mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
dae543ff24
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <h2>2.1.28 - 18 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li> <li>Replace uses of GitHub Actions command <code>set-output</code> because it is now deprecated. See more information in the <a href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub Changelog</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li> </ul> <h2>2.1.27 - 06 Oct 2022</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="a669cc5936
"><code>a669cc5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1428">#1428</a> from github/update-v2.1.36-2b971a70</li> <li><a href="aab7a26877
"><code>aab7a26</code></a> Update changelog for v2.1.36</li> <li><a href="2b971a70bb
"><code>2b971a7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1426">#1426</a> from github/dependabot/pip/python-setup/tests/poetry...</li> <li><a href="bf944d782b
"><code>bf944d7</code></a> Bump certifi in /python-setup/tests/poetry/requests-3</li> <li><a href="566a5e6727
"><code>566a5e6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1424">#1424</a> from github/dependabot/pip/python-setup/tests/pipenv...</li> <li><a href="10c89976dc
"><code>10c8997</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1421">#1421</a> from github/cklin/fix-update-required-checks-sha</li> <li><a href="8121f62c54
"><code>8121f62</code></a> Bump certifi in /python-setup/tests/pipenv/python-3.8</li> <li><a href="104319fe98
"><code>104319f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1423">#1423</a> from github/dependabot/pip/python-setup/tests/pipenv...</li> <li><a href="aba18b82f7
"><code>aba18b8</code></a> Bump certifi in /python-setup/tests/pipenv/requests-3</li> <li><a href="4a5ad5af18
"><code>4a5ad5a</code></a> update-required-checks.sh: ignore check-expected-release-files</li> <li>Additional commits viewable in <a href="b2a92eb56d...a669cc5936
">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.35&new-version=2.1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
26 lines
687 B
YAML
26 lines
687 B
YAML
name: "codeql"
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
analyze:
|
|
name: analyze
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
security-events: write
|
|
actions: read
|
|
contents: read
|
|
|
|
steps:
|
|
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3
|
|
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3
|
|
with:
|
|
go-version: '>=1.19.3'
|
|
cache: true
|
|
- uses: github/codeql-action/init@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
|
|
- uses: github/codeql-action/autobuild@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
|
|
- uses: github/codeql-action/analyze@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
|