http-client) from 1.0.8 to 1.0.11.
- [Release notes](https://github.com/actions/http-client/releases)
- [Changelog](https://github.com/actions/http-client/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/http-client/commits)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-27 16:51:17 +00:00
github-actions[bot] fb19072237 Update checked-in dependencies 2021-07-27 08:53:06 +00:00
github-actions[bot] c4e99325d0 1.0.9 2021-07-26 23:35:55 +00:00
Edoardo Pirovano 934fb86c58 Address PR comments from @robertbrignull 2021-07-26 14:47:03 +01:00
github-actions[bot] 63603427ef 1.0.8 2021-07-21 14:22:34 +00:00
github-actions[bot] 01b1510da2 1.0.7 2021-07-19 09:32:59 +00:00
Andrew Eisenberg ae97d8f96d Fix dependabot vulnerabilities 
This adds some forced resolutions to ensure that vulnerable versions
of packages are not installed.
 2021-07-14 14:40:10 -07:00
github-actions[bot] 92df23808d 1.0.6 2021-07-12 23:03:41 +00:00
github-actions[bot] 5c3c29fd3f 1.0.5 2021-06-28 15:23:49 +00:00
Andrew Eisenberg c5434c91d8 Merge branch 'main' into csharp-loc 2021-06-23 16:22:14 -07:00
Edoardo Pirovano 68b68732c6 Fix C# line counting and add test 2021-06-23 23:39:44 +01:00
Andrew Eisenberg c98b43187d Merge branch 'main' into mergeback/v1.0.3-to-main-cf6e0194 2021-06-23 08:08:49 -07:00
github-actions[bot] 1496843315 1.0.4 2021-06-23 14:56:35 +00:00
Chris Gavin 476f13ea18 Upgrade Actions Tool Cache. 2021-06-23 14:28:33 +01:00
github-actions[bot] 4954c371d1 1.0.3 2021-06-17 18:01:57 +00:00
github-actions[bot] fbb9046bf6 1.0.2 2021-06-07 20:59:15 +00:00
Edoardo Pirovano 0cbd4b56d3 Add some dependencies for uploading artifacts 2021-06-02 10:32:48 +01:00
Andrew Eisenberg 539d968ad7 Use commander preAction hook for setMode 
Hooks are new to commander v8. We can use hooks to ensure that `setMode`
is called before every command is invoked.
 2021-06-01 11:17:49 -07:00
Andrew Eisenberg f0e82b7d63 1.0.1 2021-05-31 10:56:52 -07:00
Andrew Eisenberg 8566f9b061 Add a changelog 
Adds an empty changelog file and a reminder to update it when opening
pull requests.

Also, adds a 1.0.0 version number in the package.json, which is what
we _could_ use for version numbering.
 2021-05-19 15:19:36 -07:00
Andrew Eisenberg ddcb299283 Update loc count library 
This version will count lines of code in each file serially. It still
runs all file system operations asynchronously. The only difference now
is that it will only count one file at a time. It is slower, but it
is able to count large repositories without running out of memory.
 2021-05-12 16:33:05 -07:00
Andrew Eisenberg 489dbb0e02 Fix security vulnerabilities 
Ran `npm audit fix`.

Even though this fixes a "high" severity vulnerability, all affected
packages are dev packages only.
 2021-05-10 10:14:48 -07:00
Andrew Eisenberg 5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
Andrew Eisenberg b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Andrew Eisenberg c4a84a93d4 Add the github-linguist package 
This commit only adds a single package and all of its transitive
dependencies. The github-linguist package will be used for counting
lines of code as a baseline for databases we are analyzing.
 2021-04-22 15:59:49 -07:00
Robert 8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
dependabot[bot] d0b1259bbe Bump y18n from 4.0.0 to 4.0.1 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-31 22:46:11 +00:00
Chris Gavin f8c5dacab5 Also look for the CodeQL bundle at the custom GitHub AE endpoint. 2021-02-15 19:41:41 +00:00
Chris Gavin d182a0e3aa Fix deduplication of bundle download sources. 2021-01-26 16:56:43 +00:00
dependabot[bot] 46c74bba1d Bump ini from 1.3.5 to 1.3.8 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-12-12 17:32:00 +00:00
Chris Gavin 726cfc8441 Ensure unqualified program names are present on PATH before executing them. 2020-11-18 22:20:13 +00:00
Chris Raynor 0907cd5a41 Merge branch 'main' into cbraynor/fix201 2020-10-05 10:35:27 +01:00
dependabot[bot] 4290eabf33 Bump @actions/core from 1.2.0 to 1.2.6 
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.0 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-10-01 17:36:26 +00:00
Chris Raynor 8200c137dc Resolve violations of import/no-extraneous-dependencies lint 
Fixes #201
 2020-09-29 15:03:21 +01:00
Chris Gavin 31c2eca167 Fix retrying uploads by using Octokit retry plugin. 2020-09-21 19:15:19 +01:00
Chris Gavin 9ed519fa12 Update to the latest version of @actions/github. 2020-09-18 16:06:20 +01:00
Chris Raynor 09b4a82c83 Removing the tslint config 2020-09-14 10:37:55 +01:00
Chris Raynor 06765f9340 Adding ESLint config and required dev dependencies 2020-09-14 10:32:24 +01:00
dependabot[bot] 0b64878cfe Bump node-fetch from 2.6.0 to 2.6.1 
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-12 20:20:25 +00:00
Robert Brignull a6e6d4b72b move dependencies needed to build CLI to separate package.json 2020-08-24 14:02:49 +01:00
Robert Brignull 34b372292b commit node_modules and generated files 2020-08-11 12:43:27 +01:00
Robert de0b59097a remove direct dependency on @actions/io 2020-08-07 18:09:45 +01:00