build(deps): bump github/codeql-action/analyze from 3.36.3 to 4.37.0#32
build(deps): bump github/codeql-action/analyze from 3.36.3 to 4.37.0#32dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 3.36.3 to 4.37.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@411c4c9...99df26d) --- updated-dependencies: - dependency-name: github/codeql-action/analyze dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Codra Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a59eefbe89
ℹ️ About Codra in GitHub
Your team has set up Codra to review pull requests in this repo. Reviews are triggered when you:
- Open a pull request for review
- Mark a draft as ready
- Comment "@codra-app review"
If Codra has suggestions, it will comment; otherwise it will react with 👍.
Codra can also answer questions or update the PR. Try commenting "@codra-app address that feedback".
|
|
||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@411c4c9a36b3fca4d674f06b6396b2c6d23522c6 # v3.36.3 | ||
| uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 |
There was a problem hiding this comment.
Invalid Action Version Constraint
The bump from v3 to v4 of the CodeQL action introduces a major version change. Major versions of GitHub Actions can include breaking changes in input schemas, dependency requirements, or workflow execution logic. It is recommended to perform a thorough compatibility check before upgrading major versions, as this may fail if the environment or configuration requires specific v3-only features.
| uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 | |
| Verify compatibility with CodeQL Action v4 release notes. |
Bumps github/codeql-action/analyze from 3.36.3 to 4.37.0.
Release notes
Sourced from github/codeql-action/analyze's releases.
... (truncated)
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)