[PR #668] [MERGED] chore(deps): update github/codeql-action action to v3.30.5 #666

New issue

Closed

opened 2026-03-03 14:32:13 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:32:13 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/668
Author: @renovate[bot]
Created: 9/25/2025
Status: ✅ Merged
Merged: 9/28/2025
Merged by: @renovate[bot]

Base: master ← Head: renovate/github-codeql-action-3.x

📝 Commits (1)

dfa8048 chore(deps): update github/codeql-action action to v3.30.5

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/scorecards.yml (+1 -1)

📄 Description

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	patch	`v3.30.3` -> `v3.30.5`

Release Notes

github/codeql-action (github/codeql-action)

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
Update default CodeQL bundle version to 2.23.1. #3118

See the full CHANGELOG.md for more information.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/668 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 9/25/2025 **Status:** ✅ Merged **Merged:** 9/28/2025 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/github-codeql-action-3.x` --- ### 📝 Commits (1) - [`dfa8048`](https://github.com/konstruktoid/hardening/commit/dfa8048921f14895facb46830b8929e29b2efa7f) chore(deps): update github/codeql-action action to v3.30.5 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/scorecards.yml` (+1 -1) </details> ### 📄 Description Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.30.3` -> `v3.30.5` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.30.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.4...v3.30.5) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.30.5 - 26 Sep 2025 - We fixed a bug that was introduced in `3.30.4` with `upload-sarif` which resulted in files without a `.sarif` extension not getting uploaded. [#3160](https://redirect.github.com/github/codeql-action/pull/3160) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md) for more information. ### [`v3.30.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.3...v3.30.4) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.30.4 - 25 Sep 2025 - We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the `codeql-action/init` step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the `codeql-action/init` step. [#3099](https://redirect.github.com/github/codeql-action/pull/3099) and [#3100](https://redirect.github.com/github/codeql-action/pull/3100) - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://redirect.github.com/github/codeql-action/pull/3107) - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://redirect.github.com/github/codeql-action/pull/3130) - Update default CodeQL bundle version to 2.23.1. [#3118](https://redirect.github.com/github/codeql-action/pull/3118) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md) for more information. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>