Skip to content

ci(gha): Update github/codeql-action action to v3.30.4 #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 28, 2025
Merged

ci(gha): Update github/codeql-action action to v3.30.4 #143

merged 1 commit into from
Sep 28, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 28, 2025

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Type Update Change Pending
github/codeql-action action patch v3.30.3 -> v3.30.4 v3.30.5

Release Notes

github/codeql-action (github/codeql-action)

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025
  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner September 28, 2025 12:44
@renovate renovate bot enabled auto-merge September 28, 2025 12:44
@github-actions
Copy link

github-actions bot commented Sep 28, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/github/codeql-action/upload-sarif 303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 UnknownUnknown

Scanned Files

  • .github/workflows/scorecard.yaml

james3ware
james3ware approved these changes Sep 28, 2025
View reviewed changes
Copy link
Member

@james3ware james3ware left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All checks passed. Auto Approved.

@renovate renovate bot added this pull request to the merge queue Sep 28, 2025
Merged via the queue into main with commit d2b52d4 Sep 28, 2025
6 checks passed
@renovate renovate bot deleted the renovate/github-codeql-action-3.x branch September 28, 2025 12:45
@3ware-release
Copy link
Contributor

3ware-release bot commented Nov 4, 2025

This PR is included in version 2.11.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@james3ware james3ware james3ware approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@james3ware