From f8eed6afb89f70c012269a7b7672462014c6793b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 18:04:19 +0000 Subject: [PATCH] ci(deps): update github/codeql-action action to v3.27.7 (#141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.27.6` -> `v3.27.7` | --- ### Release Notes
github/codeql-action (github/codeql-action) ### [`v3.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.6...v3.27.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.7 - 10 Dec 2024 - We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. [#​2631](https://redirect.github.com/github/codeql-action/pull/2631) - Update default CodeQL bundle version to 2.20.0. [#​2636](https://redirect.github.com/github/codeql-action/pull/2636) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md) for more information.
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Hapag-Lloyd/Workflow-Templates). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/docker_dockerhub_release_callable.yml | 2 +- .github/workflows/terraform_module_terraform_tfsec_callable.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_dockerhub_release_callable.yml b/.github/workflows/docker_dockerhub_release_callable.yml index 3dd6724..1a29f3a 100644 --- a/.github/workflows/docker_dockerhub_release_callable.yml +++ b/.github/workflows/docker_dockerhub_release_callable.yml @@ -74,7 +74,7 @@ jobs: format: "sarif" output: "trivy-results.sarif" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 if: ${{ inputs.upload-security-scan-results }} with: sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/terraform_module_terraform_tfsec_callable.yml b/.github/workflows/terraform_module_terraform_tfsec_callable.yml index 66b99ad..16ece3a 100644 --- a/.github/workflows/terraform_module_terraform_tfsec_callable.yml +++ b/.github/workflows/terraform_module_terraform_tfsec_callable.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif