Skip to content

Bump github/codeql-action from 4.31.8 to 4.31.9 #265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ikostan merged 1 commit into from
Dec 23, 2025
Merged

Bump github/codeql-action from 4.31.8 to 4.31.9 #265

ikostan merged 1 commit into from
Dec 23, 2025
+6 −6

Conversation

@ikostan
Copy link
Owner

@ikostan ikostan commented Dec 23, 2025
edited by sourcery-ai bot
Loading

Bumps github/codeql-action from 4.31.8 to 4.31.9.

updated-dependencies:

  • dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch ...

name: Default Pull Request Template
about: Suggesting changes to SkyLockAssault
title: ''
labels: ''
assignees: ''

Description

What does this PR do? (e.g., "Fixes player jump physics in level 2" or "Adds
new enemy AI script")

Related Issue

Closes #ISSUE_NUMBER (if applicable)

Changes

  • List key changes here (e.g., "Updated Jump.gd to use Godot 4.4's new Tween
    system")
  • Any breaking changes? (e.g., "Deprecated old signal; migrate to new one")

Testing

  • Ran the game in Godot v4.5 editor—describe what you tested (e.g., "Jump
    works on Win10 with 60 FPS")
  • Any new unit tests added? (Link to test scene if yes)
  • Screenshots/GIFs if UI-related: (Attach below)

Checklist

  • Code follows Godot style guide (e.g., snake_case for variables)
  • No console errors in editor/output
  • Ready for review!

Additional Notes

Anything else? (e.g., "Tested on Win10 64-bit; needs Linux validation")

Summary by Sourcery

Update GitHub CodeQL-related GitHub Actions to the latest patch release across security workflows.

CI:

  • Bump github/codeql-action init, autobuild, analyze, and upload-sarif usages from v4.31.8 to v4.31.9 in CodeQL and Snyk workflows.
  • Refresh the pinned SHA for github/codeql-action/upload-sarif in the Trivy workflow to the latest corresponding commit.

@dependabot
Bump github/codeql-action from 4.31.8 to 4.31.9
b13ce14 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](github/codeql-action@v4.31.8...v4.31.9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@ikostan ikostan self-assigned this Dec 23, 2025
@ikostan ikostan added CI/CD dependencies Pull requests that update a dependency file github actions Pull requests that update GitHub Actions code labels Dec 23, 2025
@ikostan ikostan added dependabot github_actions Pull requests that update GitHub Actions code labels Dec 23, 2025
@ikostan ikostan moved this to In Progress in Sky Lock Assault Project Dec 23, 2025
@sourcery-ai
Copy link
Contributor

sourcery-ai bot commented Dec 23, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates all GitHub Actions workflows to use github/codeql-action v4.31.9 (and refreshes one pinned SHA) for CodeQL initialization, autobuild, analysis, and SARIF upload steps.

Sequence diagram for updated security scanning and SARIF upload

sequenceDiagram
  actor Developer
  participant GitHub_Repo
  participant GitHub_Actions
  participant CodeQL_Action as github_codeql_action
  participant GitHub_Security_Tab

  Developer->>GitHub_Repo: Push commits or open PR
  GitHub_Repo->>GitHub_Actions: Trigger workflows (codeql.yml, snyk.yml, trivy.yml)

  par CodeQL_analysis
    GitHub_Actions->>CodeQL_Action: [email protected]
    CodeQL_Action-->>GitHub_Actions: Initialize database
    GitHub_Actions->>CodeQL_Action: [email protected]
    CodeQL_Action-->>GitHub_Actions: Build and extract data
    GitHub_Actions->>CodeQL_Action: [email protected]
    CodeQL_Action-->>GitHub_Actions: Generate CodeQL SARIF
  and Snyk_scan
    GitHub_Actions->>CodeQL_Action: [email protected] (snyk-code.sarif, snyk-os.sarif)
    CodeQL_Action-->>GitHub_Actions: Confirm upload
  and Trivy_scan
    GitHub_Actions->>CodeQL_Action: upload-sarif@pinned_SHA (trivy-results.sarif)
    CodeQL_Action-->>GitHub_Actions: Confirm upload
  end

  GitHub_Actions->>GitHub_Security_Tab: Publish SARIF results
  GitHub_Security_Tab-->>Developer: Display security alerts and code scanning results
Loading

File-Level Changes

Change Details Files
Bump CodeQL action version from 4.31.8 to 4.31.9 across workflows using the tagged v4 series. .github/workflows/codeql.yml
.github/workflows/snyk.yml
Refresh pinned SHA for the CodeQL upload-sarif action in the Trivy workflow.
  • Change the pinned commit SHA used for github/codeql-action/upload-sarif to the latest stable v3.31.0 SHA while keeping the same documented version comment
 .github/workflows/trivy.yml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@ikostan ikostan merged commit 70d8583 into 262-bug-audio-crackling-and-delays-in-non-threaded-web-exports-main-thread-blocking-warning-in-threaded-exports Dec 23, 2025
7 of 9 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Sky Lock Assault Project Dec 23, 2025
sourcery-ai[bot]
sourcery-ai bot reviewed Dec 23, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • In .github/workflows/trivy.yml, the inline comment still says the pinned SHA corresponds to v3.31.0, but the commit hash has changed—please double-check and update the comment so the referenced version/tag matches the actual commit being pinned to avoid confusion for future maintainers.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- In `.github/workflows/trivy.yml`, the inline comment still says the pinned SHA corresponds to `v3.31.0`, but the commit hash has changed—please double-check and update the comment so the referenced version/tag matches the actual commit being pinned to avoid confusion for future maintainers.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@dependabot dependabot bot deleted the dependabot/github_actions/github/codeql-action-4.31.9 branch December 23, 2025 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

@ikostan ikostan

Labels

CI/CD dependabot dependencies Pull requests that update a dependency file github actions Pull requests that update GitHub Actions code github_actions Pull requests that update GitHub Actions code

Projects

Sky Lock Assault Project
Status: Done

Milestone

Milestone 8: Advanced Features, Maint...

Development

Successfully merging this pull request may close these issues.

2 participants

@ikostan