meta: bump github/codeql-action from 3.28.10 to 3.28.13 #7590
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.10 to 3.28.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b56ba49...1b549b9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
github-actions
bot
removed
the
github_actions:pull-request
|
@nodejs/web-infra please merge this as soon as you get a chance. This might be a security patch for a recent vulnerability in CodeQL (which we are not affected by) |
I see no reason to rush, especially if we are not affected |
|
(I thought it was .3 and not .13. This is not the security patch, we have already been upgraded. Sorry about the confusion. The security disclosure was a few days ago which confused me) If anyone's curious, see https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/ |
github-actions
bot
removed
the
github_actions:pull-request
avivkeller
deleted the
dependabot/github_actions/github/codeql-action-3.28.13
branch
Bumps github/codeql-action from 3.28.10 to 3.28.13.
Release notes
Sourced from github/codeql-action's releases.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
1b549b9Merge pull request #2819 from github/update-v3.28.13-e0ea1410282630c8Update changelog for v3.28.13e0ea141Merge pull request #2818 from github/cklin/empty-pr-diff-rangeb361a91Diff-informed analysis: fix empty PR handlingbd1d9abMerge pull request #2816 from github/cklin/overlay-file-listb98ae6cAdd overlay-database-utils tests9825184Add getFileOidsUnderPath() testsac67cffMerge pull request #2817 from github/cklin/default-setup-diff-informed9c674babuild: refresh js filesd109dd5Detect PR branches for Default SetupDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)