Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="305f654631"><code>305f654</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2028">#2028</a> from github/update-v2.22.10-fe23b5a3e</li>
<li><a href="31e94d8cb1"><code>31e94d8</code></a> Update changelog for v2.22.10</li>
<li><a href="fe23b5a3e1"><code>fe23b5a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2016">#2016</a> from github/update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="183559cea8"><code>183559c</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="382a50a028"><code>382a50a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2021">#2021</a> from github/mergeback/v2.22.9-to-main-c0d1daa7</li>
<li><a href="458b4226ad"><code>458b422</code></a> Update checked-in dependencies</li>
<li><a href="5e0f9dbc48"><code>5e0f9db</code></a> Update changelog and version after v2.22.9</li>
<li><a href="b6dc4ba94b"><code>b6dc4ba</code></a> Add changelog note</li>
<li><a href="1c3b8c867b"><code>1c3b8c8</code></a> Update default bundle to codeql-bundle-v2.15.4</li>
<li>See full diff in <a href="c0d1daa7f7...305f654631">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 2.22.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c0d1daa7f7"><code>c0d1daa</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2020">#2020</a> from github/update-v2.22.9-e1d1fad1b</li>
<li><a href="c6e24c94be"><code>c6e24c9</code></a> Update changelog for v2.22.9</li>
<li><a href="e1d1fad1b8"><code>e1d1fad</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2014">#2014</a> from github/nickfyson/update-release-process</li>
<li><a href="0e9a210226"><code>0e9a210</code></a> update workflows to run on all release branches</li>
<li><a href="47e90f23ea"><code>47e90f2</code></a> Merge branch 'main' into nickfyson/update-release-process</li>
<li><a href="ee748cf360"><code>ee748cf</code></a> respond to more review comments</li>
<li><a href="57932be6d4"><code>57932be</code></a> remove unused function</li>
<li><a href="a6ea3c5a45"><code>a6ea3c5</code></a> define backport commit message in constant</li>
<li><a href="3537bea580"><code>3537bea</code></a> Apply suggestions from code review</li>
<li><a href="3675be0110"><code>3675be0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2017">#2017</a> from cklin/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a href="689fdc5193...c0d1daa7f7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* This seems to be unnecessary as users will open a CP PR with the original commit linked in it.
* Add note on changelog description to be less than 80 chars
This fixes https://github.com/flutter/flutter/issues/139511
* A bug has been fixed with `sync-labels`, meaning this needs to be a boolean now. Setting to `true` to match v4 logic.
* in `labeler.yml`, all labels must be a list of globs, so updated them all to be a list of `any`.
* Update the version to v5
This is a little annoying to test, since the way github actions works means that changes to workflows aren't run until after they are merged. A workaround is I forked these labeler changes to a new branch in my own repo and created a PR to merge to that branch, seen here: https://github.com/drewroengoogle/flutter/actions/runs/7102118110/job/19331743809?pr=2. Note the step `Run actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9` which ensures we are running on the latest labeler version in that check.
Reverts flutter/flutter#139506
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@joshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@dusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@sungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@TrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
- AllGlobsToAllFiles: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@âjoshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@âdusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@âsungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@âTrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
- AllGlobsToAllFiles: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.0 to 5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p>
<h2><a href="https://github.com/dessant/lock-threads/compare/v5.0.0...v5.0.1">5.0.1</a> (2023-11-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>support filtering threads by labels with spaces (<a href="0a63678232">0a63678</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/40">#40</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>Discussions are also processed by default,
set the <code>process-only</code> input parameter to preserve the old behavior</li>
</ul>
<pre lang="yaml"><code> steps:
- uses: dessant/lock-threads@v5
with:
process-only: 'issues, prs'
</code></pre>
<ul>
<li>the action now requires Node.js 20</li>
</ul>
<h3>Features</h3>
<ul>
<li>lock discussions (<a href="0a0976f3de">0a0976f</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/25">#25</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="5a25b54eae">5a25b54</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1bf7ec2505"><code>1bf7ec2</code></a> chore(release): 5.0.1</li>
<li><a href="adf4aa5f8a"><code>adf4aa5</code></a> chore: update package</li>
<li><a href="0a63678232"><code>0a63678</code></a> fix: support filtering threads by labels with spaces</li>
<li>See full diff in <a href="d42e5f4980...1bf7ec2505">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Closes https://github.com/flutter/flutter/issues/138539.
Adding `two_dimensional_scrollables`, `process`, `platform` to the first-party package issue template so user can file issues related to them.
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4.0.1 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p>
<h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>Discussions are also processed by default,
set the <code>process-only</code> input parameter to preserve the old behavior</li>
</ul>
<pre lang="yaml"><code> steps:
- uses: dessant/lock-threads@v5
with:
process-only: 'issues, prs'
</code></pre>
<ul>
<li>the action now requires Node.js 20</li>
</ul>
<h3>Features</h3>
<ul>
<li>lock discussions (<a href="0a0976f3de">0a0976f</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/25">#25</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="5a25b54eae">5a25b54</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="38e9185581">38e9185</a>)</li>
<li>update docs (<a href="32986e2696">32986e2</a>)</li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a> (2021-09-27)</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d42e5f4980"><code>d42e5f4</code></a> chore(release): 5.0.0</li>
<li><a href="d8da6c1485"><code>d8da6c1</code></a> chore: update package</li>
<li><a href="c1eab4b45f"><code>c1eab4b</code></a> chore: update workflow</li>
<li><a href="0a0976f3de"><code>0a0976f</code></a> feat: lock discussions</li>
<li><a href="53f3f0c0b9"><code>53f3f0c</code></a> chore: migrate package to ESM</li>
<li><a href="5a25b54eae"><code>5a25b54</code></a> fix: update dependencies</li>
<li>See full diff in <a href="be8aa5be94...d42e5f4980">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 2.22.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="689fdc5193"><code>689fdc5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1990">#1990</a> from github/update-v2.22.6-8c8c7b4d8</li>
<li><a href="33bfd1de92"><code>33bfd1d</code></a> Update changelog for v2.22.6</li>
<li><a href="8c8c7b4d80"><code>8c8c7b4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1979">#1979</a> from github/aeisenberg/python-on-mac</li>
<li><a href="64981bbb5a"><code>64981bb</code></a> Merge branch 'main' into aeisenberg/python-on-mac</li>
<li><a href="e280207df7"><code>e280207</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1978">#1978</a> from github/update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="e46740a99e"><code>e46740a</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="6abf8569a1"><code>6abf856</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1984">#1984</a> from github/aeisenberg/fix-debug-integration-tests</li>
<li><a href="59252d9bfb"><code>59252d9</code></a> Update setup-swift deficiency compensation</li>
<li><a href="dcf348a0d3"><code>dcf348a</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.2</li>
<li><a href="82284f1b28"><code>82284f1</code></a> Fix failing workflows</li>
<li>Additional commits viewable in <a href="74483a38d3...689fdc5193">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Reverts flutter/flutter#138037
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
Migrate no-response to the version imported in cocoon.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="74483a38d3"><code>74483a3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1972">#1972</a> from github/update-v2.22.5-2d5ffa777</li>
<li><a href="2ba6829f2b"><code>2ba6829</code></a> Update changelog for v2.22.5</li>
<li><a href="2d5ffa7773"><code>2d5ffa7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1970">#1970</a> from github/henrymercer/clean-up-init-logs</li>
<li><a href="14d0fa93b4"><code>14d0fa9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1967">#1967</a> from github/henrymercer/enable-features-on-ghes</li>
<li><a href="5744b13b66"><code>5744b13</code></a> Rebuild Action</li>
<li><a href="f3b55862ea"><code>f3b5586</code></a> Check out the right branch in <code>rebuild.yml</code></li>
<li><a href="95c219819d"><code>95c2198</code></a> Add a log in the OK case</li>
<li><a href="e8e83c3a56"><code>e8e83c3</code></a> Merge branch 'main' into henrymercer/enable-features-on-ghes</li>
<li><a href="c7abe9ca5f"><code>c7abe9c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1971">#1971</a> from github/henrymercer/bot-rebuild</li>
<li><a href="3fc281e079"><code>3fc281e</code></a> Add workflow to rebuild the Action on a label</li>
<li>Additional commits viewable in <a href="49abf0ba24...74483a38d3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Latest example of an issue about a typo: https://github.com/flutter/flutter/issues/137080. I don't think these are helpful, so we shouldn't be encouraging people to file these in order to submit a PR to fix 'em.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="49abf0ba24"><code>49abf0b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1961">#1961</a> from github/update-v2.22.4-63470275e</li>
<li><a href="907abca61b"><code>907abca</code></a> Update changelog for v2.22.4</li>
<li><a href="63470275e7"><code>6347027</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1953">#1953</a> from github/update-bundle/codeql-bundle-v2.15.1</li>
<li><a href="b98a636a6b"><code>b98a636</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.1</li>
<li><a href="4a368f64ad"><code>4a368f6</code></a> Add announcement on Node 16 deprecation (<a href="https://redirect.github.com/github/codeql-action/issues/1960">#1960</a>)</li>
<li><a href="77bbb99abd"><code>77bbb99</code></a> Bump urllib3 in /python-setup/tests/poetry/python-3.8 (<a href="https://redirect.github.com/github/codeql-action/issues/1957">#1957</a>)</li>
<li><a href="a75a0d5716"><code>a75a0d5</code></a> Bump urllib3 in /python-setup/tests/poetry/requests-3 (<a href="https://redirect.github.com/github/codeql-action/issues/1956">#1956</a>)</li>
<li><a href="aa55b87f87"><code>aa55b87</code></a> Bump urllib3 in /python-setup/tests/pipenv/requests-3 (<a href="https://redirect.github.com/github/codeql-action/issues/1955">#1955</a>)</li>
<li><a href="b6b0833c3d"><code>b6b0833</code></a> Bump urllib3 in /python-setup/tests/pipenv/python-3.8 (<a href="https://redirect.github.com/github/codeql-action/issues/1954">#1954</a>)</li>
<li><a href="0132448784"><code>0132448</code></a> Add changelog note</li>
<li>Additional commits viewable in <a href="0116bc2df5...49abf0ba24">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li>
</ul>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0116bc2df5"><code>0116bc2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1947">#1947</a> from github/update-v2.22.3-82ba90b1d</li>
<li><a href="f5a984b113"><code>f5a984b</code></a> Update changelog for v2.22.3</li>
<li><a href="82ba90b1d9"><code>82ba90b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1945">#1945</a> from github/henrymercer/authenticate-api-url</li>
<li><a href="34f97d7a16"><code>34f97d7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1944">#1944</a> from github/henrymercer/sublanguage-file-coverage-fixes</li>
<li><a href="74442e0a95"><code>74442e0</code></a> Add changelog note</li>
<li><a href="bd32fab74f"><code>bd32fab</code></a> Provide token when downloading from GHES API</li>
<li><a href="b584cf8321"><code>b584cf8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1922">#1922</a> from github/nora/add-commit-sha-to-database-upload</li>
<li><a href="761255a4a3"><code>761255a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1943">#1943</a> from github/mergeback/v2.22.2-to-main-d90b8d79</li>
<li><a href="346d5c4b07"><code>346d5c4</code></a> Test sub-language file coverage in file baseline information check</li>
<li><a href="5950d13564"><code>5950d13</code></a> Enable sub-language file coverage in <code>interpret-results</code> too</li>
<li>Additional commits viewable in <a href="2cb752a87e...0116bc2df5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
In order to better track features, I propose that we have a unified
template for creating Umbrella issues. This is not required to create
umbrella issue to add to the feature tracker, however for those who
would like a more fleshed out format, this will serve the purpose.
Fixes: https://github.com/flutter/flutter/issues/134234
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.6 to 2.22.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.21.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>Enable the following language aliases when using CodeQL 2.14.4 and later: <code>c-cpp</code> for C/C++ analysis, <code>java-kotlin</code> for Java/Kotlin analysis, and <code>javascript-typescript</code> for JavaScript/TypeScript analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1883">#1883</a></li>
</ul>
<h2>2.21.7 - 14 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.5. <a href="https://redirect.github.com/github/codeql-action/pull/1882">#1882</a></li>
</ul>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
<li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li>
</ul>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="2cb752a87e"><code>2cb752a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1924">#1924</a> from github/update-v2.22.0-3f7850a17</li>
<li><a href="e50f53baa1"><code>e50f53b</code></a> Add changelog note for tracing Go 1.21</li>
<li><a href="0a65c007f6"><code>0a65c00</code></a> Update changelog for v2.22.0</li>
<li><a href="3f7850a179"><code>3f7850a</code></a> Improve downloading log message (<a href="https://redirect.github.com/github/codeql-action/issues/1920">#1920</a>)</li>
<li><a href="27235304e0"><code>2723530</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1923">#1923</a> from github/henrymercer/fix-resolve-environment-aliases</li>
<li><a href="8f0e8b0890"><code>8f0e8b0</code></a> Tweak language parsing to improve clarity</li>
<li><a href="f243294ab7"><code>f243294</code></a> Extend PR check to test <code>resolve-environment</code> works with language alias</li>
<li><a href="1ea6a10947"><code>1ea6a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1909">#1909</a> from github/mbg/go-1.21-workaround</li>
<li><a href="e26ed57a22"><code>e26ed57</code></a> Defer language aliasing to CLI when appropriate</li>
<li><a href="0ac7669167"><code>0ac7669</code></a> Fix using <code>resolve-environment</code> Action with language aliases</li>
<li>Additional commits viewable in <a href="701f152f28...2cb752a87e">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.6 - 13 Sep 2023</h2>
<ul>
<li>Better error message when there is a failure to determine the merge base of the code to analysis. <a href="https://redirect.github.com/github/codeql-action/pull/1860">#1860</a></li>
<li>Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1866">#1866</a></li>
<li>Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/1867">#1867</a></li>
<li>Update default CodeQL bundle version to 2.14.4. <a href="https://redirect.github.com/github/codeql-action/pull/1873">#1873</a></li>
</ul>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="701f152f28"><code>701f152</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1875">#1875</a> from github/update-v2.21.6-6a6a82470</li>
<li><a href="1b6299040a"><code>1b62990</code></a> Fix misplaced changelog entry</li>
<li><a href="5462f69153"><code>5462f69</code></a> Update changelog for v2.21.6</li>
<li><a href="6a6a824702"><code>6a6a824</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1873">#1873</a> from github/update-bundle/codeql-bundle-v2.14.4</li>
<li><a href="88c7a5c4cc"><code>88c7a5c</code></a> Add changelog note</li>
<li><a href="da65035498"><code>da65035</code></a> Update default bundle to codeql-bundle-v2.14.4</li>
<li><a href="43750fe4fc"><code>43750fe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1872">#1872</a> from github/henrymercer/user-errors-for-upload-sarif</li>
<li><a href="a7c12a5225"><code>a7c12a5</code></a> Address PR comments</li>
<li><a href="7218de5369"><code>7218de5</code></a> Merge branch 'main' into henrymercer/user-errors-for-upload-sarif</li>
<li><a href="4764dce02f"><code>4764dce</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1866">#1866</a> from github/henrymercer/enable-scaling-reserved-ram-...</li>
<li>Additional commits viewable in <a href="00e563ead9...701f152f28">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v3.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(github): remove trailing whitespaces by <a href="https://github.com/ljmf00"><code>@âljmf00</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/313">actions/upload-artifact#313</a></li>
<li>Bump <code>@âactions/artifact</code> version to v1.1.2 by <a href="https://github.com/bethanyj28"><code>@âbethanyj28</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/436">actions/upload-artifact#436</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v3.1.3">https://github.com/actions/upload-artifact/compare/v3...v3.1.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a8a3f3ad30"><code>a8a3f3a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/436">#436</a> from bethanyj28/main</li>
<li><a href="7b48769c03"><code>7b48769</code></a> update dependency cache</li>
<li><a href="66630398df"><code>6663039</code></a> update dist/index.js</li>
<li><a href="55e76b779d"><code>55e76b7</code></a> bump <code>@âactions/artifact</code> version</li>
<li><a href="65d862660a"><code>65d8626</code></a> chore(github): remove trailing whitespaces (<a href="https://redirect.github.com/actions/upload-artifact/issues/313">#313</a>)</li>
<li>See full diff in <a href="0b7f8abb15...a8a3f3ad30">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
*Replace this paragraph with a description of what this PR is changing or adding, and why. Consider including before/after screenshots.*
*List which issues are fixed by this PR. You must list at least one issue.*
*If you had to change anything in the [flutter/tests] repo, include a link to the migration guide as per the [breaking change policy].*
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.5 - 28 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1845">#1845</a></li>
<li>Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. The environment variable <code>CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS</code> will now be respected if it was manually configured in the workflow. <a href="https://redirect.github.com/github/codeql-action/pull/1844">#1844</a></li>
<li>Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. <a href="https://redirect.github.com/github/codeql-action/pull/1853">#1853</a></li>
</ul>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="00e563ead9"><code>00e563e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1858">#1858</a> from github/update-v2.21.5-100912429</li>
<li><a href="7323c2ac6b"><code>7323c2a</code></a> Update changelog for v2.21.5</li>
<li><a href="100912429f"><code>1009124</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1845">#1845</a> from github/update-bundle/codeql-bundle-v2.14.3</li>
<li><a href="a2d14d32b8"><code>a2d14d3</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.3</li>
<li><a href="ff9cb435df"><code>ff9cb43</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1853">#1853</a> from github/igfoo/kot1.9.10</li>
<li><a href="2f913c1249"><code>2f913c1</code></a> npm run build</li>
<li><a href="7dab60079b"><code>7dab600</code></a> Put upper limit on the CodeQL versions for which we override the Kotlin limit</li>
<li><a href="862b2cf102"><code>862b2cf</code></a> Add a changelog entry for the Kotlin 1.9.10 support</li>
<li><a href="070dd05edd"><code>070dd05</code></a> npm run build</li>
<li><a href="ff95d147d6"><code>ff95d14</code></a> Kotlin: Fix lint</li>
<li>Additional commits viewable in <a href="a09933a12a...00e563ead9">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.4 - 14 Aug 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.2. <a href="https://redirect.github.com/github/codeql-action/pull/1831">#1831</a></li>
<li>Log a warning if the amount of available disk space runs low during a code scanning run. <a href="https://redirect.github.com/github/codeql-action/pull/1825">#1825</a></li>
<li>When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. <a href="https://redirect.github.com/github/codeql-action/pull/1832">#1832</a></li>
<li>Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. <a href="https://redirect.github.com/github/codeql-action/pull/1833">#1833</a></li>
<li>We are rolling out a feature in August 2023 that will improve the quality of file coverage information. <a href="https://redirect.github.com/github/codeql-action/pull/1835">#1835</a></li>
</ul>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a09933a12a"><code>a09933a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1838">#1838</a> from github/update-v2.21.4-492a68c32</li>
<li><a href="37116fb629"><code>37116fb</code></a> Fix positioning of bundle update changelog note</li>
<li><a href="c613917766"><code>c613917</code></a> Update changelog for v2.21.4</li>
<li><a href="492a68c323"><code>492a68c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1836">#1836</a> from github/henrymercer/analysis-summary-v2-ff</li>
<li><a href="ac49314877"><code>ac49314</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1834">#1834</a> from github/henrymercer/analysis-summary-v2-ff</li>
<li><a href="ac35d7a02d"><code>ac35d7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1835">#1835</a> from github/henrymercer/language-baseline-config</li>
<li><a href="d03c744ad6"><code>d03c744</code></a> Don't pass <code>--no-</code> flag as it doesn't exist yet</li>
<li><a href="a0407a8c60"><code>a0407a8</code></a> Add changelog note for rollout</li>
<li><a href="8a7b2e9c9b"><code>8a7b2e9</code></a> Enable language specific baselines via feature flag</li>
<li><a href="9a510d9b07"><code>9a510d9</code></a> Rename new analysis summary feature flag</li>
<li>Additional commits viewable in <a href="5b6282e01c...a09933a12a">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.3 - 08 Aug 2023</h2>
<ul>
<li>We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1817">#1817</a></li>
<li>We are rolling out a feature in August 2023 that adds beta support for <a href="https://projectlombok.org/">Project Lombok</a> when analyzing Java. <a href="https://redirect.github.com/github/codeql-action/pull/1809">#1809</a></li>
<li>Reduce disk space usage when downloading the CodeQL bundle. <a href="https://redirect.github.com/github/codeql-action/pull/1820">#1820</a></li>
</ul>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="5b6282e01c"><code>5b6282e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1829">#1829</a> from github/update-v2.21.3-f9a7c6738</li>
<li><a href="f0f7a35b85"><code>f0f7a35</code></a> Add changenote for Lombok rollout</li>
<li><a href="dda4ed3db4"><code>dda4ed3</code></a> Update changelog for v2.21.3</li>
<li><a href="f9a7c6738f"><code>f9a7c67</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1827">#1827</a> from github/dependabot/npm_and_yarn/npm-5103036bd1</li>
<li><a href="31b9dd18d4"><code>31b9dd1</code></a> Update checked-in dependencies</li>
<li><a href="7e2f56aae3"><code>7e2f56a</code></a> Bump the npm group with 3 updates</li>
<li><a href="878ae4a749"><code>878ae4a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1823">#1823</a> from github/henrymercer/setup-swift-more-consistent</li>
<li><a href="63602c0f72"><code>63602c0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1824">#1824</a> from github/henrymercer/cli-notifications-fix</li>
<li><a href="66dc883276"><code>66dc883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1826">#1826</a> from github/henrymercer/increase-reserved-scaling-fa...</li>
<li><a href="2203178090"><code>2203178</code></a> Increase scaling factor for reserved RAM to 5%</li>
<li>Additional commits viewable in <a href="0ba4244466...5b6282e01c">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [google/mirror-branch-action](https://github.com/google/mirror-branch-action) from 1.0 to 2.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="30c52ee21f"><code>30c52ee</code></a> Update dependencies.</li>
<li><a href="4544d8a090"><code>4544d8a</code></a> Update deprecated action environment</li>
<li><a href="884625cd18"><code>884625c</code></a> Bump node-fetch from 2.6.0 to 2.6.1</li>
<li><a href="d9fb13d47a"><code>d9fb13d</code></a> Bump <code>@âactions/core</code> from 1.2.4 to 1.2.6</li>
<li><a href="4083f5d474"><code>4083f5d</code></a> Unify placeholders in README.md</li>
<li><a href="394f8d4604"><code>394f8d4</code></a> Bump lodash from 4.17.15 to 4.17.19 (<a href="https://redirect.github.com/google/mirror-branch-action/issues/3">#3</a>)</li>
<li><a href="5d7016e8e9"><code>5d7016e</code></a> The sample <code>uses:</code> line should reference <a href="https://github.com/v1"><code>@âv1</code></a>.0 (<a href="https://redirect.github.com/google/mirror-branch-action/issues/1">#1</a>)</li>
<li>See full diff in <a href="c6b07e441a...30c52ee21f">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4.0.0 to 4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="38e9185581">38e9185</a>)</li>
<li>update docs (<a href="32986e2696">32986e2</a>)</li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a> (2021-09-27)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>
<p>input parameter names have changed</p>
<p>Rename the following input parameters when upgrading from v2 to v3:</p>
<ul>
<li><code>issue-lock-inactive-days</code> --> <code>issue-inactive-days</code></li>
<li><code>issue-exclude-created-before</code> --> <code>exclude-issue-created-before</code></li>
<li><code>issue-exclude-labels</code> --> <code>exclude-any-issue-labels</code></li>
<li><code>issue-lock-labels</code> --> <code>add-issue-labels</code></li>
<li><code>issue-lock-comment</code> --> <code>issue-comment</code></li>
<li><code>pr-lock-inactive-days</code> --> <code>pr-inactive-days</code></li>
<li><code>pr-exclude-created-before</code> --> <code>exclude-pr-created-before</code></li>
<li><code>pr-exclude-labels</code> --> <code>exclude-any-pr-labels</code></li>
<li><code>pr-lock-labels</code> --> <code>add-pr-labels</code></li>
<li><code>pr-lock-comment</code> --> <code>pr-comment</code></li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>add new filtering and labeling options, update input parameter names (<a href="26fd836f96">26fd836</a>)</li>
<li>allow manual triggering (<a href="a0c7da3065">a0c7da3</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v2.1.1...v2.1.2">2.1.2</a> (2021-08-17)</h3>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="be8aa5be94"><code>be8aa5b</code></a> chore(release): 4.0.1</li>
<li><a href="52f040d195"><code>52f040d</code></a> chore: update package</li>
<li><a href="1618e91da6"><code>1618e91</code></a> fix: retry and throttle GitHub API requests</li>
<li><a href="bec0993a56"><code>bec0993</code></a> chore: remove graduated preview header</li>
<li><a href="20ec7bbb28"><code>20ec7bb</code></a> chore: update dependencies</li>
<li><a href="b1f967d833"><code>b1f967d</code></a> chore: rename default branch</li>
<li>See full diff in <a href="c1b35aecc5...be8aa5be94">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.2 - 28 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.1. <a href="https://redirect.github.com/github/codeql-action/pull/1797">#1797</a></li>
<li>Avoid duplicating the analysis summary within the logs. <a href="https://redirect.github.com/github/codeql-action/pull/1811">#1811</a></li>
</ul>
<h2>2.21.1 - 26 Jul 2023</h2>
<ul>
<li>Improve the handling of fatal errors from the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1795">#1795</a></li>
<li>Add the <code>sarif-output</code> output to the analyze action that contains the path to the directory of the generated SARIF. <a href="https://redirect.github.com/github/codeql-action/pull/1799">#1799</a></li>
</ul>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0ba4244466"><code>0ba4244</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1813">#1813</a> from github/update-v2.21.2-10c6bfee1</li>
<li><a href="a9a416c8f4"><code>a9a416c</code></a> Update changelog for v2.21.2</li>
<li><a href="10c6bfee12"><code>10c6bfe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1811">#1811</a> from github/henrymercer/print-summary-once</li>
<li><a href="feea86eed3"><code>feea86e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1810">#1810</a> from github/henrymercer/ci/use-platform-specific-bun...</li>
<li><a href="2e6f8c08c1"><code>2e6f8c0</code></a> Add changelog note</li>
<li><a href="8342844ea7"><code>8342844</code></a> Only print the analysis summary once</li>
<li><a href="679aac1b20"><code>679aac1</code></a> Use platform specific bundles in PR checks</li>
<li><a href="de6681ceb7"><code>de6681c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1797">#1797</a> from github/update-bundle/codeql-bundle-v2.14.1</li>
<li><a href="f6fe5c5c70"><code>f6fe5c5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.1</li>
<li><a href="62762170e1"><code>6276217</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1808">#1808</a> from github/mergeback/v2.21.1-to-main-6ca1aa8c</li>
<li>Additional commits viewable in <a href="1813ca74c3...0ba4244466">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@âv2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@âv2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1813ca74c3"><code>1813ca7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1791">#1791</a> from github/update-v2.21.0-6ae46f7a9</li>
<li><a href="6843540876"><code>6843540</code></a> Update changelog for v2.21.0</li>
<li><a href="6ae46f7a92"><code>6ae46f7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1790">#1790</a> from github/henrymercer/aborted-user-error</li>
<li><a href="0cae69e062"><code>0cae69e</code></a> Report user errors in the abort stage appropriately</li>
<li><a href="d2ed0a05b6"><code>d2ed0a0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1786">#1786</a> from github/dependabot/npm_and_yarn/npm-0a410f26d2</li>
<li><a href="651d09131a"><code>651d091</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1788">#1788</a> from github/henrymercer/fix-feature-flag-usage</li>
<li><a href="e0f0892f83"><code>e0f0892</code></a> Add tests for new analysis summary feature flag</li>
<li><a href="27d3b2f857"><code>27d3b2f</code></a> Fix scaling reserved RAM feature flag naming</li>
<li><a href="da4e0a06c0"><code>da4e0a0</code></a> Fix CodeQL version checks</li>
<li><a href="e266801e21"><code>e266801</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="489225d82a...1813ca74c3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Jenn Magder