Bump the ci group across 1 directory with 11 updates

[dependabot]

Bumps the ci group with 11 updates in the / directory:

Package	From	To
actions/checkout	4.2.0	4.2.2
actions/setup-go	5.0.2	5.2.0
docker/setup-buildx-action	3.6.1	3.8.0
actions/cache	4.0.2	4.2.0
helm/kind-action	1.10.0	1.11.0
docker/build-push-action	6.7.0	6.10.0
docker/metadata-action	5.5.1	5.6.1
sigstore/cosign-installer	3.6.0	3.7.0
anchore/sbom-action	0.17.2	0.17.9
goreleaser/goreleaser-action	6.0.0	6.1.0
github/codeql-action	3.26.9	3.27.9

Updates actions/checkout from 4.2.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
• See full diff in compare view

Updates actions/setup-go from 5.0.2 to 5.2.0

Release notes

Sourced from actions/setup-go's releases.

v5.2.0

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-go#496

New Contributors

• @​Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/setup-go#500
• Upgrade IA Publish by @​Jcambass in actions/setup-go#502
• Add architecture to cache key by @​Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by @​priyagupta108 in actions/setup-go#510

Bug Fixes

• Revise isGhes logic by @​jww3 in actions/setup-go#511

New Contributors

• @​Zxilly made their first contribution in actions/setup-go#493
• @​Jcambass made their first contribution in actions/setup-go#500
• @​jww3 made their first contribution in actions/setup-go#511
• @​priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

• 3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
• 41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
• 9419772 Revise isGhes logic (#511)
• d60b41a Merge pull request #502 from actions/Jcambass-patch-1
• e09f57f Upgrade IA Publish
• df1a117 Merge pull request #500 from actions/Jcambass-patch-1
• 49582f6 Add workflow file for publishing releases to immutable action package
• b26d402 fix: add arch to cache key (#493)
• See full diff in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

• Make cloud prefix optional to download buildx if driver is cloud by @​crazy-max in docker/setup-buildx-action#390
• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370
• Bump @​docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

• Switch back to uuid package by @​crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

• Always set buildkitd-flags if opt-in by @​crazy-max in docker/setup-buildx-action#363
• Remove uuid package and switch to crypto by @​crazy-max in docker/setup-buildx-action#366
• Bump @​docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

• 6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
• 8d5e074 chore: update generated content
• 7199e57 make cloud prefix optional to download buildx if driver is cloud
• db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
• 043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 686da90 chore: update generated content
• a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
• 4dcdbce build(deps): bump @​docker/actions-toolkit from 0.39.0 to 0.48.0
• 1a8ac74 ci: fix deprecated input for codecov-action
• e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
• Additional commits viewable in compare view

Updates actions/cache from 4.0.2 to 4.2.0

Release notes

Sourced from actions/cache's releases.

v4.2.0

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4...v4.2.0

v4.1.2

What's Changed

• Add Bun example by @​idleberg in actions/cache#1456
• Revise isGhes logic by @​jww3 in actions/cache#1474
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in actions/cache#1475
• Add dependabot.yml to enable automatic dependency upgrades by @​Link- in actions/cache#1476
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/cache#1478
• Bump actions/stale from 3 to 9 by @​dependabot in actions/cache#1479
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/cache#1483
• Bump actions/setup-node from 3 to 4 by @​dependabot in actions/cache#1481
• Prepare 4.1.2 release by @​Link- in actions/cache#1477

New Contributors

• @​idleberg made their first contribution in actions/cache#1456
• @​jww3 made their first contribution in actions/cache#1474
• @​Link- made their first contribution in actions/cache#1476

Full Changelog: actions/cache@v4...v4.1.2

v4.1.1

What's Changed

• Restore original behavior of cache-hit output by @​joshmgross in actions/cache#1467

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.4.0

• Integrated with the new cache service (v2) APIs

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

... (truncated)

Commits

• 1bd1e32 Merge pull request #1509 from actions/Link-/cache-4.2.0
• 882d7ce Add 3.4.0 release notes
• f2695d7 Rerun CI
• f46ceeb Add licensed output
• e6f5858 Add lodash to list of reviewed licenses
• 4ae6f21 Add reviewed licensed packages
• c16df86 Add licensed output
• b109c12 Upgrade @​actions/core to 1.11.1 and other deps
• b7d227d Upgrade @​vercel/ncc to 0.38.3
• faf6392 Update RELEASES.md
• Additional commits viewable in compare view

Updates helm/kind-action from 1.10.0 to 1.11.0

Release notes

Sourced from helm/kind-action's releases.

v1.11.0

What's Changed

• add wait test by @​cpanato in helm/kind-action#111
• revert wget to use curl again by @​cpanato in helm/kind-action#110
• feat: add custom kubeconfig option as action input by @​jbattiato in helm/kind-action#119
• fix: Use new mirror for downloading kubectl by @​jriedel-ionos in helm/kind-action#127
• update kind to default to release v0.24.0 by @​cpanato in helm/kind-action#122

New Contributors

• @​jbattiato made their first contribution in helm/kind-action#119
• @​jriedel-ionos made their first contribution in helm/kind-action#127

Full Changelog: helm/kind-action@v1.10.0...v1.11.0

Commits

• ae94020 update kind to default to release v0.24.0 (#122)
• 9fdad06 fix: Use new mirror for downloading kubectl (#127)
• c93960c Bump actions/checkout from 4.2.1 to 4.2.2 in the actions group (#125)
• fce224d Bump actions/checkout from 4.2.0 to 4.2.1 in the actions group (#123)
• 0958ddc Bump actions/checkout from 4.1.7 to 4.2.0 in the actions group (#121)
• 5d66646 feat: add custom kubeconfig option as action input (#119)
• 6f17223 Bump actions/checkout from 4.1.7 to 4.2.0 in the actions group (#120)
• 7e05df2 revert wget to use curl again (#110)
• b17b03a Bump actions/checkout from 4.1.6 to 4.1.7 in the actions group (#117)
• 674d091 Bump actions/checkout from 4.1.5 to 4.1.6 in the actions group (#115)
• Additional commits viewable in compare view

Updates docker/build-push-action from 6.7.0 to 6.10.0

Release notes

Sourced from docker/build-push-action's releases.

v6.10.0

• Add call input to set method for evaluating build by @​crazy-max in docker/build-push-action#1265
• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/build-push-action#1238
• Bump @​docker/actions-toolkit from 0.39.0 to 0.46.0 in docker/build-push-action#1268
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/build-push-action#1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

v6.9.0

• Bump @​docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

• Bump @​docker/actions-toolkit from 0.37.1 to 0.38.0 in docker/build-push-action#1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

Commits

• 48aba3b Merge pull request #1268 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 678328c chore: update generated content
• cdf0a37 chore(deps): Bump @​docker/actions-toolkit from 0.39.0 to 0.46.0
• d719b79 Merge pull request #1238 from docker/dependabot/npm_and_yarn/actions/core-1.11.1
• c333dfd chore: update generated content
• 6b56a4c chore(deps): Bump @​actions/core from 1.10.1 to 1.11.1
• 92fb0d7 Merge pull request #1259 from docker/dependabot/github_actions/codecov/codeco...
• 40532c5 ci: fix deprecated input for codecov-action
• 70dd953 Merge pull request #1267 from crazy-max/fix-allow
• 41b4e80 Merge pull request #1261 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.5.1 to 5.6.1

Release notes

Sourced from docker/metadata-action's releases.

v5.6.1

• Fix GitHub API request fallback for commit date by @​crazy-max in docker/metadata-action#478
• Revert to default commit SHA length of 7 by @​crazy-max in docker/metadata-action#480

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

• Add commit_date global expression by @​trim21 in docker/metadata-action#471 docker/metadata-action#475
• Increase short commit sha length to 12 for uniqueness by @​crazy-max in docker/metadata-action#467
• Bump @​actions/core from 1.10.1 to 1.11.1 docker/metadata-action#460
• Bump @​docker/actions-toolkit from 0.16.1 to 0.44.0 docker/metadata-action#391 docker/metadata-action#399 docker/metadata-action#413 docker/metadata-action#441
• Bump braces from 3.0.2 to 3.0.3 docker/metadata-action#424
• Bump cross-spawn from 7.0.3 to 7.0.5 docker/metadata-action#474
• Bump csv-parse from 5.5.5 to 5.5.6 docker/metadata-action#412
• Bump moment-timezone from 0.5.44 to 0.5.46 docker/metadata-action#383 docker/metadata-action#470 docker/metadata-action#459
• Bump path-to-regexp from 6.2.2 to 6.3.0 docker/metadata-action#454
• Bump semver from 7.6.0 to 7.6.3 docker/metadata-action#400 docker/metadata-action#411 docker/metadata-action#440
• Bump undici from 5.26.3 to 5.28.4 docker/metadata-action#386 docker/metadata-action#402

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

Commits

• 369eb59 Merge pull request #480 from crazy-max/back-to-sha-7
• 7d870ce chore: update generated content
• e44a9cd back to commit sha length of 7
• 8cb0002 Merge pull request #478 from crazy-max/commit-date-request
• e01ddd3 chore: update generated content
• 861d98a commiter_date: fix github api request fallback
• 359e915 Merge pull request #475 from crazy-max/commit-date-changes
• 0c395eb commit_date: code cleanup and readme updates
• 1156622 Merge pull request #474 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.5
• 95ea8d0 chore(deps): Bump cross-spawn from 7.0.3 to 7.0.5
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.6.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in sigstore/cosign-installer#172
• bump for latest cosign v2.4.1 release by @​bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

• dc72c7d bump for latest cosign v2.4.1 release (#173)
• 08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
• See full diff in compare view

Updates anchore/sbom-action from 0.17.2 to 0.17.9

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.9

Changes in v0.17.9

• chore(deps): update Syft to v1.18.1 (#510) [anchore-actions-token-generator]
• chore(deps): update Syft to v1.18.0 (#509) [anchore-actions-token-generator]

v0.17.8

Changes in v0.17.8

• chore(deps): update Syft to v1.17.0 (#507) [anchore-actions-token-generator]

v0.17.7

Changes in v0.17.7

• chore(deps): update Syft to v1.16.0 (#506) [anchore-actions-token-generator]

v0.17.6

Changes in v0.17.6

• chore(deps): update Syft to v1.15.0 (#505) [anchore-actions-token-generator]
• chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504) [dependabot]

v0.17.5

Changes in v0.17.5

• chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

v0.17.4

Changes in v0.17.4

• chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

v0.17.3

Changes in v0.17.3

• chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

Commits

• df80a98 chore(deps): update Syft to v1.18.1 (#510)
• 33651ab chore(deps): update Syft to v1.18.0 (#509)
• a5bbe18 fix: github correlator name when run in matrix build (#482)
• 55dc4ee chore(deps): update Syft to v1.17.0 (#507)
• fc46e51 chore(deps): update Syft to v1.16.0 (#506)
• 251a468 chore(deps): update Syft to v1.15.0 (#505)
• 6bb446c chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504)
• 1ca97d9 chore(deps): update Syft to v1.14.2 (#503)
• 8d0a650 chore(deps): update Syft to v1.14.1 (#502)
• f5e124a chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.0.0 to 6.1.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.1.0

What's Changed

• chore(deps): bump braces from 3.0.2 to 3.0.3 by @​dependabot in goreleaser/goreleaser-action#467
• chore(deps): bump docker/bake-action from 4 to 5 by @​dependabot in goreleaser/goreleaser-action#468
• chore(deps): bump semver from 7.6.2 to 7.6.3 by @​dependabot in goreleaser/goreleaser-action#470
• chore(deps): bump @​actions/http-client from 2.2.1 to 2.2.2 by @​dependabot in goreleaser/goreleaser-action#473
• chore(deps): bump @​actions/http-client from 2.2.2 to 2.2.3 by @​dependabot in goreleaser/goreleaser-action#474
• chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @​dependabot in goreleaser/goreleaser-action#475
• chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in goreleaser/goreleaser-action#478
• docs: bump upload-artifact version by @​dunglas in goreleaser/goreleaser-action#479
• chore: update generated content by @​crazy-max in goreleaser/goreleaser-action#480

New Contributors

• @​dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

Commits

• 9ed2f89 chore: update generated content (#480)
• cf63508 docs: bump upload-artifact version (#479)
• f7623f3 chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#478)
• 006a7a4 chore: update
• e4066e6 chore(deps): bump micromatch from 4.0.5 to 4.0.8 (#475)
• 22f558e chore(deps): bump @​actions/http-client from 2.2.2 to 2.2.3 (#474)
• 6e33108 chore(deps): bump @​actions/http-client from 2.2.1 to 2.2.2 (#473)
• 7ca6450 chore(deps): bump semver from 7.6.2 to 7.6.3 (#470)
• d33b6f6 chore(deps): bump docker/bake-action from 4 to 5 (#468)
• 85d0b9d chore(deps): bump braces from 3.0.2 to 3.0.3 (#467)
• See full diff in compare view

Updates github/codeql-action from 3.26.9 to 3.27.9

Release notes

Sourced from github/codeql-action's releases.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

v3.27.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.6 - 03 Dec 2024

• Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

v3.27.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.5 - 19 Nov 2024

No user facing changes.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to Description has been truncated

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Superseded by #1322.