Bump github/codeql-action/autobuild from 2.28.1 to 4.36.2#963
Bump github/codeql-action/autobuild from 2.28.1 to 4.36.2#963dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [github/codeql-action/autobuild](https://github.com/github/codeql-action) from 2.28.1 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b8d3b6e...8aad20d) --- updated-dependencies: - dependency-name: github/codeql-action/autobuild dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5840628e27
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # If this step fails, then you should remove it and run the build manually (see below) | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 | ||
| uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 |
There was a problem hiding this comment.
Update all CodeQL steps to the same version
When this workflow runs, the v4 autobuild action loads the config written by the preceding init step, but that step is still pinned to v2.28.1. CodeQL Action v4 validates the saved config version against its own action version and rejects mismatches, so this step will fail before analysis instead of completing the scan. Bump init and analyze to the same v4 revision as well.
Useful? React with 👍 / 👎.
|
Superseded by #967. |
Bumps github/codeql-action/autobuild from 2.28.1 to 4.36.2.
Release notes
Sourced from github/codeql-action/autobuild's releases.
... (truncated)
Changelog
Sourced from github/codeql-action/autobuild's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)