[PR #602] [CLOSED] build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 #604

New issue

Closed

opened 2026-03-03 14:31:57 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:31:57 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/602
Author: @dependabot[bot]
Created: 4/8/2025
Status: ❌ Closed

Base: master ← Head: dependabot/github_actions/github/codeql-action-3.28.15

---

📝 Commits (1)

• 4496e30 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/scorecards.yml (+1 -1)

📄 Description

Bumps github/codeql-action from 3.28.13 to 3.28.15.

Release notes

Sourced from github/codeql-action's releases.

v3.28.15

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.15 - 07 Apr 2025

• Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

See the full CHANGELOG.md for more information.

v3.28.14

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.14 - 07 Apr 2025

• Update default CodeQL bundle version to 2.21.0. #2838

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.15 - 07 Apr 2025

• Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

• Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

• Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
• Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

... (truncated)

Commits

• 45775bd Merge pull request #2854 from github/update-v3.28.15-a35ae8c38
• dd78aab Update CHANGELOG.md with bug fix details
• e40af59 Update changelog for v3.28.15
• a35ae8c Merge pull request #2843 from github/cklin/diff-informed-compat
• bb59df6 Merge pull request #2842 from github/henrymercer/zip64
• 4b508f5 Merge pull request #2845 from github/mergeback/v3.28.14-to-main-fc7e4a0f
• ca00afb Update checked-in dependencies
• 2969c78 Update changelog and version after v3.28.14
• fc7e4a0 Merge pull request #2844 from github/update-v3.28.14-362ef4ce2
• be0175c Update changelog for v3.28.14
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/602 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/8/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/github_actions/github/codeql-action-3.28.15` --- ### 📝 Commits (1) - [`4496e30`](https://github.com/konstruktoid/hardening/commit/4496e304ed64b2bc784dd490ded299ab87c44e7c) build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/scorecards.yml` (+1 -1) </details> ### 📄 Description Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.13 to 3.28.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.28.15</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.28.14</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> <li>Update default CodeQL bundle version to 2.20.7. <a href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li> </ul> <h2>3.28.11 - 07 Mar 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.6. <a href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li> </ul> <h2>3.28.10 - 21 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.5. <a href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li> <li>Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. <a href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li> </ul> <h2>3.28.9 - 07 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li> </ul> <h2>3.28.8 - 29 Jan 2025</h2> <ul> <li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. <a href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li> </ul> <h2>3.28.7 - 29 Jan 2025</h2> <p>No user facing changes.</p> <h2>3.28.6 - 27 Jan 2025</h2> <ul> <li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater. <a href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/45775bd8235c68ba998cffa5171334d58593da47"><code>45775bd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2854">#2854</a> from github/update-v3.28.15-a35ae8c38</li> <li><a href="https://github.com/github/codeql-action/commit/dd78aab4078b17a672a66d6a80a990beb672ede1"><code>dd78aab</code></a> Update CHANGELOG.md with bug fix details</li> <li><a href="https://github.com/github/codeql-action/commit/e40af591743761de70080085b4e6ce37f7f6e657"><code>e40af59</code></a> Update changelog for v3.28.15</li> <li><a href="https://github.com/github/codeql-action/commit/a35ae8c380fa35365cd546f9a397a46f60dd82cf"><code>a35ae8c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2843">#2843</a> from github/cklin/diff-informed-compat</li> <li><a href="https://github.com/github/codeql-action/commit/bb59df6c174a91d88eec1c48f2ab0ef7b5f96e99"><code>bb59df6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2842">#2842</a> from github/henrymercer/zip64</li> <li><a href="https://github.com/github/codeql-action/commit/4b508f59648bef88ef72c74f1ffff531fda55ea8"><code>4b508f5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2845">#2845</a> from github/mergeback/v3.28.14-to-main-fc7e4a0f</li> <li><a href="https://github.com/github/codeql-action/commit/ca00afb5f1457cf1c85da6cda07d73e720ff061a"><code>ca00afb</code></a> Update checked-in dependencies</li> <li><a href="https://github.com/github/codeql-action/commit/2969c78ce0262bf75658058604498d2b4bdb0b9b"><code>2969c78</code></a> Update changelog and version after v3.28.14</li> <li><a href="https://github.com/github/codeql-action/commit/fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2"><code>fc7e4a0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2844">#2844</a> from github/update-v3.28.14-362ef4ce2</li> <li><a href="https://github.com/github/codeql-action/commit/be0175c800fe14dd962aaa2c97f55371f6f95b35"><code>be0175c</code></a> Update changelog for v3.28.14</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...45775bd8235c68ba998cffa5171334d58593da47">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 14:31:57 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-03 14:31:57 +03:00

[PR #604] [CLOSED] build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 #605

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#604

No description provided.