Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update github/codeql-action action to v3.25.3 #77

Merged
merged 1 commit into from
May 1, 2024
Merged

Update github/codeql-action action to v3.25.3 #77

merged 1 commit into from
May 1, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 1, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v3.25.1 -> v3.25.3

Release Notes

github/codeql-action (github/codeql-action)

v3.25.3

Compare Source

v3.25.2

Compare Source

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions GitHub Actions
Copy link

github-actions bot commented May 1, 2024

[puLL-Merge] - github/[email protected]

Here is my review of the PR:

Description

This PR makes several changes to the CodeQL action codebase:

  • Updates the default CodeQL bundle version to 2.17.1
  • Requires upgrading the CodeQL CLI version to v2.15.1+ for ARM MacOS runners with SIP disabled
  • Makes various naming changes, replacing codeQlVersionAbove with codeQlVersionAtLeast
  • Adds support for a new ExternalRepositoryCloneFailed CLI config error category
  • Simplifies some TypeScript types and removes some extra type assertions
  • Updates some dependencies

The motivation seems to be keeping the action up-to-date with the latest CodeQL bundle, improving support for ARM MacOS, and general code cleanup and dependency updates.

Changes

Changes

  • CHANGELOG.md - Documents the bundle upgrade to 2.17.1 and ARM MacOS requirements
  • lib/** - Compiled JavaScript code changes
  • node_modules/** - Dependency updates
  • pr-checks/checks/*.yml - Adds setup-go step to some PR checks
  • pr-checks/sync.py - Updates matrix generation for ARM MacOS
  • src/**:
    • Replaces codeQlVersionAbove with codeQlVersionAtLeast
    • Adds check for SIP on ARM MacOS and warns for old CLI versions
    • Adds new ExternalRepositoryCloneFailed CLI error
    • Simplifies some types and code
    • Updates default bundle version
  • package.json - Bumps action version to 3.25.3

Security Hotspots

  1. Adding a new CLI config error may slightly increase the attack surface if not validated properly, but the risk is low.
  2. The changes do not appear to introduce any new dangerous code patterns or risky dependencies.
  3. Updating dependencies helps reduce supply chain risk by pulling in any security fixes.

Let me know if you have any other questions!

@renovate renovate bot force-pushed the renovate/github-codeql-action-3.x branch from 4f55def to fcbb70a Compare May 1, 2024 06:14
@renovate renovate bot merged commit d96a8c4 into master May 1, 2024
7 checks passed
@renovate renovate bot deleted the renovate/github-codeql-action-3.x branch May 1, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees
No one assigned
Labels
dependencies puLL-Merge renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants