Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[deps]: Update gh minor #289

Merged
merged 1 commit into from
Dec 23, 2024
Merged

[deps]: Update gh minor #289

merged 1 commit into from
Dec 23, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 23, 2024

This PR contains the following updates:

Package Type Update Change
actions/upload-artifact action minor v4.4.3 -> v4.5.0
checkmarx/ast-github-action action patch 2.0.39 -> 2.0.40
github/codeql-action action minor v3.27.6 -> v3.28.0

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.5.0

Compare Source

checkmarx/ast-github-action (checkmarx/ast-github-action)

v2.0.40

Compare Source

What's Changed

Other Changes

Full Changelog: Checkmarx/ast-github-action@2.0.39...2.0.40

github/codeql-action (github/codeql-action)

v3.28.0

Compare Source

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.


Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner December 23, 2024 01:45
@bitwarden-bot bitwarden-bot changed the title [deps]: Update gh minor [PM-16378] [deps]: Update gh minor Dec 23, 2024
@bitwarden-bot
Copy link

Internal tracking:

@renovate renovate bot changed the title [PM-16378] [deps]: Update gh minor [deps]: Update gh minor Dec 23, 2024
Copy link

Logo
Checkmarx One – Scan Summary & Details99611c30-2883-45f5-a963-65dd23762402

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2024-21538 Npm-cross-spawn-7.0.3 Vulnerable Package
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 Vulnerable Package
MEDIUM CVE-2024-55565 Npm-nanoid-3.3.7 Vulnerable Package
MEDIUM Cx14b19a02-387a Npm-body-parser-1.20.3 Vulnerable Package
LOW Cx8bc4df28-fcf5 Npm-debug-2.6.9 Vulnerable Package
LOW Cx8bc4df28-fcf5 Npm-debug-4.3.4 Vulnerable Package
LOW Cx8bc4df28-fcf5 Npm-debug-4.3.6 Vulnerable Package
LOW Cx8bc4df28-fcf5 Npm-debug-4.3.1 Vulnerable Package

@jprusik jprusik self-assigned this Dec 23, 2024
@jprusik jprusik merged commit ea9248a into main Dec 23, 2024
5 checks passed
@jprusik jprusik deleted the renovate/gh-minor branch December 23, 2024 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants