Bump the github-actions group with 3 updates #486

dependabot · 2024-02-16T11:16:24Z

Bumps the github-actions group with 3 updates: github/codeql-action, golangci/golangci-lint-action and codecov/codecov-action.

Updates github/codeql-action from 3.22.12 to 3.24.3

Changelog

Sourced from github/codeql-action's changelog.

3.24.3 - 15 Feb 2024

Fix an issue where the CodeQL Action would fail to load a configuration specified by the config input to the init Action. #2147

3.24.2 - 15 Feb 2024

Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. #2141

3.24.1 - 13 Feb 2024

Update default CodeQL bundle version to 2.16.2. #2124

The CodeQL action no longer fails if it can't write to the telemetry api endpoint. #2121

3.24.0 - 02 Feb 2024

CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See release notes for 3.23.0 for more details. #2106

3.23.2 - 26 Jan 2024

On Linux, the maximum possible value for the --threads option now respects the CPU count as specified in cgroup files to more accurately reflect the number of available cores when running in containers. #2083

Update default CodeQL bundle version to 2.16.1. #2096

3.23.1 - 17 Jan 2024

Update default CodeQL bundle version to 2.16.0. #2073

Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. #2079

3.23.0 - 08 Jan 2024

We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. #2031

The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.22.7. #2009

Commits

3796146 Merge pull request #2148 from github/update-v3.24.3-3a7796d6a
01d302a Update changelog for v3.24.3
3a7796d Merge pull request #2147 from github/henrymercer/fix-config-outside-workspace...
56b93f2 Add changelog note
381e65f Allow generated user config file to be outside the workspace
d88d538 Add PR check for specifying configuration using the config input
dc983b3 Merge pull request #2143 from github/mergeback/v3.24.2-to-main-ece8414c
66a4732 Update checked-in dependencies
e62fb8e Update changelog and version after v3.24.2
ece8414 Merge pull request #2142 from github/update-v3.24.2-1a41e5519
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 3.7.0 to 4.0.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v4.0.0

What's Changed

In the scope of this release, we change Nodejs runtime from node16 to node20 (golangci/golangci-lint-action#843).

Documentation

docs: update examples by @KunalSin9h in golangci/golangci-lint-action#826

docs: update section about GitHub Annotations by @JustinDFuller in golangci/golangci-lint-action#931

Dependencies

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.0 by @dependabot in golangci/golangci-lint-action#829

build(deps-dev): bump eslint-plugin-import from 2.28.0 to 2.28.1 by @dependabot in golangci/golangci-lint-action#830

build(deps): bump @types/node from 20.5.0 to 20.5.1 by @dependabot in golangci/golangci-lint-action#827

build(deps-dev): bump @typescript-eslint/parser from 6.3.0 to 6.4.0 by @dependabot in golangci/golangci-lint-action#831

build(deps-dev): bump prettier from 3.0.1 to 3.0.2 by @dependabot in golangci/golangci-lint-action#828

build(deps): bump @types/node from 20.5.1 to 20.5.7 by @dependabot in golangci/golangci-lint-action#833

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.0 to 6.4.1 by @dependabot in golangci/golangci-lint-action#834

build(deps-dev): bump @typescript-eslint/parser from 6.4.0 to 6.4.1 by @dependabot in golangci/golangci-lint-action#835

build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in golangci/golangci-lint-action#837

build(deps-dev): bump typescript from 5.1.6 to 5.2.2 by @dependabot in golangci/golangci-lint-action#836

build(deps): bump @types/semver from 7.5.0 to 7.5.1 by @dependabot in golangci/golangci-lint-action#838

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in golangci/golangci-lint-action#839

build(deps-dev): bump prettier from 3.0.2 to 3.0.3 by @dependabot in golangci/golangci-lint-action#842

build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in golangci/golangci-lint-action#840

build(deps): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in golangci/golangci-lint-action#841

chore: bump to use node20 runtime, actions/checkout to v4 by @chenrui333 in golangci/golangci-lint-action#843

build(deps): bump actions/checkout from 3 to 4 by @dependabot in golangci/golangci-lint-action#845

build(deps-dev): bump eslint from 8.48.0 to 8.49.0 by @dependabot in golangci/golangci-lint-action#846

build(deps): bump @types/node from 20.5.9 to 20.6.0 by @dependabot in golangci/golangci-lint-action#847

build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in golangci/golangci-lint-action#848

build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in golangci/golangci-lint-action#850

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in golangci/golangci-lint-action#849

build(deps): bump @types/semver from 7.5.1 to 7.5.2 by @dependabot in golangci/golangci-lint-action#853

build(deps): bump @types/tmp from 0.2.3 to 0.2.4 by @dependabot in golangci/golangci-lint-action#854

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in golangci/golangci-lint-action#855

build(deps): bump @types/node from 20.6.0 to 20.6.2 by @dependabot in golangci/golangci-lint-action#857

build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in golangci/golangci-lint-action#856

build(deps-dev): bump eslint from 8.49.0 to 8.50.0 by @dependabot in golangci/golangci-lint-action#859

build(deps): bump @types/node from 20.6.2 to 20.6.5 by @dependabot in golangci/golangci-lint-action#860

build(deps-dev): bump @typescript-eslint/parser from 6.6.0 to 6.7.2 by @dependabot in golangci/golangci-lint-action#861

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.0 to 6.7.2 by @dependabot in golangci/golangci-lint-action#862

build(deps): bump @types/semver from 7.5.2 to 7.5.3 by @dependabot in golangci/golangci-lint-action#864

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.3 by @dependabot in golangci/golangci-lint-action#865

build(deps): bump @types/node from 20.6.5 to 20.8.0 by @dependabot in golangci/golangci-lint-action#867

build(deps-dev): bump @typescript-eslint/parser from 6.7.2 to 6.7.3 by @dependabot in golangci/golangci-lint-action#866

build(deps-dev): bump @typescript-eslint/parser from 6.7.3 to 6.7.4 by @dependabot in golangci/golangci-lint-action#868

build(deps): bump @types/node from 20.8.0 to 20.8.3 by @dependabot in golangci/golangci-lint-action#869

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.3 to 6.7.4 by @dependabot in golangci/golangci-lint-action#870

build(deps-dev): bump eslint from 8.50.0 to 8.51.0 by @dependabot in golangci/golangci-lint-action#871

... (truncated)

Commits

3cfe3a4 build(deps): bump @actions/cache from 3.2.3 to 3.2.4 (#963)
cbc59cf build(deps-dev): bump prettier from 3.2.4 to 3.2.5 (#960)
459a04b build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 ...
e2315b6 build(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.20.0 (#961)
d6173a4 build(deps): bump @types/node from 20.11.10 to 20.11.16 (#962)
0e8f5bf build(deps): bump @types/node from 20.11.5 to 20.11.10 (#958)
349d206 build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.0 to 6.19.1 ...
2221aee build(deps-dev): bump @typescript-eslint/parser from 6.18.1 to 6.19.1 (#954)
3b44ae5 build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.18.1 to 6.19.0 ...
323b871 build(deps-dev): bump prettier from 3.2.2 to 3.2.4 (#950)
Additional commits viewable in compare view

Updates codecov/codecov-action from 3.1.4 to 4.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.1

What's Changed

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1243

Add all args by @thomasrockhu-codecov in codecov/codecov-action#1245

fix: show both token uses in readme by @thomasrockhu-codecov in codecov/codecov-action#1250

Full Changelog: codecov/codecov-action@v4.0.0...v4.0.1

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.

Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.

OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page

Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

build(deps): bump openpgp from 5.8.0 to 5.9.0 by @dependabot in codecov/codecov-action#985

build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by @dependabot in codecov/codecov-action#1000

build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in codecov/codecov-action#1006

build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in codecov/codecov-action#1013

build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in codecov/codecov-action#1024

build(deps): bump node-fetch from 3.3.1 to 3.3.2 by @dependabot in codecov/codecov-action#1031

build(deps-dev): bump @types/node from 20.1.4 to 20.4.5 by @dependabot in codecov/codecov-action#1032

build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by @dependabot in codecov/codecov-action#1033

build commit,report and upload args based on codecovcli by @dana-yaish in codecov/codecov-action#943

build(deps-dev): bump @types/node from 20.4.5 to 20.5.3 by @dependabot in codecov/codecov-action#1055

build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in codecov/codecov-action#1051

build(deps-dev): bump @types/node from 20.5.3 to 20.5.4 by @dependabot in codecov/codecov-action#1058

chore(deps): update outdated deps by @thomasrockhu-codecov in codecov/codecov-action#1059

build(deps-dev): bump @types/node from 20.5.4 to 20.5.6 by @dependabot in codecov/codecov-action#1060

build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1065

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1064

build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in codecov/codecov-action#1063

build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in codecov/codecov-action#1061

build(deps-dev): bump @types/node from 20.5.6 to 20.5.7 by @dependabot in codecov/codecov-action#1062

build(deps): bump openpgp from 5.9.0 to 5.10.1 by @dependabot in codecov/codecov-action#1066

build(deps-dev): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in codecov/codecov-action#1070

build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in codecov/codecov-action#1069

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1072

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1073

build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1071

build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in codecov/codecov-action#1074

build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in codecov/codecov-action#1081

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in codecov/codecov-action#1080

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

Commits

e0b68c6 fix: show both token uses in readme (#1250)
1f9f557 Add all args (#1245)
09686fc Update README.md (#1243)
f30e495 fix: update action.yml (#1240)
a7b945c fix: allow for other archs (#1239)
98ab2c5 Update package.json (#1238)
43235cc Update README.md (#1237)
0cf8684 chore(ci): bump to node20 (#1236)
8e1e730 build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 ...
61293af build(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.20.0 (#1235)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `github/codeql-action` from 3.22.12 to 3.24.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.22.12...v3.24.3) Updates `golangci/golangci-lint-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v3.7.0...v4.0.0) Updates `codecov/codecov-action` from 3.1.4 to 4.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3.1.4...v4.0.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-02-22T11:07:21Z

Superseded by #489.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Feb 16, 2024

dependabot bot requested a review from gabriel-vasile February 16, 2024 11:16

dependabot bot mentioned this pull request Feb 16, 2024

Bump the github-actions group with 3 updates #485

Closed

dependabot bot closed this Feb 22, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-082fb9e6ab branch February 22, 2024 11:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 3 updates #486

Bump the github-actions group with 3 updates #486

dependabot bot commented on behalf of github Feb 16, 2024 •

edited

Loading

dependabot bot commented on behalf of github Feb 22, 2024

Bump the github-actions group with 3 updates #486

Bump the github-actions group with 3 updates #486

Conversation

dependabot bot commented on behalf of github Feb 16, 2024 • edited Loading

3.24.3 - 15 Feb 2024

3.24.2 - 15 Feb 2024

3.24.1 - 13 Feb 2024

3.24.0 - 02 Feb 2024

3.23.2 - 26 Jan 2024

3.23.1 - 17 Jan 2024

3.23.0 - 08 Jan 2024

v4.0.0

What's Changed

Documentation

Dependencies

v4.0.1

What's Changed

v4.0.0

Breaking Changes

What's Changed

4.0.0-beta.2

Fixes

4.0.0-beta.1

Breaking Changes

dependabot bot commented on behalf of github Feb 22, 2024

dependabot bot commented on behalf of github Feb 16, 2024 •

edited

Loading