Bumps the external-dependencies group with 1 update in the
/.github/workflows directory:
[github/codeql-action](https://github.com/github/codeql-action).
Updates `github/codeql-action` from 3.27.4 to 3.27.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message "Invalid value 'undefined' for header
'authorization'". <a
href="https://redirect.github.com/github/codeql-action/pull/2590">#2590</a></li>
</ul>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f09c1c0a94"><code>f09c1c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2616">#2616</a>
from github/update-v3.27.5-a6c8729a5</li>
<li><a
href="67b73eaba5"><code>67b73ea</code></a>
Update changelog for v3.27.5</li>
<li><a
href="a6c8729a5d"><code>a6c8729</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2614">#2614</a>
from github/marcogario/per-platform-proxy</li>
<li><a
href="8f3b48727f"><code>8f3b487</code></a>
Start-proxy: Fetch OS specific binary</li>
<li><a
href="cba5fb58d4"><code>cba5fb5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2613">#2613</a>
from github/dependabot/npm_and_yarn/npm_and_yarn-018...</li>
<li><a
href="e782c3a145"><code>e782c3a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2612">#2612</a>
from github/angelapwen/report-linux-runner-release</li>
<li><a
href="db6788195b"><code>db67881</code></a>
Update checked-in dependencies</li>
<li><a
href="ecde4d232d"><code>ecde4d2</code></a>
Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group</li>
<li><a
href="e3c67a01d3"><code>e3c67a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2610">#2610</a>
from github/dependabot/npm_and_yarn/npm-d2ca52e617</li>
<li><a
href="f9ada54538"><code>f9ada54</code></a>
Telemetry: report OS release for GitHub-hosted Linux runners</li>
<li>Additional commits viewable in <a
href="ea9e4e3799...f09c1c0a94">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the external-dependencies group with 1 update in the
/.github/workflows directory:
[github/codeql-action](https://github.com/github/codeql-action).
Updates `github/codeql-action` from 3.27.1 to 3.27.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.4/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.27.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.3/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.27.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message "Invalid value 'undefined' for header
'authorization'". <a
href="https://redirect.github.com/github/codeql-action/pull/2590">#2590</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message "Invalid value 'undefined' for header
'authorization'". <a
href="https://redirect.github.com/github/codeql-action/pull/2590">#2590</a></li>
</ul>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ea9e4e3799"><code>ea9e4e3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2605">#2605</a>
from github/update-v3.27.4-3ab67a219</li>
<li><a
href="845ea9230b"><code>845ea92</code></a>
Update changelog for v3.27.4</li>
<li><a
href="3ab67a2193"><code>3ab67a2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2597">#2597</a>
from github/mbg/caching/output-improvements</li>
<li><a
href="6e3a010dfe"><code>6e3a010</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2583">#2583</a>
from jsoref/use-artifact-4</li>
<li><a
href="1c83cd1292"><code>1c83cd1</code></a>
Upgrade actions/upload-artifact to v4</li>
<li><a
href="024283fcc9"><code>024283f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2602">#2602</a>
from github/mergeback/v3.27.3-to-main-396bb3e4</li>
<li><a
href="613fe96926"><code>613fe96</code></a>
Update checked-in dependencies</li>
<li><a
href="e35d4aa1da"><code>e35d4aa</code></a>
Update changelog and version after v3.27.3</li>
<li><a
href="396bb3e453"><code>396bb3e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2601">#2601</a>
from github/update-v3.27.3-f04790367</li>
<li><a
href="2b1319450a"><code>2b13194</code></a>
Update changelog for v3.27.3</li>
<li>Additional commits viewable in <a
href="4f3212b617...ea9e4e3799">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the external-dependencies group with 1 update in the
/.github/workflows directory:
[github/codeql-action](https://github.com/github/codeql-action).
Updates `github/codeql-action` from 3.27.0 to 3.27.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.1/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4f3212b617"><code>4f3212b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2585">#2585</a>
from github/update-v3.27.1-3ef4c0845</li>
<li><a
href="63b548d59e"><code>63b548d</code></a>
Update changelog for v3.27.1</li>
<li><a
href="3ef4c08457"><code>3ef4c08</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2576">#2576</a>
from github/update-bundle/codeql-bundle-v2.19.3</li>
<li><a
href="4e033f0e26"><code>4e033f0</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.3</li>
<li><a
href="5ac2ddd6fc"><code>5ac2ddd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2580">#2580</a>
from jsoref/minor-cleanup</li>
<li><a
href="3b7b85fbe8"><code>3b7b85f</code></a>
Conditionally clear runner cache</li>
<li><a
href="688ea5370d"><code>688ea53</code></a>
Fix publish-immutable-action version</li>
<li><a
href="1e6d67b138"><code>1e6d67b</code></a>
Give expected-queries-runs permissions</li>
<li><a
href="d5e73848c4"><code>d5e7384</code></a>
Strip trailing whitespace generated by ruamel-yaml</li>
<li><a
href="756aa649df"><code>756aa64</code></a>
spelling: macos</li>
<li>Additional commits viewable in <a
href="662472033e...4f3212b617">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
I use git submodule instead of putting the extension source codes
directly in the repo, to my surprise it doesn't automatically initialize
the submodule thus failing the automatic build.
These changes should make the workflow is able to initialize any git
submodules inside the repo thus making the automatic build passes.
Tested in this repo
https://github.com/dibyanugraha/d365-bc-toastui-calendar-control-addin-cicd
Fixes#1215
Add new DeployTo setting called DependencyInstallMode, which can be
ignore, install or upgrade. Default is install (which doesn't cause
disruption with prior functionality)
If DependencyInstallMode is set to ignore - then dependencies will not
be installed/upgraded.
All AppSource Apps will be installed/upgraded first, which can be done
in any order as they are installed/upgraded with
`-installOrUpdateNeededDependencies`. All dependency PTEs are installed
afterwards in dependency order.
Rules for deploying dependencies to online environments goes here:
If the App (from dependencies) is a PTE:
- If it is installed in a newer version - leave it and see if it works
- If it is installed in an older version - Upgrade if
DependencyInstallMode is upgrade (else issue WARNING)
If the App (from dependencies) is an AppSource App:
- If it isn't already installed - install it from AppSource
- If it is installed in an older version in the Dev scope - issue a
warning and leave as is
- If it is installed in an older version - Upgrade if
DependencyInstallMode is upgrade (else issue WARNING)
- If it is installed in a newer version - issue a warning and leave as
is
TODO:
- [x] Add Release note
- [x] Add to settings.md
---------
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
The new sign tool returns
`Signing
C:\Users\runneradmin\AppData\Local\Temp\5kjwvcol.khn\sv3h0r4d.app
succeeded.`
instead of
`Signing succeeded.`
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
## Support for Azure Trusted Signing
Read https://learn.microsoft.com/en-us/azure/trusted-signing/ for more
information about Trusted Signing and how to set it up. After setting up
your trusted signing account and certificate profile, you need to create
a setting called
[trustedSigning](https://aka.ms/algosettings#trustedSigning) for AL-Go
to sign your apps using Azure Trusted Signing.
New setting example:
"trustedSigning": {
"Endpoint": "https://neu.codesigning.azure.net",
"Account": "BCCodeSigningTest",
"CertificateProfile": "BCCodeSigningPublic"
}
These values are defined from your trusted signing account in Azure.
Note that your Azure_Credentials secret (Entra ID App or Managed
identity) still needs to provide access to your azure subscription and
be assigned the `Trusted Signing Certificate Profile Signer` role in the
Trusted Signing Account.
---------
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
This PR adds pagescripting functionality to CI/CD in AL-Go for GitHub.
### CI/CD
In CI/CD you will be able to define which page scripting tests you want
to execute after a successful build to verify the build. This is
controlled by 3 project settings:
- `pageScriptingTests` should be an array of page scripting test file
specifications, relative to the AL-Go project. Examples of file
specifications: `recordings/my*.yml` (for all yaml files in the
recordings subfolder matching my*.yml), `recordings` (for all *.yml
files in the recordings subfolder) or `recordings/test.yml` (for a
single yml file)
- `doNotRunPageScriptingTests` can force the pipeline to NOT run the
page scripting tests specified in pageScriptingTests. Note this setting
can be set in a [workflow specific settings
file](#where-are-the-settings-located) to only apply to that workflow
- `restoreDatabases` should be an array of events, indicating when you
want to start with clean databases in the container. Possible events
are: `BeforeBcpTests`, `BeforePageScriptingTests`, `BeforeEachTestApp`,
`BeforeEachBcptTestApp`, `BeforeEachPageScriptingTest`
CI/CD (and test) workflows will have new build artifacts created:
- `PageScriptingTestResults` is a JUnit test results file with all
results combined.
- `PageScriptingTestResultDetails` are the detailed test results
(including videos) when any of the page scripting tests have failures.
If the page scripting tests succeed - the details are not published.
### TO:DO
- [x] Update release notes
- [x] Update settings documentation
- [x] Revert to BcContainerHelper preview in AL-Go-Helper.ps1
### What's next
Workshop scenarios
Part 2 is adding a visual results viewer - this requires injecting a
custom playwright-reporter, which the current bc-replay module doesn't
support yet
Part 3 is adding pagescripting to deployment - allowing people to run
the same or other page scripting tests after deployment to QA
environment. This part could also allow running AL tests and BCPT tests
in QA environments after deployment as a validation of the deployment.
---------
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
Co-authored-by: Maria Zhelezova <43066499+mazhelez@users.noreply.github.com>
* Update the Sign script to log the output of dotnet install to the
logs.
* Update the sign package to latest. The Sign team recently made an
improvement to write a warning if _Visual C++ Runtime_ is not installed.
If it isn't, signing will fail because NavSip depends on this assembly.
Related to #1252
validation does not pass if i use +1.0:
`Enabling Microsoft telemetry...
Error: Unexpected error when running action. Error Message: Incremental
version number +1.0 is not allowed. Allowed incremental version numbers
are: +1, +0.1, StackTrace: at <ScriptBlock>,
D:\a\_actions\microsoft\AL-Go-Actions\v6.0\IncrementVersionNumber\IncrementVersionNumber.ps1:
line 28 <- at <ScriptBlock>,
D:\a\_temp\996bffab-078d-4bf5-8adf-23c638bdbbfe.ps1: line 3 <- at
<ScriptBlock>,
D:\a\_actions\microsoft\AL-Go-Actions\v6.0\Invoke-AlGoAction.ps1: line
17 <- at <ScriptBlock>,
D:\a\_temp\996bffab-078d-4bf5-8adf-23c638bdbbfe.ps1: line 2 <- at
<ScriptBlock>, <No file>: line 1
Error: Process completed with exit code 1.`
**Problem**
When incrementing the version number in our repo, one of the dependency
apps were given two version entries.
c4d59f0790
**Solution**
* Gather app infos by iterating over the distinct app folders
* If multiple app ids are found, select the first one
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to
4.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix cache-hit output when cache missed by <a
href="https://github.com/fchimpan"><code>@fchimpan</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li>
<li>Deprecate <code>save-always</code> input by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1452">actions/cache#1452</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ottlinger"><code>@ottlinger</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1437">actions/cache#1437</a></li>
<li><a href="https://github.com/Olegt0rr"><code>@Olegt0rr</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1377">actions/cache#1377</a></li>
<li><a href="https://github.com/fchimpan"><code>@fchimpan</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li>
<li><a href="https://github.com/x612skm"><code>@x612skm</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1434">actions/cache#1434</a></li>
<li><a href="https://github.com/todgru"><code>@todgru</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1311">actions/cache#1311</a></li>
<li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1463">actions/cache#1463</a></li>
<li><a
href="https://github.com/mackey0225"><code>@mackey0225</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1462">actions/cache#1462</a></li>
<li><a href="https://github.com/quatquatt"><code>@quatquatt</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1445">actions/cache#1445</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.0.2...v4.1.0">https://github.com/actions/cache/compare/v4.0.2...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
20</li>
</ul>
<h3>3.3.3</h3>
<ul>
<li>Updates <code>@actions/cache</code> to v3.2.3 to fix accidental
mutated path arguments to <code>getCacheVersion</code> <a
href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li>
<li>Additional audit fixes of npm package(s)</li>
</ul>
<h3>3.3.2</h3>
<ul>
<li>Fixes bug with Azure SDK causing blob downloads to get stuck.</li>
</ul>
<h3>3.3.1</h3>
<ul>
<li>Reduced segment size to 128MB and segment timeout to 10 minutes to
fail fast in case the cache download is stuck.</li>
</ul>
<h3>3.3.0</h3>
<ul>
<li>Added option to lookup cache without downloading it.</li>
</ul>
<h3>3.2.6</h3>
<ul>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners.</li>
</ul>
<h3>3.2.5</h3>
<ul>
<li>Added fix to prevent from setting MYSYS environment variable
globally.</li>
</ul>
<h3>3.2.4</h3>
<ul>
<li>Added option to fail job on cache miss.</li>
</ul>
<h3>3.2.3</h3>
<ul>
<li>Support cross os caching on Windows as an opt-in feature.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2cdf405574"><code>2cdf405</code></a>
Prepare <code>4.1.0</code> release (<a
href="https://redirect.github.com/actions/cache/issues/1464">#1464</a>)</li>
<li><a
href="a11fb02296"><code>a11fb02</code></a>
restore action's README now references v4 instead of v3 (<a
href="https://redirect.github.com/actions/cache/issues/1445">#1445</a>)</li>
<li><a
href="cf7a75e7b9"><code>cf7a75e</code></a>
Fix typo: depening -> depending (<a
href="https://redirect.github.com/actions/cache/issues/1462">#1462</a>)</li>
<li><a
href="c74ca4022c"><code>c74ca40</code></a>
Deprecate <code>save-always</code> input (<a
href="https://redirect.github.com/actions/cache/issues/1452">#1452</a>)</li>
<li><a
href="f8a7ab490b"><code>f8a7ab4</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1463">#1463</a>
from actions/Jcambass-patch-1</li>
<li><a
href="45b7be0774"><code>45b7be0</code></a>
Add workflow file for publishing releases to immutable action
package</li>
<li><a
href="81382a721f"><code>81382a7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1311">#1311</a>
from todgru/todgru/v4-documentation-update</li>
<li><a
href="c4ee99a3bd"><code>c4ee99a</code></a>
Merge branch 'main' into todgru/v4-documentation-update</li>
<li><a
href="57b8e405f0"><code>57b8e40</code></a>
Clarify that the <code>restore-keys</code> input is a string in the docs
(<a
href="https://redirect.github.com/actions/cache/issues/1434">#1434</a>)</li>
<li><a
href="40c3b67b29"><code>40c3b67</code></a>
Fix cache-hit output when cache missed (<a
href="https://redirect.github.com/actions/cache/issues/1404">#1404</a>)</li>
<li>Additional commits viewable in <a
href="0c45773b62...2cdf405574">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to
4.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix cache-hit output when cache missed by <a
href="https://github.com/fchimpan"><code>@fchimpan</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li>
<li>Deprecate <code>save-always</code> input by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1452">actions/cache#1452</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ottlinger"><code>@ottlinger</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1437">actions/cache#1437</a></li>
<li><a href="https://github.com/Olegt0rr"><code>@Olegt0rr</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1377">actions/cache#1377</a></li>
<li><a href="https://github.com/fchimpan"><code>@fchimpan</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li>
<li><a href="https://github.com/x612skm"><code>@x612skm</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1434">actions/cache#1434</a></li>
<li><a href="https://github.com/todgru"><code>@todgru</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1311">actions/cache#1311</a></li>
<li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1463">actions/cache#1463</a></li>
<li><a
href="https://github.com/mackey0225"><code>@mackey0225</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1462">actions/cache#1462</a></li>
<li><a href="https://github.com/quatquatt"><code>@quatquatt</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1445">actions/cache#1445</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.0.2...v4.1.0">https://github.com/actions/cache/compare/v4.0.2...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
20</li>
</ul>
<h3>3.3.3</h3>
<ul>
<li>Updates <code>@actions/cache</code> to v3.2.3 to fix accidental
mutated path arguments to <code>getCacheVersion</code> <a
href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li>
<li>Additional audit fixes of npm package(s)</li>
</ul>
<h3>3.3.2</h3>
<ul>
<li>Fixes bug with Azure SDK causing blob downloads to get stuck.</li>
</ul>
<h3>3.3.1</h3>
<ul>
<li>Reduced segment size to 128MB and segment timeout to 10 minutes to
fail fast in case the cache download is stuck.</li>
</ul>
<h3>3.3.0</h3>
<ul>
<li>Added option to lookup cache without downloading it.</li>
</ul>
<h3>3.2.6</h3>
<ul>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners.</li>
</ul>
<h3>3.2.5</h3>
<ul>
<li>Added fix to prevent from setting MYSYS environment variable
globally.</li>
</ul>
<h3>3.2.4</h3>
<ul>
<li>Added option to fail job on cache miss.</li>
</ul>
<h3>3.2.3</h3>
<ul>
<li>Support cross os caching on Windows as an opt-in feature.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2cdf405574"><code>2cdf405</code></a>
Prepare <code>4.1.0</code> release (<a
href="https://redirect.github.com/actions/cache/issues/1464">#1464</a>)</li>
<li><a
href="a11fb02296"><code>a11fb02</code></a>
restore action's README now references v4 instead of v3 (<a
href="https://redirect.github.com/actions/cache/issues/1445">#1445</a>)</li>
<li><a
href="cf7a75e7b9"><code>cf7a75e</code></a>
Fix typo: depening -> depending (<a
href="https://redirect.github.com/actions/cache/issues/1462">#1462</a>)</li>
<li><a
href="c74ca4022c"><code>c74ca40</code></a>
Deprecate <code>save-always</code> input (<a
href="https://redirect.github.com/actions/cache/issues/1452">#1452</a>)</li>
<li><a
href="f8a7ab490b"><code>f8a7ab4</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1463">#1463</a>
from actions/Jcambass-patch-1</li>
<li><a
href="45b7be0774"><code>45b7be0</code></a>
Add workflow file for publishing releases to immutable action
package</li>
<li><a
href="81382a721f"><code>81382a7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1311">#1311</a>
from todgru/todgru/v4-documentation-update</li>
<li><a
href="c4ee99a3bd"><code>c4ee99a</code></a>
Merge branch 'main' into todgru/v4-documentation-update</li>
<li><a
href="57b8e405f0"><code>57b8e40</code></a>
Clarify that the <code>restore-keys</code> input is a string in the docs
(<a
href="https://redirect.github.com/actions/cache/issues/1434">#1434</a>)</li>
<li><a
href="40c3b67b29"><code>40c3b67</code></a>
Fix cache-hit output when cache missed (<a
href="https://redirect.github.com/actions/cache/issues/1404">#1404</a>)</li>
<li>Additional commits viewable in <a
href="0c45773b62...2cdf405574">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.9 to 3.26.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6db8d6351f"><code>6db8d63</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2522">#2522</a>
from github/update-v3.26.11-8aba5f2c4</li>
<li><a
href="389647f398"><code>389647f</code></a>
Update changelog for v3.26.11</li>
<li><a
href="8aba5f2c42"><code>8aba5f2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2516">#2516</a>
from github/aeisenberg/dependabot-exclude</li>
<li><a
href="ecac2c6d53"><code>ecac2c6</code></a>
Exclupde <code>eslint-plugin-import</code> updates from dependabot</li>
<li><a
href="e85017e674"><code>e85017e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2514">#2514</a>
from github/henrymercer/zstd-better-failure-logging</li>
<li><a
href="a60db1d7ff"><code>a60db1d</code></a>
Add notice for dependency upgrade timeline (<a
href="https://redirect.github.com/github/codeql-action/issues/2513">#2513</a>)</li>
<li><a
href="28db28fc03"><code>28db28f</code></a>
Improve clean up if extraction fails</li>
<li><a
href="3da852e107"><code>3da852e</code></a>
Capture stderr from extracting <code>.tar.zst</code></li>
<li><a
href="c4d433c562"><code>c4d433c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2510">#2510</a>
from github/dependabot/npm_and_yarn/npm-13baf58ce8</li>
<li><a
href="2f6cf481fd"><code>2f6cf48</code></a>
Undo <code>eslint-plugin-import</code> bump</li>
<li>Additional commits viewable in <a
href="461ef6c76d...6db8d6351f">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The error when the json ist not minified is pretty obscure, I think it
might be helpful to make this clear.
---------
Co-authored-by: Freddy Kristiansen <freddy.kristiansen@microsoft.com>
Co-authored-by: Alexander Holstrup <117829001+aholstrup1@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.8 to 3.26.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="461ef6c76d"><code>461ef6c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2503">#2503</a>
from github/update-v3.26.9-f861efb2b</li>
<li><a
href="00b1146c45"><code>00b1146</code></a>
Update changelog for v3.26.9</li>
<li><a
href="f861efb2b3"><code>f861efb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2498">#2498</a>
from github/dependabot/npm_and_yarn/npm-9874b37b58</li>
<li><a
href="426821d803"><code>426821d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2485">#2485</a>
from github/dependabot/github_actions/actions-a88a8c...</li>
<li><a
href="07e8133971"><code>07e8133</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2501">#2501</a>
from github/henrymercer/missing-autobuild-config-error</li>
<li><a
href="e0a151e64e"><code>e0a151e</code></a>
Fix inconsistency in autobuild error tracking</li>
<li><a
href="6b0ce4e274"><code>6b0ce4e</code></a>
revert eslint-plugin-import to 2.29.1</li>
<li><a
href="07fd497921"><code>07fd497</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-a88a8c5a24</li>
<li><a
href="2cddcb1990"><code>2cddcb1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2499">#2499</a>
from github/aeisenberg/no-upload-sarif</li>
<li><a
href="6225a95822"><code>6225a95</code></a>
Don't upload during cancelled jobs</li>
<li>Additional commits viewable in <a
href="294a9d9291...461ef6c76d">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
With this release the implementation for delivering to NuGet packages
(by adding the NuGetContext secret), is similar to the functionality
behind delivering to GitHub packages and the implementation is final.
New Settings:
- `trustMicrosoftNuGetFeeds` Unless this setting is set to false, AL-Go
for GitHub will trust the NuGet feeds provided by Microsoft. The feeds
provided by Microsoft contains all Microsoft apps, all Microsoft symbols
and symbols for all AppSource apps.
- `trustedNuGetFeeds` - can be an array of NuGet feed specifications,
which AL-Go for GitHub will use for dependency resolution. Every feed
specification must include a url property and can optionally include a
few other properties:
- Url - The URL of the feed (examples:
https://pkgs.dev.azure.com/myorg/apps/\_packaging/myrepo/nuget/v3/index.json
or https://nuget.pkg.github.com/mygithuborg/index.json")
- Patterns - AL-Go for Github will only trust packages, where the ID
matches this pattern. Default is all packages (\*).
- FingerPrints - If specified, AL-Go for GitHub will only trust packages
signed with one of the fingerprints specified in this array of
fingerprints.
- AuthTokenSecret - If the NuGet feed specified by URL is private, the
authTokenSecret must be the name of a secret containing the
authentication token with permissions to search and read packages from
the NuGet feed
---------
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.7 to 3.26.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="294a9d9291"><code>294a9d9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2490">#2490</a>
from github/update-v3.26.8-64431c66d</li>
<li><a
href="00b3604ce7"><code>00b3604</code></a>
Update changelog for v3.26.8</li>
<li><a
href="64431c66d0"><code>64431c6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2483">#2483</a>
from github/update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="e0e2d7557d"><code>e0e2d75</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="cb28816228"><code>cb28816</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2487">#2487</a>
from rvermeulen/rvermeulen/uri-errors-as-warnings</li>
<li><a
href="498c508900"><code>498c508</code></a>
Rebuild JavaScript files</li>
<li><a
href="a1a585f2ab"><code>a1a585f</code></a>
Merge branch 'main' into rvermeulen/uri-errors-as-warnings</li>
<li><a
href="34666c10b6"><code>34666c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2488">#2488</a>
from github/henrymercer/debug-artifacts-better-logging</li>
<li><a
href="6e24973d7a"><code>6e24973</code></a>
Improve logging for combined SARIF debug artifact</li>
<li><a
href="d0a3cf2152"><code>d0a3cf2</code></a>
Improve logging for debug artifacts</li>
<li>Additional commits viewable in <a
href="8214744c54...294a9d9291">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.6 to 3.26.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8214744c54"><code>8214744</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2478">#2478</a>
from github/update-v3.26.7-4a01ec798</li>
<li><a
href="a3b3e07cec"><code>a3b3e07</code></a>
Update changelog for v3.26.7</li>
<li><a
href="4a01ec7986"><code>4a01ec7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2474">#2474</a>
from github/aeisenberg/always-upload-eslint-sarif</li>
<li><a
href="762dbaeeb7"><code>762dbae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2471">#2471</a>
from github/update-bundle/codeql-bundle-v2.18.4</li>
<li><a
href="0d0f998f28"><code>0d0f998</code></a>
Always upload eslint.sarif</li>
<li><a
href="e817992b3d"><code>e817992</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2469">#2469</a>
from github/aeisenberg/upload-eslint-sarif</li>
<li><a
href="49021ad7f5"><code>49021ad</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2472">#2472</a>
from rvermeulen/rvermeulen/update-release-branch-authz</li>
<li><a
href="56b8418884"><code>56b8418</code></a>
Ignore suppressed alerts</li>
<li><a
href="f824adbf9b"><code>f824adb</code></a>
Merge branch 'main' into rvermeulen/update-release-branch-authz</li>
<li><a
href="8d9ed0b40e"><code>8d9ed0b</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="4dd16135b6...8214744c54">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Allow GitHubRunner as a project setting. This would enable us to compile
apps on linux-based GitHub runners while running the tests on either
windows GitHub runners or self-hosted runners.
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.5 to 3.26.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4dd16135b6"><code>4dd1613</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2452">#2452</a>
from github/update-v3.26.6-7233ec5e6</li>
<li><a
href="dd9dd2d538"><code>dd9dd2d</code></a>
Update changelog for v3.26.6</li>
<li><a
href="7233ec5e6b"><code>7233ec5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2449">#2449</a>
from github/update-bundle/codeql-bundle-v2.18.3</li>
<li><a
href="a32c44dba1"><code>a32c44d</code></a>
Add changelog note</li>
<li><a
href="2966897c67"><code>2966897</code></a>
Update default bundle to codeql-bundle-v2.18.3</li>
<li><a
href="b8efe4dc6a"><code>b8efe4d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2435">#2435</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="ab408a875b"><code>ab408a8</code></a>
Merge branch 'main' into
update-supported-enterprise-server-versions</li>
<li><a
href="864b979bc3"><code>864b979</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2443">#2443</a>
from github/dbartol/config-file-telemetry</li>
<li><a
href="d36c7aaf6a"><code>d36c7aa</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2448">#2448</a>
from github/dependabot/npm_and_yarn/npm-09b7c43f6b</li>
<li><a
href="b3bf514df4"><code>b3bf514</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="2c779ab0d0...4dd16135b6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.3.6 to 4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<h2>Notice: Breaking Changes ⚠️</h2>
<p>We will no longer include hidden files and folders by default in the
<code>upload-artifact</code> action of this version. This reduces the
risk that credentials are accidentally uploaded into artifacts.
Customers who need to continue to upload these files can use a new
option, <code>include-hidden-files</code>, to continue to do so.</p>
<p>See <a
href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">"Notice
of upcoming deprecations and breaking changes in GitHub Actions
runners"</a> changelog and <a
href="https://redirect.github.com/actions/upload-artifact/issues/602">this
issue</a> for more details.</p>
<h2>What's Changed</h2>
<ul>
<li>Exclude hidden files by default by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/598">actions/upload-artifact#598</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0">https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50769540e7"><code>5076954</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/598">#598</a>
from actions/joshmgross/exclude-hidden-files</li>
<li><a
href="d52396ac5d"><code>d52396a</code></a>
Add a warning about enabling <code>include-hidden-files</code></li>
<li><a
href="710f362075"><code>710f362</code></a>
Remove "merged" from <code>include-hidden-files</code> input
description</li>
<li><a
href="3b315f26f6"><code>3b315f2</code></a>
<code>npm run release</code> again 🙂</li>
<li><a
href="3be2180eb7"><code>3be2180</code></a>
Remove another trailing comma</li>
<li><a
href="453e8d0a40"><code>453e8d0</code></a>
Update glob license</li>
<li><a
href="0a398c1480"><code>0a398c1</code></a>
<code>npm run release</code></li>
<li><a
href="a0c40cf602"><code>a0c40cf</code></a>
Update to latest <code>@actions/glob</code> and fix tests</li>
<li><a
href="acb59e4776"><code>acb59e4</code></a>
<code>lint</code></li>
<li><a
href="cb6558bb10"><code>cb6558b</code></a>
Exclude hidden files by default</li>
<li>See full diff in <a
href="834a144ee9...50769540e7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.3.6 to 4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<h2>Notice: Breaking Changes ⚠️</h2>
<p>We will no longer include hidden files and folders by default in the
<code>upload-artifact</code> action of this version. This reduces the
risk that credentials are accidentally uploaded into artifacts.
Customers who need to continue to upload these files can use a new
option, <code>include-hidden-files</code>, to continue to do so.</p>
<p>See <a
href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">"Notice
of upcoming deprecations and breaking changes in GitHub Actions
runners"</a> changelog and <a
href="https://redirect.github.com/actions/upload-artifact/issues/602">this
issue</a> for more details.</p>
<h2>What's Changed</h2>
<ul>
<li>Exclude hidden files by default by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/598">actions/upload-artifact#598</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0">https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50769540e7"><code>5076954</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/598">#598</a>
from actions/joshmgross/exclude-hidden-files</li>
<li><a
href="d52396ac5d"><code>d52396a</code></a>
Add a warning about enabling <code>include-hidden-files</code></li>
<li><a
href="710f362075"><code>710f362</code></a>
Remove "merged" from <code>include-hidden-files</code> input
description</li>
<li><a
href="3b315f26f6"><code>3b315f2</code></a>
<code>npm run release</code> again 🙂</li>
<li><a
href="3be2180eb7"><code>3be2180</code></a>
Remove another trailing comma</li>
<li><a
href="453e8d0a40"><code>453e8d0</code></a>
Update glob license</li>
<li><a
href="0a398c1480"><code>0a398c1</code></a>
<code>npm run release</code></li>
<li><a
href="a0c40cf602"><code>a0c40cf</code></a>
Update to latest <code>@actions/glob</code> and fix tests</li>
<li><a
href="acb59e4776"><code>acb59e4</code></a>
<code>lint</code></li>
<li><a
href="cb6558bb10"><code>cb6558b</code></a>
Exclude hidden files by default</li>
<li>See full diff in <a
href="834a144ee9...50769540e7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Update how AL-Go version is determined.
Since $ENV:GITHUB_REPOSITORY is the repository that runs the workflow,
AL-Go version will always be "Developer/Private" unless the workflow is
being run from a Microsoft-owned repo.
Fixes#1180
Add projects to repository settings and remove appFolders, testFolder
and bcptTestFolders (which are also described under basic project
settings.
---------
Co-authored-by: freddydk <freddydk@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.2 to 3.26.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2c779ab0d0"><code>2c779ab</code></a>
Merge main into releases/v3 (<a
href="https://redirect.github.com/github/codeql-action/issues/2444">#2444</a>)</li>
<li><a
href="68cd1f9de3"><code>68cd1f9</code></a>
Update changelog for v3.26.5</li>
<li><a
href="7e27807413"><code>7e27807</code></a>
Only run check SIP enablement once in <code>init</code> step (<a
href="https://redirect.github.com/github/codeql-action/issues/2441">#2441</a>)</li>
<li><a
href="fd5fa130e2"><code>fd5fa13</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2438">#2438</a>
from github/mergeback/v3.26.4-to-main-f0f3afee</li>
<li><a
href="6f10eb0e36"><code>6f10eb0</code></a>
Update checked-in dependencies</li>
<li><a
href="b15a247a6c"><code>b15a247</code></a>
Update changelog and version after v3.26.4</li>
<li><a
href="f0f3afee80"><code>f0f3afe</code></a>
Merge main into releases/v3 (<a
href="https://redirect.github.com/github/codeql-action/issues/2437">#2437</a>)</li>
<li><a
href="e3543591a5"><code>e354359</code></a>
Update changelog for v3.26.4</li>
<li><a
href="ae01f807ca"><code>ae01f80</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2436">#2436</a>
from rvermeulen/rvermeulen/deprecate-add-snippets</li>
<li><a
href="72bc3f7f61"><code>72bc3f7</code></a>
Address incorrect changelog location</li>
<li>Additional commits viewable in <a
href="429e197704...2c779ab0d0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Freddy Kristiansen
Alexander Holstrup
dependabot[bot]
Dibyanugraha
Francesco Belacca
Jonas Wrede