## Summary
This updates the `.github/linters/markdown-link-check.json` file to add
a new exclusion pattern for mailto links. This ensures that the linter
does not validate email addresses, where validation will now always
fail.
## Testing
### Test Types
- [ ] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.12 to 3.27.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.0/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.26.13</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.26.13/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="662472033e"><code>6624720</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2561">#2561</a>
from github/update-v3.27.0-b35b023d9</li>
<li><a
href="ce7c2b560d"><code>ce7c2b5</code></a>
Update changelog for v3.27.0</li>
<li><a
href="b35b023d9b"><code>b35b023</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2552">#2552</a>
from github/update-bundle/codeql-bundle-v2.19.2</li>
<li><a
href="dafc762411"><code>dafc762</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2560">#2560</a>
from github/aeisenberg/fix-required-checks</li>
<li><a
href="0d1eb88b60"><code>0d1eb88</code></a>
Remove ESLint from required checks</li>
<li><a
href="0a30541440"><code>0a30541</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2558">#2558</a>
from github/dependabot/npm_and_yarn/npm-6515e6e328</li>
<li><a
href="2a6a6ad1c8"><code>2a6a6ad</code></a>
Update checked-in dependencies</li>
<li><a
href="26c18c2c1f"><code>26c18c2</code></a>
Bump the npm group with 3 updates</li>
<li><a
href="7080a68cbc"><code>7080a68</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.2</li>
<li><a
href="63eb7bbf1f"><code>63eb7bb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2551">#2551</a>
from github/cklin/diff-informed-queries-feature</li>
<li>Additional commits viewable in <a
href="c36620d31a...662472033e">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.6 to 3.26.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c36620d31a"><code>c36620d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2529">#2529</a>
from github/update-v3.26.12-c9a70ff45</li>
<li><a
href="570aecb95f"><code>570aecb</code></a>
Update changelog for v3.26.12</li>
<li><a
href="c9a70ff45f"><code>c9a70ff</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2526">#2526</a>
from github/henrymercer/check-zstd-on-path</li>
<li><a
href="d65a17605a"><code>d65a176</code></a>
Rebuild</li>
<li><a
href="bf2e624d0b"><code>bf2e624</code></a>
Update src/tar.ts</li>
<li><a
href="56d197570a"><code>56d1975</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2489">#2489</a>
from github/redsun82/rust</li>
<li><a
href="7cf65a5b2e"><code>7cf65a5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2518">#2518</a>
from github/dependabot/npm_and_yarn/npm-88156698cd</li>
<li><a
href="8a56dd2e53"><code>8a56dd2</code></a>
Update to <code>@actions/core</code> 1.11.1</li>
<li><a
href="1532671351"><code>1532671</code></a>
Update default bundle to 2.19.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/2519">#2519</a>)</li>
<li><a
href="64871a860c"><code>64871a8</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1</li>
<li>Additional commits viewable in <a
href="4dd16135b6...c36620d31a">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary
This change includes updates to the documentation to provide guidance on
handling Git history during checkout in Azure Pipelines. The changes are
primarily focused on ensuring users understand how to fetch the
necessary Git history and avoid issues related to non-linear history.
This addresses #542.
Documentation Updates:
*
[`README.md`](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R151-R170):
Added a new section on Git History, explaining the need to fetch Git
history during checkout and providing instructions on how to update the
`actions/checkout` step.
*
[`docs/azure-pipelines-task.md`](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L97-R131):
Added a similar section on Git History, detailing how to fetch Git
history during checkout in Azure Pipelines and providing alternatives
for classic pipelines.
Autogenerated release for PR Metrics v1.6.3. This includes the latest
dependency updates.
This also includes a fix for the previous release where the type
definitions were improperly defined, resulting in failures in certain
cases.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Autogenerated release for PR Metrics v1.6.2. This includes the latest
dependency updates.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Summary
This change adds additional linting rules, to create a more prescriptive
and less ad hoc design. This is designed to help facilitate external
contributions to maintain the existing style.
These changes have been automatically or manually applied but are
typically fairly mechanical. Therefore, there should be little risk of
regression.
## Detailed Summary
This includes several changes to improve code quality, update
dependencies, and enhance error handling. The most important changes
include updating the ESLint configuration, modifying the `package.json`
file, and refactoring the `GitInvoker` class.
### ESLint Configuration Updates:
* Changed ESLint configuration to use recommended and strict
type-checked settings, and replaced single quotes with double quotes for
consistency. (`eslint.config.mjs`,
[eslint.config.mjsL6-R354](diffhunk://#diff-9601a8f6c734c2001be34a2361f76946d19a39a709b5e8c624a2a5a0aade05f2L6-R354))
* Updated rules to enforce stricter linting, including rules such as
`@typescript-eslint/explicit-function-return-type` and
`@typescript-eslint/no-unused-expressions`. (`eslint.config.mjs`,
[eslint.config.mjsL6-R354](diffhunk://#diff-9601a8f6c734c2001be34a2361f76946d19a39a709b5e8c624a2a5a0aade05f2L6-R354))
### `package.json` Modifications:
* Updated the lint script to target TypeScript files. (`package.json`,
[package.jsonL17-R17](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L17-R17))
* Added the `http-status-codes` dependency. (`package.json`,
[package.jsonR55](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R55))
### Code Refactoring:
* Improved error handling in `index.ts` by adding a catch block to exit
with a failure code. (`src/task/index.ts`,
[src/task/index.tsR9-R19](diffhunk://#diff-445f33c5199a2e71fde9062a5f8c6b5237e3230e83e8be8fcfbf06de48abd5abR9-R19))
* Refactored `GitInvoker` class to remove redundant methods and use more
concise syntax. (`src/task/src/git/gitInvoker.ts`,
[[1]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L7-R10)
[[2]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L22-R25)
[[3]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L37-L80)
[[4]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L93-L124)
[[5]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L142-R101)
[[6]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L182-R113)
[[7]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L206-R137)
## Testing
### Test Types
- [X] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.15 to 3.26.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4dd16135b6"><code>4dd1613</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2452">#2452</a>
from github/update-v3.26.6-7233ec5e6</li>
<li><a
href="dd9dd2d538"><code>dd9dd2d</code></a>
Update changelog for v3.26.6</li>
<li><a
href="7233ec5e6b"><code>7233ec5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2449">#2449</a>
from github/update-bundle/codeql-bundle-v2.18.3</li>
<li><a
href="a32c44dba1"><code>a32c44d</code></a>
Add changelog note</li>
<li><a
href="2966897c67"><code>2966897</code></a>
Update default bundle to codeql-bundle-v2.18.3</li>
<li><a
href="b8efe4dc6a"><code>b8efe4d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2435">#2435</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="ab408a875b"><code>ab408a8</code></a>
Merge branch 'main' into
update-supported-enterprise-server-versions</li>
<li><a
href="864b979bc3"><code>864b979</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2443">#2443</a>
from github/dbartol/config-file-telemetry</li>
<li><a
href="d36c7aaf6a"><code>d36c7aa</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2448">#2448</a>
from github/dependabot/npm_and_yarn/npm-09b7c43f6b</li>
<li><a
href="b3bf514df4"><code>b3bf514</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="afb54ba388...4dd16135b6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.9.0 to 2.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.9.1</h2>
<h2>What's Changed</h2>
<p>Release v2.9.1 by <a
href="https://github.com/h0x0er"><code>@h0x0er</code></a> and <a
href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a>
in <a
href="https://redirect.github.com/step-security/harden-runner/issues/440">#440</a>
This release includes two changes:</p>
<ol>
<li>Updated markdown displayed in the job summary by the Harden-Runner
Action.</li>
<li>Fixed a bug affecting Enterprise Tier customers where the agent
attempted to upload telemetry for jobs with disable-telemetry set to
true. No telemetry was uploaded as the endpoint was not in the allowed
list.</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.9.1">https://github.com/step-security/harden-runner/compare/v2...v2.9.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5c7944e73c"><code>5c7944e</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/440">#440</a>
from step-security/rc-11</li>
<li><a
href="c79be451ee"><code>c79be45</code></a>
Merge branch 'main' into rc-11</li>
<li><a
href="deb3383c4d"><code>deb3383</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/446">#446</a>
from h0x0er/log-step</li>
<li><a
href="23c8215e78"><code>23c8215</code></a>
update dist</li>
<li><a
href="727d06a16d"><code>727d06a</code></a>
logging step</li>
<li><a
href="f0db2aa8a5"><code>f0db2aa</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/441">#441</a>
from step-security/dependabot/github_actions/github/c...</li>
<li><a
href="1938ffc008"><code>1938ffc</code></a>
Merge branch 'main' into
dependabot/github_actions/github/codeql-action-3.25.13</li>
<li><a
href="8e7dd2c82b"><code>8e7dd2c</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/442">#442</a>
from step-security/dependabot/github_actions/step-sec...</li>
<li><a
href="f2823ee7dd"><code>f2823ee</code></a>
Bump step-security/publish-unit-test-result-action from 1 to 2</li>
<li><a
href="5f95e051ab"><code>5f95e05</code></a>
Bump github/codeql-action from 2.13.4 to 3.25.13</li>
<li>Additional commits viewable in <a
href="0d381219dd...5c7944e73c">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Autogenerated release for PR Metrics v1.6.1. This includes the latest
dependency updates.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.3.3 to 4.3.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@actions/artifact</code> version, bump dependencies by
<a href="https://github.com/robherley"><code>@robherley</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/584">actions/upload-artifact#584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4">https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b2256b8c0"><code>0b2256b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/584">#584</a>
from actions/robherley/bump-pkgs</li>
<li><a
href="488dcefb9b"><code>488dcef</code></a>
licensed cache</li>
<li><a
href="04c51f5766"><code>04c51f5</code></a>
ncc</li>
<li><a
href="32a9e276a8"><code>32a9e27</code></a>
bump <code>@actions/artifact</code> and npm audit</li>
<li><a
href="552bf3722c"><code>552bf37</code></a>
new version</li>
<li><a
href="79616d2ded"><code>79616d2</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/565">#565</a>
from actions/eggyhead/use-artifact-v2.1.6</li>
<li>See full diff in <a
href="65462800fd...0b2256b8c0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.8.1 to 2.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.9.0</h2>
<h2>What's Changed</h2>
<p>Release v2.9.0 by <a
href="https://github.com/h0x0er"><code>@h0x0er</code></a> and <a
href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a>
in <a
href="https://redirect.github.com/step-security/harden-runner/pull/435">step-security/harden-runner#435</a>
This release includes:</p>
<ul>
<li>Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.</li>
<li>Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.</li>
<li>README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.</li>
<li>Dependency Update:
Updated the <code>braces</code> npm package dependency to a
non-vulnerable version. The vulnerability in <code>braces</code> did not
affect the Harden Runner Action</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.9.0">https://github.com/step-security/harden-runner/compare/v2...v2.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0d381219dd"><code>0d38121</code></a>
Release v2.9.0 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/435">#435</a>)</li>
<li><a
href="29e9ae1229"><code>29e9ae1</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/436">#436</a>
from step-security/dependabot/github_actions/actions/...</li>
<li><a
href="9d596cfe4e"><code>9d596cf</code></a>
Bump actions/upload-artifact from 3.1.3 to 4.3.4</li>
<li><a
href="6d3c2fe731"><code>6d3c2fe</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/410">#410</a>
from step-security/dependabot/github_actions/ossf/sco...</li>
<li><a
href="c2e63d350e"><code>c2e63d3</code></a>
Bump ossf/scorecard-action from 2.3.1 to 2.3.3</li>
<li><a
href="547a5cc003"><code>547a5cc</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/427">#427</a>
from step-security/dependabot/github_actions/step-sec...</li>
<li><a
href="a5e1dca4fb"><code>a5e1dca</code></a>
Bump step-security/harden-runner from 2.8.0 to 2.8.1</li>
<li><a
href="3d32f8d8b2"><code>3d32f8d</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/426">#426</a>
from step-security/varunsh-coder-patch-1</li>
<li><a
href="891104cb4f"><code>891104c</code></a>
Update README.md</li>
<li>See full diff in <a
href="17d0e2bd7d...0d381219dd">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.11 to 3.25.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time.</li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
<li>Update default CodeQL bundle version to 2.18.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2364">#2364</a></li>
</ul>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
<li>Update default CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2352">#2352</a></li>
</ul>
<h2>3.25.10 - 13 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2327">#2327</a></li>
</ul>
<h2>3.25.9 - 12 Jun 2024</h2>
<ul>
<li>Avoid failing database creation if the database folder already
exists and contains some unexpected files. Requires CodeQL 2.18.0 or
higher. <a
href="https://redirect.github.com/github/codeql-action/pull/2330">#2330</a></li>
<li>The init Action will attempt to clean up the database cluster
directory before creating a new database and at the end of the job. This
will help to avoid issues where the database cluster directory is left
in an inconsistent state. <a
href="https://redirect.github.com/github/codeql-action/pull/2332">#2332</a></li>
</ul>
<h2>3.25.8 - 04 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2321">#2321</a></li>
</ul>
<h2>3.25.7 - 31 May 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="afb54ba388"><code>afb54ba</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2391">#2391</a>
from github/update-v3.25.15-4b1d7da10</li>
<li><a
href="57a4b22c7d"><code>57a4b22</code></a>
Update changelog for v3.25.15</li>
<li><a
href="4b1d7da102"><code>4b1d7da</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2385">#2385</a>
from github/update-bundle/codeql-bundle-v2.18.1</li>
<li><a
href="97e8f69368"><code>97e8f69</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1</li>
<li><a
href="f8e94f9775"><code>f8e94f9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2389">#2389</a>
from github/mergeback/v3.25.14-to-main-5cf07d8b</li>
<li><a
href="9e375a8f4f"><code>9e375a8</code></a>
Update checked-in dependencies</li>
<li><a
href="02d73d0544"><code>02d73d0</code></a>
Update changelog and version after v3.25.14</li>
<li><a
href="5cf07d8b70"><code>5cf07d8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2388">#2388</a>
from github/update-v3.25.14-1b214db07</li>
<li><a
href="ecab108bfb"><code>ecab108</code></a>
Update changelog for v3.25.14</li>
<li><a
href="1b214db077"><code>1b214db</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2387">#2387</a>
from github/aibaars/remove-set-secret</li>
<li>Additional commits viewable in <a
href="b611370bb5...afb54ba388">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.8 to 3.25.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
<li>Update default CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2352">#2352</a></li>
</ul>
<h2>3.25.10 - 13 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2327">#2327</a></li>
</ul>
<h2>3.25.9 - 12 Jun 2024</h2>
<ul>
<li>Avoid failing database creation if the database folder already
exists and contains some unexpected files. Requires CodeQL 2.18.0 or
higher. <a
href="https://redirect.github.com/github/codeql-action/pull/2330">#2330</a></li>
<li>The init Action will attempt to clean up the database cluster
directory before creating a new database and at the end of the job. This
will help to avoid issues where the database cluster directory is left
in an inconsistent state. <a
href="https://redirect.github.com/github/codeql-action/pull/2332">#2332</a></li>
</ul>
<h2>3.25.8 - 04 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2321">#2321</a></li>
</ul>
<h2>3.25.7 - 31 May 2024</h2>
<ul>
<li>We are rolling out a feature in May/June 2024 that will reduce the
Actions cache usage of the Action by keeping only the newest TRAP cache
for each language. <a
href="https://redirect.github.com/github/codeql-action/pull/2306">#2306</a></li>
</ul>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2295">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,
and GitHub Enterprise Server versions to the <a
href="https://github.com/github/codeql-action/blob/main/README.md">https://github.com/github/codeql-action/blob/main/README.md</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/2273">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code>
trigger when the CodeQL Action is triggered via a
<code>workflow_call</code> event. <a
href="https://redirect.github.com/github/codeql-action/pull/2274">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action
has been renamed to <code>tools: linked</code>. This option specifies
that the Action should use the tools shipped at the same time as the
Action. The old name will continue to work for backwards compatibility,
but we recommend that new workflows use the new name. <a
href="https://redirect.github.com/github/codeql-action/pull/2281">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2270">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b611370bb5"><code>b611370</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2357">#2357</a>
from github/update-v3.25.11-de945755c</li>
<li><a
href="3e6431f3ac"><code>3e6431f</code></a>
Update changelog for v3.25.11</li>
<li><a
href="de945755c9"><code>de94575</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2352">#2352</a>
from github/update-bundle/codeql-bundle-v2.17.6</li>
<li><a
href="a32d3058b8"><code>a32d305</code></a>
Add changelog note</li>
<li><a
href="9ccc99508a"><code>9ccc995</code></a>
Update default bundle to codeql-bundle-v2.17.6</li>
<li><a
href="9b7c22c3b3"><code>9b7c22c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2351">#2351</a>
from github/dependabot/npm_and_yarn/npm-6791eaa26c</li>
<li><a
href="9cf3243b0b"><code>9cf3243</code></a>
Rebuild</li>
<li><a
href="1895b29ac8"><code>1895b29</code></a>
Update checked-in dependencies</li>
<li><a
href="9dcfde966d"><code>9dcfde9</code></a>
Bump the npm group with 2 updates</li>
<li><a
href="8723b5be41"><code>8723b5b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2350">#2350</a>
from github/angelapwen/add-exclude-pr-check-param</li>
<li>Additional commits viewable in <a
href="2e230e8fe0...b611370bb5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bug fix: Update isGitHubHosted implementation by <a
href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a>
in <a
href="https://redirect.github.com/step-security/harden-runner/pull/425">step-security/harden-runner#425</a>
The previous implementation incorrectly identified large GitHub-hosted
runners as self-hosted runners. As a result, harden-runner was not
executing on these large GitHub-hosted runners.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.8.1">https://github.com/step-security/harden-runner/compare/v2...v2.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="17d0e2bd7d"><code>17d0e2b</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/425">#425</a>
from step-security/rc-9</li>
<li><a
href="bb112d061b"><code>bb112d0</code></a>
Update isGitHubHosted implementation</li>
<li><a
href="f4f3f445f3"><code>f4f3f44</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/407">#407</a>
from step-security/dependabot/github_actions/actions/...</li>
<li><a
href="7a946b57df"><code>7a946b5</code></a>
Bump actions/dependency-review-action from 3.1.3 to 4.3.2</li>
<li><a
href="75a01c2f00"><code>75a01c2</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/417">#417</a>
from step-security/dependabot/github_actions/step-sec...</li>
<li><a
href="53413f1a91"><code>53413f1</code></a>
Bump step-security/harden-runner from 2.7.1 to 2.8.0</li>
<li>See full diff in <a
href="f086349bfa...17d0e2bd7d">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Autogenerated release for PR Metrics v1.6.0. This includes the latest
dependency updates.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Summary
Updating ESLint to use the modern configuration file and work with the
newer releases. This resulted in some new violations, many of which have
been fixed as part of these changes. Others are suppressed and will be
considered for resolution in the future.
### Detailed Description
This includes several changes mainly aimed at improving code quality,
updating the version of the software, and modifying the test coverage
requirements. The most significant changes include the modification of
the `.c8rc.json` file to require 100% test coverage, removal of the
`.eslintrc.yml` file, addition of the `eslint.config.mjs` file, updates
to the version of the software in several files, and various code
quality improvements in TypeScript files.
**Test coverage requirement changes:**
*
[`.c8rc.json`](diffhunk://#diff-9fd2b089a79150b0fd1cad8f8961358547e3cc3256f8466c8602c647e5734de1L7-R10):
Modified the test coverage requirements to 100% for statements,
branches, functions, and lines.
**ESLint configuration changes:**
*
[`.eslintrc.yml`](diffhunk://#diff-9e1ecc14c733bb1ae2e523089f1262ac6ffccbcf950487ee0984403603550e57L1-L18):
Removed this file.
*
[`eslint.config.mjs`](diffhunk://#diff-9601a8f6c734c2001be34a2361f76946d19a39a709b5e8c624a2a5a0aade05f2R1-R82):
Added this file to configure ESLint.
**Version updates:**
*
[`.github/workflows/release-phase-1.yml`](diffhunk://#diff-a775c174b4973a7a42b20039065ebe3444ca9b3e3d28ee17ec7f8da67924460bL24-R25):
Updated the minor version and reset the patch version.
*
[`.github/workflows/support/release-trigger.txt`](diffhunk://#diff-4a1ff8fb39a32cd5133d791b3ed91ed72e8ab200b9a45f157f2c422a94a5c11fL1-R1):
Updated the version.
*
[`README.md`](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L116-R116):
Updated the version in two places.
[[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L116-R116)
[[2]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L126-R126)
*
[`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L5-R20):
Updated the version.
*
[`src/task/Strings/resources.resjson/en-US/resources.resjson`](diffhunk://#diff-c0fc6893012d5b83ce394e09ff298a469483e5eec91edd15b9744fc81db6f598L5-R5):
Updated the version.
**Code quality improvements:**
*
[`src/task/index.ts`](diffhunk://#diff-445f33c5199a2e71fde9062a5f8c6b5237e3230e83e8be8fcfbf06de48abd5abL1-R12):
Modified the run function to be an arrow function and added await to the
call to `pullRequestMetrics.run(__dirname)`.
*
[`src/task/src/git/gitInvoker.ts`](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L1-R10):
Made several changes to improve code quality, such as using radix
parameter in `parseInt` calls, removing unnecessary else blocks, and
changing the `for` loop to use `+= 1` instead of `++`.
[[1]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L1-R10)
[[2]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L56-R58)
[[3]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L87-R89)
[[4]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L160-R163)
[[5]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L169)
[[6]](diffhunk://#diff-393c3008fe54c65d56363117b91baeb2bfacc051055e6fbffc71df7ea919cc28L183-R187)
*
[`src/task/src/git/octokitGitDiffParser.ts`](diffhunk://#diff-0e959b5630206a4ce8a405c21439f051d4bd44fee10de7c1976ba982365899bbL69-R79):
Changed the `diffResponses` split to use the `u` flag in the regular
expression and modified the `for` loop to use template literals.
*
[`src/task/src/metrics/codeMetrics.ts`](diffhunk://#diff-f34569608b714fbc5a7b215183b770a19aec3c8056562c96219e2bcaea0fb794L45-R47):
Made the constructor public and changed an `Error` throw to use `new
Error`.
[[1]](diffhunk://#diff-f34569608b714fbc5a7b215183b770a19aec3c8056562c96219e2bcaea0fb794L45-R47)
[[2]](diffhunk://#diff-f34569608b714fbc5a7b215183b770a19aec3c8056562c96219e2bcaea0fb794L138-R140)
## Testing
### Test Types
- [X] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Summary
This adds support for Workload Identity Federation, including
instructions on how it can be established. It also includes an update to
support binary files, which were found to be problematic during testing
of this PR.
### Detailed Description
This introduces several changes to improve the security and
documentation of the project. The most significant changes include the
addition of Workload Identity Federation as an alternative to Personal
Access Tokens (PATs) for authentication, updates to the `LICENSE` file,
and modifications to the documentation.
Authentication improvements:
*
[`src/task/Strings/resources.resjson/en-US/resources.resjson`](diffhunk://#diff-c0fc6893012d5b83ce394e09ff298a469483e5eec91edd15b9744fc81db6f598R21-R22):
Added Workload Identity Federation as an optional input for
authentication, providing a more secure alternative to PATs.
[[1]](diffhunk://#diff-c0fc6893012d5b83ce394e09ff298a469483e5eec91edd15b9744fc81db6f598R21-R22)
[[2]](diffhunk://#diff-c0fc6893012d5b83ce394e09ff298a469483e5eec91edd15b9744fc81db6f598R35-R36)
[[3]](diffhunk://#diff-c0fc6893012d5b83ce394e09ff298a469483e5eec91edd15b9744fc81db6f598L132-R138)
License updates:
*
[`LICENSE`](diffhunk://#diff-c693279643b8cd5d248172d9c22cb7cf4ed163a3c98c8a3f69c2717edd3eacb7L1-L6):
Changed the license header from "PR Metrics" to "MIT License".
Documentation updates:
*
[`.github/linters/markdown-link-check.json`](diffhunk://#diff-7fe04f8c8647e157cfa10cde0746b50a5e4ab1f4cfee31c63fa8bbaac2b716fcR11-R13):
Added a new link to the markdown link checker.
*
[`README.md`](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L53-R55):
Updated the instructions for setting up a Personal Access Token (PAT).
*
[`docs/azure-pipelines-task.md`](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L7-R13):
Made several changes to improve the documentation on setting up the
Azure Pipelines task, including recommending the use of Workload
Identity Federation for authentication and updating the instructions for
setting up a PAT.
[[1]](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L7-R13)
[[2]](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L21-R31)
[[3]](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L41-R46)
[[4]](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5L52-R57)
[[5]](diffhunk://#diff-6ad131ef75795fdec5e164a1caceb5849fa2ee34df8e487d31e02ff146f957f5R108)
*
[`docs/workload-identity-federation.md`](diffhunk://#diff-965347372de591bcddeca4c3b67113aed29a21848cdaf67237ec53156fd6304fR1-R134):
Added a new document providing comprehensive instructions on setting up
Workload Identity Federation for authentication.
*
[`src/overview.md`](diffhunk://#diff-9111f778efda8d5e17121ddc08b61bec56e48932bcc92f1ff0136c26fd96c83bR60-R61):
Updated the documentation to include references to the new Workload
Identity Federation setup instructions and made other minor updates.
[[1]](diffhunk://#diff-9111f778efda8d5e17121ddc08b61bec56e48932bcc92f1ff0136c26fd96c83bR60-R61)
[[2]](diffhunk://#diff-9111f778efda8d5e17121ddc08b61bec56e48932bcc92f1ff0136c26fd96c83bR83-R86)
[[3]](diffhunk://#diff-9111f778efda8d5e17121ddc08b61bec56e48932bcc92f1ff0136c26fd96c83bR107-R110)
## Testing
### Test Types
- [X] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
Bumps the npm_and_yarn group with 1 update in the / directory:
[braces](https://github.com/micromatch/braces).
Updates `braces` from 3.0.2 to 3.0.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/PR-Metrics/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muiris Woulfe <mwoulfe@microsoft.com>
## Summary
This change primarily focuses on adding a new feature to the `Logger`
class in `src/task/src/utilities/logger.ts` to filter control strings
from the log messages. The changes also include updates to the
corresponding tests in `src/task/tests/utilities/logger.spec.ts` to
validate the new functionality.
Here are the key changes:
**Logger Class Enhancements:**
*
[`src/task/src/utilities/logger.ts`](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR33):
Added a new method `filterMessage` to the `Logger` class. This method
removes control strings from the log messages to prevent them from being
printed to `stdout`. This filtering is now applied in the `logDebug`,
`logInfo`, `logWarning`, and `logError` methods.
[[1]](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR33)
[[2]](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR43)
[[3]](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR53)
[[4]](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR63)
[[5]](diffhunk://#diff-5edc22bc177458bb92a473da7eb8dd56e9cdd5091f222c90830e9e7de380030cR88-R96)
**Test Updates:**
*
[`src/task/tests/utilities/logger.spec.ts`](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR21-R37):
Added new test cases for each of the logging methods (`logDebug`,
`logInfo`, `logWarning`, `logError`, `logErrorObject`, and `replay`) to
validate that control strings are correctly filtered out from the log
messages.
[[1]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR21-R37)
[[2]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR51-R67)
[[3]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR81-R97)
[[4]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR111-R127)
[[5]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR141-R162)
[[6]](diffhunk://#diff-4deade9fa59bc7d857956add0b8fac29f34b9173c24fee51f440b4ee19336d3fR197-R236)
## Testing
### Test Types
- [X] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Summary
This changes the project's configuration files and build scripts. The
most significant changes include the addition of hardening steps to the
GitHub Actions workflows, updates to Node.js and npm commands, and
modifications to file paths and URLs.
GitHub Actions Workflow Updates:
* `Harden Runner` steps have been added to all jobs in the
`.github/workflows/build.yml`,
`.github/workflows/release-phase-1-internal.yml`,
`.github/workflows/release-phase-2.yml`, and
`.github/workflows/support/release-phase-1-comment.md` files. These
steps use the `step-security/harden-runner` action to improve the
security of the runner environment.
[[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R31-R36)
[[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R94-R109)
[[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L108-L111)
[[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R137-R142)
[[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L147-R169)
[[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L157-L287)
[[7]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R197-R202)
[[8]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R228-R233)
[[9]](diffhunk://#diff-14e6314d4859c0dde5728dcd1d7101abd5a80d211b4e9c7153f246eba26f7f9fR32-R37)
[[10]](diffhunk://#diff-c7e4bd8feb36835f6722b91d36ca67dcad2ece6f364e0404754016195651f1b0R24-L41)
[[11]](diffhunk://#diff-97db29a7915320e63d41d38a0440360a87055ee8ed03757aa263116dbbb4aabeL131-R131)
[[12]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L9-R12)
Node.js and npm Command Updates:
* The Node.js version used in the workflows has been downgraded from
22.x to LTS 20.14.0.
[[1]](diffhunk://#diff-25f998e817515523e95edd3b4e0eb06fad5909deec7e3d4b7d57f4912cb39349L71-R79)
[[2]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L36-R41)
[[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L43-R52)
[[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R94-R109)
[[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L108-L111)
[[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R137-R142)
[[7]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L147-R169)
[[8]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R197-R202)
[[9]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R228-R233)
[[10]](diffhunk://#diff-c7e4bd8feb36835f6722b91d36ca67dcad2ece6f364e0404754016195651f1b0R24-L41)
* The `npm install` commands have been replaced with `npm ci` for more
reliable dependency installations.
[[1]](diffhunk://#diff-25f998e817515523e95edd3b4e0eb06fad5909deec7e3d4b7d57f4912cb39349L71-R79)
[[2]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L36-R41)
[[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L43-R52)
[[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R94-R109)
[[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L108-L111)
[[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R137-R142)
[[7]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L147-R169)
[[8]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R197-R202)
[[9]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R228-R233)
[[10]](diffhunk://#diff-c7e4bd8feb36835f6722b91d36ca67dcad2ece6f364e0404754016195651f1b0R24-L41)
[[11]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L9-R12)
* The `npm-check-updates` package has been added to the project's
dependencies.
File Path and URL Modifications:
* The `indent_size` setting for the `LICENSE.txt` file has been moved to
the `src/LICENSE.txt` file in the `.editorconfig` file.
* Several URLs in the `README.md` and `docs/development.md` files have
been updated to their correct versions.
[[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L177-R182)
[[2]](diffhunk://#diff-97db29a7915320e63d41d38a0440360a87055ee8ed03757aa263116dbbb4aabeL131-R131)
* The `LICENSE.txt` reference in the `README.md` file has been updated
to `LICENSE` so that it will be picked up by GitHub.
* The `npm install -g tfx-cli` step has been removed from the
`.github/workflows/build.yml` and
`.github/workflows/release-phase-2.yml` files. The `tfx-cli` command is
now run with `npx`.
[[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L108-L111)
[[2]](diffhunk://#diff-c7e4bd8feb36835f6722b91d36ca67dcad2ece6f364e0404754016195651f1b0R24-L41)
* The `npm install -g npm-check-updates` step has been removed from the
`.github/workflows/release-phase-1-internal.yml` file. The `ncu -u`
command is now run with `npx`.
* The `npm install && mkdirp $npm_config_dir && ncp src $npm_config_dir`
command in the `build:initialization` script in the `package.json` file
has been updated to use `npm ci` instead of `npm install`.
* The URL for the `reflect-metadata` library in the `src/LICENSE.txt`
file has been added.
## Summary
This changes the CodeQL validation job, to allow runs from different
branches to be aggregated. This avoids conflicts that lead to warning
messages during some builds.
## Testing
### Test Types
- [ ] Unit tests
- [X] Manual tests
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.3 to 3.25.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2321">#2321</a></li>
</ul>
<h2>3.25.7 - 31 May 2024</h2>
<ul>
<li>We are rolling out a feature in May/June 2024 that will reduce the
Actions cache usage of the Action by keeping only the newest TRAP cache
for each language. <a
href="https://redirect.github.com/github/codeql-action/pull/2306">#2306</a></li>
</ul>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2295">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,
and GitHub Enterprise Server versions to the <a
href="https://github.com/github/codeql-action/blob/main/README.md">https://github.com/github/codeql-action/blob/main/README.md</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/2273">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code>
trigger when the CodeQL Action is triggered via a
<code>workflow_call</code> event. <a
href="https://redirect.github.com/github/codeql-action/pull/2274">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action
has been renamed to <code>tools: linked</code>. This option specifies
that the Action should use the tools shipped at the same time as the
Action. The old name will continue to work for backwards compatibility,
but we recommend that new workflows use the new name. <a
href="https://redirect.github.com/github/codeql-action/pull/2281">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2270">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e230e8fe0"><code>2e230e8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2323">#2323</a>
from github/update-v3.25.8-18b06dd1d</li>
<li><a
href="66ad891bd4"><code>66ad891</code></a>
Update changelog for v3.25.8</li>
<li><a
href="18b06dd1df"><code>18b06dd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2322">#2322</a>
from github/dependabot/npm_and_yarn/npm-10d82c2911</li>
<li><a
href="200dd0cf5b"><code>200dd0c</code></a>
Update checked-in dependencies</li>
<li><a
href="2bb35eab2f"><code>2bb35ea</code></a>
bump the npm group with 4 updates</li>
<li><a
href="9c15e42f19"><code>9c15e42</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2321">#2321</a>
from github/update-bundle/codeql-bundle-v2.17.4</li>
<li><a
href="98e79227df"><code>98e7922</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.17.4</li>
<li><a
href="440350bade"><code>440350b</code></a>
Add changelog note</li>
<li><a
href="d4fcc8b7bd"><code>d4fcc8b</code></a>
Update default bundle to codeql-bundle-v2.17.4</li>
<li><a
href="add199be77"><code>add199b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2320">#2320</a>
from github/angelapwen/use-linked-in-tests</li>
<li>Additional commits viewable in <a
href="d39d31e687...2e230e8fe0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muiris Woulfe <mwoulfe@microsoft.com>
## Summary
This complements #502 by making the same changes to the Production
pipeline, to ensure access to the relevant secure variables.
It comprises a minor change to the `.github/azure-devops/prod.yml` file.
A new variable group `PR Metrics` has been added to the variables
section. This change will allow the pipeline to access shared variables
defined in the `PR Metrics` group.
## Summary
Within the Azure DevOps pipelines, switching from per-pipeline secure
variables to secure variables stored within Key Vaults.
This deals with changes to the Azure DevOps configuration files and
scripts. The most significant changes include the addition of a `PR
Metrics` group to the `variables` in the `pr` sections of
`.github/azure-devops/pr-test.yml` and `.github/azure-devops/pr.yml`. In
addition, there are several changes to the `stages` section of
`.github/azure-devops/template.yml`, including modifications to the `tfx
login` command and environment variables, as well as changes to the
`PR_METRICS_ACCESS_TOKEN` variable.
Addition of PR Metrics group:
*
[`.github/azure-devops/pr-test.yml`](diffhunk://#diff-b21868d02a7dc0e0bc3f3aeabe403c0e5c83e17149e97c3a484f802cf746dff7R16):
Added `PR Metrics` group to the `variables` in the `pr` section.
*
[`.github/azure-devops/pr.yml`](diffhunk://#diff-4752927e6649128d05329fda79164e4efb31cbb2dc7e6604c99cda9ee03a8b79R16):
Added `PR Metrics` group to the `variables` in the `pr` section.
Changes to the `stages` section in `.github/azure-devops/template.yml`:
* Modified the `tfx login` command and changed the `ADO_ACCOUNT`
environment variable to `ADOACCOUNT`.
* Replaced the `PR_METRICS_ACCESS_TOKEN` variable from `GITHUB_PAT` to
`ADOTOGITHUB` in three instances.
[[1]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L97-R97)
[[2]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L128-R128)
[[3]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L159-R159)
## Testing
### Test Types
- [ ] Unit tests
- [X] Manual tests
## Summary
This change primarily improves the clarity of the pull request template
and reorganizes the CodeQL validation workflow, moving this from the
`build.yml` workflow to a new `codeql.yml` workflow.
Simplification of Pull Request Template:
*
[`.github/pull_request_template.md`](diffhunk://#diff-b2496e80299b8c3150b1944450bd81c622e04e13d15c411d291db0927d75fd6bL3-R5):
The pull request template was simplified by removing the separate
"Motivation" and "Technical" sections and replacing them with a single
comment instructing users to provide a summary of the reasons or
motivations behind the PR, what it aims to accomplish, and technical
implementation details.
Reorganization of CodeQL Validation Workflow:
*
[`.github/workflows/build.yml`](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L273-L290):
The "validate-codeql" job was removed from this workflow.
*
[`.github/workflows/codeql.yml`](diffhunk://#diff-12783128521e452af0cfac94b99b8d250413c516ec71fe6d97dbea666ff7ba27R1-R45):
A new workflow file was created for the CodeQL validation job. This job
is set to run on push and pull request events for the main branch, on a
weekly schedule, and on workflow dispatch events. The job includes steps
to checkout the code, initialize CodeQL, and analyze the code.
## Summary
Relocating the Visual Studio Marketplace publishing logic from GitHub to
Azure DevOps, to switch from PATs to Workload Identity Federation. This
update also includes a small optimisation when testing the latest PR
Metrics release.
## Detailed Copilot Generated Summary (manually refined)
These changes include significant updates to the Azure DevOps pipeline
configuration files and the GitHub workflow file. They focus on
modifying the release process and improving the build process. The most
significant changes are the addition of a new `release.yml` file, the
modification of the `template.yml` file to change the build stages, and
the removal of the "Publish Release" step from the `release-phase-2.yml`
file.
Addition of new configuration:
*
[`.github/azure-devops/release.yml`](diffhunk://#diff-25f998e817515523e95edd3b4e0eb06fad5909deec7e3d4b7d57f4912cb39349R1-R110):
A new configuration file has been added that sets up a new Azure DevOps
pipeline for releases. The pipeline is triggered by tags starting with
'v' and does not run for pull requests. It includes jobs for checks,
release, and publishing to the Azure DevOps marketplace.
Modifications to existing configuration:
*
[`.github/azure-devops/template.yml`](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L15-R30):
The build stages have been modified. The "Deploy" job has been replaced
with a "Prerequisites" job. The "Delay" job has been removed and the
"PRMetrics_macOS" job now depends on the "Prerequisites" job. These
changes streamline the build process and optimize the use of resources.
[[1]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L15-R30)
[[2]](diffhunk://#diff-9ba73744bad564cb8afb7eac4a1ffce0822431667e90f80de88300f094aae565L72-R82)
Removal of redundant configuration:
*
[`.github/workflows/release-phase-2.yml`](diffhunk://#diff-c7e4bd8feb36835f6722b91d36ca67dcad2ece6f364e0404754016195651f1b0L72-L79):
The "Publish Release" step has been removed from the workflow. This step
was previously used to publish the extension to the Azure DevOps
marketplace. The new `release.yml` file now manages this process.
## Summary
Updating the Code of Conduct to the new official Microsoft Code of
Conduct from
<https://github.com/microsoft/repo-templates/blob/main/shared/CODE_OF_CONDUCT.md>.
This change includes a minor update to the `Resources:` section in the
`.github/CODE_OF_CONDUCT.md` file. It adds a new resource for employees
to reach out for moderation support.
## Summary
### Motivation
Increasing build pipeline security.
### Technical
Switching from using PATs to Workload Identity Federation. This also
includes other related pipeline updates.
## Testing
### Test Types
- [X] Unit tests
- [X] Manual tests
### Unit Test Coverage
100%
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.24.9 to 3.25.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the
<code>file</code> program is not installed on a Linux runner, but is
required for Go tracing to succeed. <a
href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5
and earlier. These versions of CodeQL were discontinued on 26 March 2024
alongside GitHub Enterprise Server 3.8, and will be unsupported by
CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.12.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.11.6 and 2.12.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.24.10</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.24.10</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d39d31e687"><code>d39d31e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2262">#2262</a>
from github/update-v3.25.3-ac2f82a1f</li>
<li><a
href="a7278252c7"><code>a727825</code></a>
Move changenote to most recent section</li>
<li><a
href="1efa8597b1"><code>1efa859</code></a>
Update changelog for v3.25.3</li>
<li><a
href="ac2f82a1ff"><code>ac2f82a</code></a>
Log warning if SIP is disabled and CLI version is < 2.15.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/2261">#2261</a>)</li>
<li><a
href="0ad7791640"><code>0ad7791</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2247">#2247</a>
from github/update-bundle/codeql-bundle-v2.17.1</li>
<li><a
href="79d9ee7f07"><code>79d9ee7</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.17.1</li>
<li><a
href="dbf2b1706b"><code>dbf2b17</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2255">#2255</a>
from github/mergeback/v3.25.2-to-main-8f596b4a</li>
<li><a
href="ff6a3c42a5"><code>ff6a3c4</code></a>
Update checked-in dependencies</li>
<li><a
href="619dc0c4b8"><code>619dc0c</code></a>
Update changelog and version after v3.25.2</li>
<li><a
href="8f596b4ae3"><code>8f596b4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2254">#2254</a>
from github/update-v3.25.2-4909c1ffb</li>
<li>Additional commits viewable in <a
href="1b1aada464...d39d31e687">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Autogenerated release for PR Metrics v1.5.14. This includes the latest
dependency updates.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Muiris Woulfe
dependabot[bot]