Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8a470fddaf"><code>8a470fd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2176">#2176</a> from github/update-v3.24.6-158d0780d</li>
<li><a href="d59eafb69b"><code>d59eafb</code></a> Update changelog for v3.24.6</li>
<li><a href="158d0780dc"><code>158d078</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2175">#2175</a> from github/henrymercer/fix-languages-init-success</li>
<li><a href="2307ff547f"><code>2307ff5</code></a> Add <code>languages</code> and <code>build_mode</code> to <code>init</code> <code>success</code> status report</li>
<li><a href="ccd3f02545"><code>ccd3f02</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2173">#2173</a> from github/henrymercer/mark-third-party-limits-erro...</li>
<li><a href="c0917251d4"><code>c091725</code></a> Refactoring: Convert <code>ActionName</code> to enum</li>
<li><a href="e12a8cc5eb"><code>e12a8cc</code></a> Use <code>isFirstPartyAnalysis</code> for a stronger check</li>
<li><a href="888ab31e3e"><code>888ab31</code></a> Mark third-party SARIF limits errors as configuration errors</li>
<li><a href="bd56a05133"><code>bd56a05</code></a> Rename <code>InvalidRequestError</code> to <code>InvalidSarifUploadError</code></li>
<li><a href="7bde9061b4"><code>7bde906</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2172">#2172</a> from github/henrymercer/fix-readme-typos</li>
<li>Additional commits viewable in <a href="47b3d888fe...8a470fddaf">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.4 to 3.24.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="47b3d888fe"><code>47b3d88</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2162">#2162</a> from github/update-v3.24.5-a74dcdb05</li>
<li><a href="28c290059f"><code>28c2900</code></a> Update changelog for v3.24.5</li>
<li><a href="a74dcdb056"><code>a74dcdb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2160">#2160</a> from github/henrymercer/deptrace-with-build-mode</li>
<li><a href="aeb89ef79a"><code>aeb89ef</code></a> Enable C++ deptrace when using autobuild build mode</li>
<li><a href="2896599ec9"><code>2896599</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2060">#2060</a> from github/mbg/go/1.22</li>
<li><a href="e3a86ed8b6"><code>e3a86ed</code></a> Add comment justifying why we set <code>cache: false</code></li>
<li><a href="5d55901fc8"><code>5d55901</code></a> Use Go 1.22 in workflows</li>
<li><a href="908a88334d"><code>908a883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2158">#2158</a> from github/mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="9bce06dffb"><code>9bce06d</code></a> Merge branch 'main' into mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="c9f3eed85d"><code>c9f3eed</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="e2e140ad14...47b3d888fe">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e2e140ad14"><code>e2e140a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2157">#2157</a> from github/update-v3.24.4-982d9346a</li>
<li><a href="5b1ae298f9"><code>5b1ae29</code></a> Update changelog for v3.24.4</li>
<li><a href="982d9346ad"><code>982d934</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2111">#2111</a> from github/nickfyson/first-or-third-party</li>
<li><a href="ebda17e859"><code>ebda17e</code></a> respond to review comments</li>
<li><a href="cca1ddefc0"><code>cca1dde</code></a> Merge branch 'main' into nickfyson/first-or-third-party</li>
<li><a href="f32f0bf8e4"><code>f32f0bf</code></a> ensure only the upload-sarif action can submit a status report with first_par...</li>
<li><a href="bf8c75ee37"><code>bf8c75e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2153">#2153</a> from github/aeisenberg/add-permissions-doc</li>
<li><a href="36c51ac2b5"><code>36c51ac</code></a> Capitalize Code Scanning</li>
<li><a href="a7dc229496"><code>a7dc229</code></a> add first_party_analysis boolean to all status reports</li>
<li><a href="592977e6ae"><code>592977e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2151">#2151</a> from angelapwen/fix-cpu-group-bug</li>
<li>Additional commits viewable in <a href="379614612a...e2e140ad14">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
I don't know if this is feasible, but figured it was worth seeing.
Often times dart fixes are forgotten as part of the code review process.
I know some people ignore the PR template, but considered maybe a mention was warranted.
I've made the change reflected below:
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.1 to 3.24.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="379614612a"><code>3796146</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2148">#2148</a> from github/update-v3.24.3-3a7796d6a</li>
<li><a href="01d302a04e"><code>01d302a</code></a> Update changelog for v3.24.3</li>
<li><a href="3a7796d6ad"><code>3a7796d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2147">#2147</a> from github/henrymercer/fix-config-outside-workspace...</li>
<li><a href="56b93f29eb"><code>56b93f2</code></a> Add changelog note</li>
<li><a href="381e65f460"><code>381e65f</code></a> Allow generated user config file to be outside the workspace</li>
<li><a href="d88d538126"><code>d88d538</code></a> Add PR check for specifying configuration using the <code>config</code> input</li>
<li><a href="dc983b33c3"><code>dc983b3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2143">#2143</a> from github/mergeback/v3.24.2-to-main-ece8414c</li>
<li><a href="66a4732f1d"><code>66a4732</code></a> Update checked-in dependencies</li>
<li><a href="e62fb8e891"><code>e62fb8e</code></a> Update changelog and version after v3.24.2</li>
<li><a href="ece8414c72"><code>ece8414</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2142">#2142</a> from github/update-v3.24.2-1a41e5519</li>
<li>Additional commits viewable in <a href="e675ced7a7...379614612a">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e675ced7a7"><code>e675ced</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2131">#2131</a> from github/update-v3.24.1-c79c360e0</li>
<li><a href="41154da3e4"><code>41154da</code></a> Update changelog for v3.24.1</li>
<li><a href="c79c360e02"><code>c79c360</code></a> Bump the npm group with 3 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2128">#2128</a>)</li>
<li><a href="4075abfb06"><code>4075abf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2121">#2121</a> from jsoref/status-reports-are-not-critical</li>
<li><a href="5a6da1d85d"><code>5a6da1d</code></a> Treat status reports as non-critical</li>
<li><a href="43a8916cbe"><code>43a8916</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2124">#2124</a> from github/update-bundle/codeql-bundle-v2.16.2</li>
<li><a href="b0346e4adb"><code>b0346e4</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.2</li>
<li><a href="3ab1d29793"><code>3ab1d29</code></a> Stop running debug artifacts checks on MacOS (<a href="https://redirect.github.com/github/codeql-action/issues/2123">#2123</a>)</li>
<li><a href="9a734dafa1"><code>9a734da</code></a> Add changelog note</li>
<li><a href="8fae32eb18"><code>8fae32e</code></a> Update default bundle to codeql-bundle-v2.16.2</li>
<li>Additional commits viewable in <a href="e8893c57a1...e675ced7a7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<ul>
<li>Bump <code>@âactions/artifacts</code> to latest version to include <a href="https://redirect.github.com/actions/toolkit/pull/1648">updated GHES host check</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="5d5d22a312"><code>5d5d22a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/515">#515</a> from actions/eggyhead/update-artifact-v2.1.1</li>
<li><a href="f1e993d966"><code>f1e993d</code></a> update artifact license</li>
<li><a href="4881bfd3f2"><code>4881bfd</code></a> updating dist:</li>
<li><a href="a30777e265"><code>a30777e</code></a> <a href="https://github.com/eggyhead"><code>@âeggyhead</code></a></li>
<li><a href="3a8048248f"><code>3a80482</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/511">#511</a> from actions/robherley/migration-docs-typo</li>
<li><a href="9d63e3f2f8"><code>9d63e3f</code></a> Merge branch 'main' into robherley/migration-docs-typo</li>
<li><a href="dfa1ab292d"><code>dfa1ab2</code></a> fix typo with v3 artifact downloads in migration guide</li>
<li><a href="d00351bf69"><code>d00351b</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/509">#509</a> from markmssd/patch-1</li>
<li><a href="707f5a7b71"><code>707f5a7</code></a> Update limitation of <code>10</code> artifacts upload to <code>500</code></li>
<li>See full diff in <a href="26f96dfa69...5d5d22a312">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e8893c57a1"><code>e8893c5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2113">#2113</a> from github/update-v3.24.0-2db032717</li>
<li><a href="78d6c8e84d"><code>78d6c8e</code></a> Update changelog for v3.24.0</li>
<li><a href="2db0327171"><code>2db0327</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2112">#2112</a> from github/henrymercer/status-report-handle-disk-fa...</li>
<li><a href="f9dea84e29"><code>f9dea84</code></a> Status report: Handle failures determining disk usage</li>
<li><a href="81eb6b2bf4"><code>81eb6b2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2108">#2108</a> from github/henrymercer/build-mode-input</li>
<li><a href="483bef1dab"><code>483bef1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2106">#2106</a> from github/rasmuswl/default-no-dep-inst</li>
<li><a href="b58c2f67a6"><code>b58c2f6</code></a> Detail requirements for different build modes</li>
<li><a href="f7d53249e3"><code>f7d5324</code></a> Update wording for CHANGELOG.md</li>
<li><a href="254b53d999"><code>254b53d</code></a> Merge branch 'main' into henrymercer/build-mode-input</li>
<li><a href="e34513334c"><code>e345133</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2107">#2107</a> from github/henrymercer/refactor-config</li>
<li>Additional commits viewable in <a href="b7bf0a3ed3...e8893c57a1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Context: Follow up from sync with @itsjustkevin today. Tag and ping the actor of workflow, when the cherry pick pull request is successfully created.
1. actor of workflow will be the username of the user that triggered the initial workflow run. i.e., whoever labels the PR. This person might not necessarily be the author of the cherry pick PR.
2. PR number of newly created cherry pick PR is parsed from the output of "gh pr create" as a multi line string.
Tested: on cp success: https://github.com/flutter/flutter/pull/142674 pings the actor of workflow (not the pr author). on cp failure: [example workflow](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7734400373/job/21088324523) leaves a msg on the original PR.
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.2 to 6.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v6.0.0</h2>
<h2>Behaviour changes</h2>
<ul>
<li>The default values for <code>author</code> and <code>committer</code> have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.</li>
<li>On completion, the action now removes the temporary git remote configuration it adds when using <code>push-to-fork</code>. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.</li>
</ul>
<h2>What's new</h2>
<ul>
<li>Updated runtime to Node.js 20
<ul>
<li>The action now requires a minimum version of <a href="https://github.com/actions/runner/releases/tag/v2.308.0">v2.308.0</a> for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.</li>
</ul>
</li>
<li>The default value for <code>author</code> has been changed to <code>${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com></code>. The change adds the <code>${{ github.actor_id }}+</code> prefix to the email address to align with GitHub's standard format for the author email address.</li>
<li>The default value for <code>committer</code> has been changed to <code>github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com></code>. This is to align with the default GitHub Actions bot user account.</li>
<li>Adds input <code>git-token</code>, the <a href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">Personal Access Token (PAT)</a> that the action will use for git operations. This input defaults to the value of <code>token</code>. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.</li>
<li><code>push-to-fork</code> now supports pushing to sibling repositories in the same network.</li>
<li>Previously, when using <code>push-to-fork</code>, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.</li>
<li>If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...<em>[Pull request body truncated]</em>" to indicate that the body has been truncated.</li>
<li>The action now uses <code>--unshallow</code> only when necessary, rather than as a default argument of <code>git fetch</code>. This should improve performance, particularly for large git repositories with extensive commit history.</li>
<li>The action can now be executed on one GitHub server and create pull requests on a <em>different</em> GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2086">peter-evans/create-pull-request#2086</a></li>
<li>fix crazy-max/ghaction-import-gp parameters by <a href="https://github.com/fharper"><code>@âfharper</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li>
<li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2364">peter-evans/create-pull-request#2364</a></li>
<li>Use checkout v4 by <a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li>
<li>Note about <code>delete-branch</code> by <a href="https://github.com/dezren39"><code>@âdezren39</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li>
<li>98 dependency updates by <a href="https://github.com/dependabot"><code>@âdependabot</code></a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/fharper"><code>@âfharper</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li>
<li><a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li>
<li><a href="https://github.com/dezren39"><code>@âdezren39</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0">https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b1ddad2c99"><code>b1ddad2</code></a> feat: v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2717">#2717</a>)</li>
<li><a href="bb809027fd"><code>bb80902</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.8 to 18.19.10 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2712">#2712</a>)</li>
<li><a href="e0037d470c"><code>e0037d4</code></a> build(deps): bump peter-evans/create-or-update-comment from 3 to 4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2702">#2702</a>)</li>
<li><a href="94b1f99e3a"><code>94b1f99</code></a> build(deps): bump peter-evans/find-comment from 2 to 3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2703">#2703</a>)</li>
<li><a href="69c27eaf4a"><code>69c27ea</code></a> build(deps-dev): bump ts-jest from 29.1.1 to 29.1.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2685">#2685</a>)</li>
<li><a href="7ea722a0f6"><code>7ea722a</code></a> build(deps-dev): bump prettier from 3.2.2 to 3.2.4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2684">#2684</a>)</li>
<li><a href="5ee839affd"><code>5ee839a</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.7 to 18.19.8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2683">#2683</a>)</li>
<li><a href="60fc256c67"><code>60fc256</code></a> build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2660">#2660</a>)</li>
<li><a href="0c67723361"><code>0c67723</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.5 to 18.19.7 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2661">#2661</a>)</li>
<li><a href="4e288e851b"><code>4e288e8</code></a> build(deps-dev): bump prettier from 3.1.1 to 3.2.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2659">#2659</a>)</li>
<li>Additional commits viewable in <a href="153407881e...b1ddad2c99">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>v3.1.6</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6">https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ab904c41d6"><code>ab904c4</code></a> chore(release): bump to 3.1.6</li>
<li><a href="a8c374ae46"><code>a8c374a</code></a> Revert "action.yml: Update to Node.js 20 (<a href="https://redirect.github.com/codecov/codecov-action/issues/1228">#1228</a>)"</li>
<li>See full diff in <a href="4fe8c5f003...ab904c41d6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7bf0a3ed3"><code>b7bf0a3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2099">#2099</a> from github/update-v3.23.2-61bf02577</li>
<li><a href="33e354b34b"><code>33e354b</code></a> Changelog: Add missing PR link</li>
<li><a href="f4cfe8904c"><code>f4cfe89</code></a> Update changelog for v3.23.2</li>
<li><a href="61bf02577c"><code>61bf025</code></a> Send overall job status in init-post status report (<a href="https://redirect.github.com/github/codeql-action/issues/2097">#2097</a>)</li>
<li><a href="16150320c5"><code>1615032</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2096">#2096</a> from github/update-bundle/codeql-bundle-v2.16.1</li>
<li><a href="bd67d8d6b2"><code>bd67d8d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2098">#2098</a> from github/henrymercer/update-internal-queries</li>
<li><a href="a2619f68c8"><code>a2619f6</code></a> Internal queries: Replace deprecated predicates</li>
<li><a href="666e2f9edf"><code>666e2f9</code></a> Internal queries: Replace deprecated predicates</li>
<li><a href="d43ae36a63"><code>d43ae36</code></a> Add changelog note</li>
<li><a href="75af1f5948"><code>75af1f5</code></a> Update default bundle to codeql-bundle-v2.16.1</li>
<li>Additional commits viewable in <a href="0b21cf2492...b7bf0a3ed3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>v3.1.5</h2>
<h2>What's Changed</h2>
<ul>
<li>action.yml: Update to Node.js 20 by <a href="https://github.com/hallabro"><code>@âhallabro</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hallabro"><code>@âhallabro</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5">https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4fe8c5f003"><code>4fe8c5f</code></a> chore(release): bump to 3.1.5</li>
<li><a href="9140fdcf54"><code>9140fdc</code></a> action.yml: Update to Node.js 20 (<a href="https://redirect.github.com/codecov/codecov-action/issues/1228">#1228</a>)</li>
<li>See full diff in <a href="eaaf4bedf3...4fe8c5f003">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This should finally (with high confidence) fix https://github.com/flutter/flutter/issues/141980, the mysterious error where git push sometimes fail.
**Root cause**:
When a pull request merges onto flutter's master branch, it is actually a merge from a branch on a flutter contributor's repository, to flutter's repository. Therefore, the [actor](https://stackoverflow.com/questions/58737785/github-actions-empty-env-secrets) of the pull request event, is the user that opened the pull request. And this actor would not have write access to repo and therefore the repo secret resolves to empty.
Therefore [running your pull_request workflow when a pull request merges](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges) doesn't work because even though we are not running our workflows on a forked repository, the **actor** of the pull_request event comes from a forked repository, and secrets are not passed to this actor.
The correct way is using [pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event instead of pull_request event. In workflows triggered by this event, GITHUB_TOKEN is granted read/write repository permission unless the permissions key is specified and the workflow **can** access secrets, even when the actor of the workflow trigger comes from a fork.
Note that workflows of this event runs in the context of the base commit and not the merge commit. But this doesn't matter for our use case since we are good with using the actions file from the base commit in the pull request event.
**Tested**:
I was finally able to reproduce the error by:
1. create a pull request under the username of different user other than the repository owner
2. merge and label the pull request, and use the token of this different user, but use it as repository secrets in the workflow
[reproduced error](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7619699924/job/20753210562)
previously I wasn't able to reproduce this error on my personal repo because the actors in my tests are the same user.
Also tested on my personal repo, following the steps mentioned above, that using the pull_request_event type fixes the error. [succeeded run](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7630017020/job/20784762242)
**The Debug Process**:
spent quite a while looking at other things during debugging, but they turned out to be unrelated. things that we experimented with are workflow conditions, ssh setup, git push url, manual trigger, workflow env, secret setup, dependency on market place actions (actions/checkout and peter-evans/create-pullrequest)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Reorganize upload code in prep for merge logic & add more tests by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/504">actions/upload-artifact#504</a></li>
<li>Add sub-action to merge artifacts by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/505">actions/upload-artifact#505</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.3.0">https://github.com/actions/upload-artifact/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="26f96dfa69"><code>26f96df</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/505">#505</a> from actions/robherley/merge-artifacts</li>
<li><a href="530ed2c9b8"><code>530ed2c</code></a> use correct artifact name in test</li>
<li><a href="53ef6987b3"><code>53ef698</code></a> add additional integration test for merge all behavior</li>
<li><a href="90b0f8eed8"><code>90b0f8e</code></a> add workflow to test merging</li>
<li><a href="199a58f54f"><code>199a58f</code></a> more docs</li>
<li><a href="3f353f9d9e"><code>3f353f9</code></a> ncc</li>
<li><a href="997fffa355"><code>997fffa</code></a> add merge artifact sub-action</li>
<li><a href="52899c8c02"><code>52899c8</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/504">#504</a> from actions/robherley/reorganize</li>
<li><a href="da58a3f7b2"><code>da58a3f</code></a> ncc</li>
<li><a href="1f64adb853"><code>1f64adb</code></a> fix import</li>
<li>Additional commits viewable in <a href="694cdabd8b...26f96dfa69">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ability to overwrite an Artifact by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/501">actions/upload-artifact#501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.2.0">https://github.com/actions/upload-artifact/compare/v4...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="694cdabd8b"><code>694cdab</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/501">#501</a> from actions/robherley/overwrite-artifact</li>
<li><a href="05d4fe6702"><code>05d4fe6</code></a> run licensed against version that matches ci</li>
<li><a href="40b3052821"><code>40b3052</code></a> update readme</li>
<li><a href="49552fcb82"><code>49552fc</code></a> add overwrite tests to workflow</li>
<li><a href="79615904cc"><code>7961590</code></a> licensed cache</li>
<li><a href="11ff42c7b1"><code>11ff42c</code></a> add new overwrite input & docs</li>
<li>See full diff in <a href="1eb3cb2b3e...694cdabd8b">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* `flutter_web_plugins` didn't have a label that would make PRs show up for team triage, now they are assigned to the web team so they don't fall through the cracks
* `flutter_goldens_client` doesn't exist anymore, deleted
* `integration_test` PRs should be treated like `flutter_test` or `flutter_driver` PRs and get the `a: tests` label.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0b21cf2492"><code>0b21cf2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2089">#2089</a> from github/update-v3.23.1-f65ecd09c</li>
<li><a href="ae616145ed"><code>ae61614</code></a> Update changelog for v3.23.1</li>
<li><a href="f65ecd09c7"><code>f65ecd0</code></a> Only delete SARIF in PR check if not running on a fork (<a href="https://redirect.github.com/github/codeql-action/issues/2084">#2084</a>)</li>
<li><a href="4d75a10efa"><code>4d75a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2073">#2073</a> from github/update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="e65c5d92f7"><code>e65c5d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2086">#2086</a> from github/dependabot/npm_and_yarn/npm-c0441c84d9</li>
<li><a href="6b12e3d9d9"><code>6b12e3d</code></a> Update checked-in dependencies</li>
<li><a href="e292db6207"><code>e292db6</code></a> Bump the npm group with 4 updates</li>
<li><a href="1fea7a57e7"><code>1fea7a5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="96531062ba"><code>9653106</code></a> Stop setting <code>CODEQL_RUNNER</code> environment variable if CLI already sets it (<a href="https://redirect.github.com/github/codeql-action/issues/2081">#2081</a>)</li>
<li><a href="eb14aeb61d"><code>eb14aeb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2080">#2080</a> from github/henrymercer/fix-unconditional-warning</li>
<li>Additional commits viewable in <a href="e5f05b81d5...0b21cf2492">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
I continued [my mission](https://github.com/flutter/flutter/pull/141431) to find as many typos as I could. This time it's a smaller set than before.
There is no need for issues since it's a typo fix.
We recently added `open` to this as part of changing all the templates, but the lock file is often quite large, and is often ancillary to the important issues details (unlike cases like code or screenshots), so it's better to leave this one collapsed by default.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.23.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e5f05b81d5"><code>e5f05b8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2066">#2066</a> from github/update-v3.23.0-fd55bb0b0</li>
<li><a href="48e7b8b751"><code>48e7b8b</code></a> Update changelog for v3.23.0</li>
<li><a href="fd55bb0b00"><code>fd55bb0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2065">#2065</a> from github/henrymercer/further-run-queries-cleanup</li>
<li><a href="838a022982"><code>838a022</code></a> Clean up running queries workflow now that the queries are determined by the CLI</li>
<li><a href="8516954d60"><code>8516954</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2062">#2062</a> from github/henrymercer/remove-action-config-parsing</li>
<li><a href="a533ec62b3"><code>a533ec6</code></a> Merge branch 'main' into henrymercer/remove-action-config-parsing</li>
<li><a href="08ae9bf4d0"><code>08ae9bf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2063">#2063</a> from github/henrymercer/remove-ml-powered-queries-repo</li>
<li><a href="58ff74adc3"><code>58ff74a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2031">#2031</a> from github/rasmuswl/no-dep-inst-default</li>
<li><a href="9926570d4c"><code>9926570</code></a> Generate JS</li>
<li><a href="2e27b3c56b"><code>2e27b3c</code></a> Create helper <code>isPythonDependencyInstallationDisabled</code></li>
<li>Additional commits viewable in <a href="b374143c11...e5f05b81d5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Add a workflow that simply:
1. checkout repo
2. write a file
3. create a PR
This is used to verify the permissions and validity of the github token we use to create PR.
context: https://chat.google.com/room/AAAAc_4rqiI/Ck593Sg7mvs
If we think the triggering condition is complicated, I can also change this workflow to be manual dispatch, to make it truly minimal.
sir @godofredoc pointed out that we should use a real user to create PRs with, and we already have one account with such credentials -- the mirror bot.
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<p>The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.</p>
<p>For more information, see the <a href="https://github.com/actions/toolkit/tree/main/packages/artifact"><code>@âactions/artifact</code></a> documentation.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vmjoseph"><code>@âvmjoseph</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/464">actions/upload-artifact#464</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v4.0.0">https://github.com/actions/upload-artifact/compare/v3...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c7d193f32e"><code>c7d193f</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/466">#466</a> from actions/v4-beta</li>
<li><a href="13131bb095"><code>13131bb</code></a> licensed cache</li>
<li><a href="4a6c273b98"><code>4a6c273</code></a> Merge branch 'main' into v4-beta</li>
<li><a href="f391bb91a3"><code>f391bb9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/465">#465</a> from actions/robherley/v4-documentation</li>
<li><a href="9653d03c4b"><code>9653d03</code></a> Apply suggestions from code review</li>
<li><a href="875b630764"><code>875b630</code></a> add limitations section</li>
<li><a href="ecb21463e9"><code>ecb2146</code></a> add compression example</li>
<li><a href="5e7604f84a"><code>5e7604f</code></a> trim some repeated info</li>
<li><a href="d6437d0758"><code>d6437d0</code></a> naming</li>
<li><a href="1b56155703"><code>1b56155</code></a> s/v4-beta/v4/g</li>
<li>Additional commits viewable in <a href="a8a3f3ad30...c7d193f32e">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b374143c11"><code>b374143</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2034">#2034</a> from github/update-v3.22.11-64e61baea</li>
<li><a href="e2b5cc75ce"><code>e2b5cc7</code></a> Update changelog for v3.22.11</li>
<li><a href="64e61baeac"><code>64e61ba</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2006">#2006</a> from github/nickfyson/node-20</li>
<li><a href="c757f9f6de"><code>c757f9f</code></a> Apply suggestions from code review</li>
<li><a href="7898bc2041"><code>7898bc2</code></a> add pr check for node version consistency</li>
<li><a href="6b5b958063"><code>6b5b958</code></a> remove dedundant single quotes from node version strings</li>
<li><a href="ea1e72c669"><code>ea1e72c</code></a> Update .github/workflows/pr-checks.yml</li>
<li><a href="b974542e9f"><code>b974542</code></a> Merge branch 'main' into nickfyson/node-20</li>
<li><a href="b995212303"><code>b995212</code></a> Bump the actions group with 2 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2024">#2024</a>)</li>
<li><a href="3c1878d8f9"><code>3c1878d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2029">#2029</a> from github/mergeback/v2.22.10-to-main-305f6546</li>
<li>Additional commits viewable in <a href="305f654631...b374143c11">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="305f654631"><code>305f654</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2028">#2028</a> from github/update-v2.22.10-fe23b5a3e</li>
<li><a href="31e94d8cb1"><code>31e94d8</code></a> Update changelog for v2.22.10</li>
<li><a href="fe23b5a3e1"><code>fe23b5a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2016">#2016</a> from github/update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="183559cea8"><code>183559c</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="382a50a028"><code>382a50a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2021">#2021</a> from github/mergeback/v2.22.9-to-main-c0d1daa7</li>
<li><a href="458b4226ad"><code>458b422</code></a> Update checked-in dependencies</li>
<li><a href="5e0f9dbc48"><code>5e0f9db</code></a> Update changelog and version after v2.22.9</li>
<li><a href="b6dc4ba94b"><code>b6dc4ba</code></a> Add changelog note</li>
<li><a href="1c3b8c867b"><code>1c3b8c8</code></a> Update default bundle to codeql-bundle-v2.15.4</li>
<li>See full diff in <a href="c0d1daa7f7...305f654631">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 2.22.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c0d1daa7f7"><code>c0d1daa</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2020">#2020</a> from github/update-v2.22.9-e1d1fad1b</li>
<li><a href="c6e24c94be"><code>c6e24c9</code></a> Update changelog for v2.22.9</li>
<li><a href="e1d1fad1b8"><code>e1d1fad</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2014">#2014</a> from github/nickfyson/update-release-process</li>
<li><a href="0e9a210226"><code>0e9a210</code></a> update workflows to run on all release branches</li>
<li><a href="47e90f23ea"><code>47e90f2</code></a> Merge branch 'main' into nickfyson/update-release-process</li>
<li><a href="ee748cf360"><code>ee748cf</code></a> respond to more review comments</li>
<li><a href="57932be6d4"><code>57932be</code></a> remove unused function</li>
<li><a href="a6ea3c5a45"><code>a6ea3c5</code></a> define backport commit message in constant</li>
<li><a href="3537bea580"><code>3537bea</code></a> Apply suggestions from code review</li>
<li><a href="3675be0110"><code>3675be0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2017">#2017</a> from cklin/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a href="689fdc5193...c0d1daa7f7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* This seems to be unnecessary as users will open a CP PR with the original commit linked in it.
* Add note on changelog description to be less than 80 chars
This fixes https://github.com/flutter/flutter/issues/139511
* A bug has been fixed with `sync-labels`, meaning this needs to be a boolean now. Setting to `true` to match v4 logic.
* in `labeler.yml`, all labels must be a list of globs, so updated them all to be a list of `any`.
* Update the version to v5
This is a little annoying to test, since the way github actions works means that changes to workflows aren't run until after they are merged. A workaround is I forked these labeler changes to a new branch in my own repo and created a PR to merge to that branch, seen here: https://github.com/drewroengoogle/flutter/actions/runs/7102118110/job/19331743809?pr=2. Note the step `Run actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9` which ensures we are running on the latest labeler version in that check.
Reverts flutter/flutter#139506
Initiated by: godofredoc
This change reverts the following previous change:
Original Description:
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@joshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@dusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@sungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@TrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
- AllGlobsToAllFiles: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>This release contains the following breaking changes:</p>
<ol>
<li>
<p>The ability to apply labels based on the names of base and/or head branches was added (<a href="https://redirect.github.com/actions/labeler/issues/186">#186</a> and <a href="https://redirect.github.com/actions/labeler/issues/54">#54</a>). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (<a href="https://redirect.github.com/actions/labeler/issues/423">#423</a> and <a href="https://redirect.github.com/actions/labeler/issues/101">#101</a>). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a> to find out how to adapt your configuration files for use with the new action version.</p>
</li>
<li>
<p>The bug related to the <code>sync-labels</code> input was fixed (<a href="https://redirect.github.com/actions/labeler/issues/112">#112</a>). Now the input value is read correctly.</p>
</li>
<li>
<p>By default, <code>dot</code> input is set to <code>true</code>. Now, paths starting with a dot (e.g. <code>.github</code>) are matched by default.</p>
</li>
<li>
<p>Version 5 of this action updated the <a href="https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions">runtime to Node.js 20</a>. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</p>
</li>
</ol>
<p>For more information, please read the <a href="https://github.com/actions/labeler/tree/main#pull-request-labeler">action documentation</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joshdales"><code>@âjoshdales</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/203">actions/labeler#203</a></li>
<li><a href="https://github.com/dusan-trickovic"><code>@âdusan-trickovic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/626">actions/labeler#626</a></li>
<li><a href="https://github.com/sungh0lim"><code>@âsungh0lim</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/630">actions/labeler#630</a></li>
<li><a href="https://github.com/TrianguloY"><code>@âTrianguloY</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/629">actions/labeler#629</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v5.0.0">https://github.com/actions/labeler/compare/v4...v5.0.0</a></p>
<h2>v5.0.0-beta.1</h2>
<h2>What's Changed</h2>
<p>In scope of this beta release, the structure of the configuration file (<code>.github/labeler.yml</code>) was changed from</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
</code></pre>
<p>to</p>
<pre lang="yml"><code>LabelName:
- any:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
- AllGlobsToAllFiles: ['list', 'of', 'globs']
- base-branch: ['list', 'of', 'regexps']
- head-branch: ['list', 'of', 'regexps']
- all:
- changed-files:
- AnyGlobToAnyFile: ['list', 'of', 'globs']
- AnyGlobToAllFiles: ['list', 'of', 'globs']
- AllGlobsToAnyFile: ['list', 'of', 'globs']
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8558fd7429"><code>8558fd7</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/709">#709</a> from actions/v5.0.0-beta</li>
<li><a href="000ca75fe6"><code>000ca75</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/700">#700</a> from MaksimZhukov/apply-suggestions-and-update-docume...</li>
<li><a href="cb66c2f078"><code>cb66c2f</code></a> Update dist</li>
<li><a href="9181355e36"><code>9181355</code></a> Apply suggestions for the beta vesrion and update the documentation</li>
<li><a href="efe4c1c90e"><code>efe4c1c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/699">#699</a> from MaksimZhukov/update-node-runtime-and-dependencies</li>
<li><a href="c0957ad7c3"><code>c0957ad</code></a> Run Prettier</li>
<li><a href="8dc8d1842f"><code>8dc8d18</code></a> Update Node.js version in reusable workflows</li>
<li><a href="d0d0bbebfb"><code>d0d0bbe</code></a> Update documentation</li>
<li><a href="1375c42512"><code>1375c42</code></a> 5.0.0</li>
<li><a href="ab7411ec21"><code>ab7411e</code></a> Change version of Node.js runtime to node20</li>
<li>Additional commits viewable in <a href="ac9175f8a1...8558fd7429">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.0 to 5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/absolute-version/commit-and-tag-version">commit-and-tag-version</a> for commit guidelines.</p>
<h2><a href="https://github.com/dessant/lock-threads/compare/v5.0.0...v5.0.1">5.0.1</a> (2023-11-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>support filtering threads by labels with spaces (<a href="0a63678232">0a63678</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/40">#40</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v4.0.1...v5.0.0">5.0.0</a> (2023-11-14)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>Discussions are also processed by default,
set the <code>process-only</code> input parameter to preserve the old behavior</li>
</ul>
<pre lang="yaml"><code> steps:
- uses: dessant/lock-threads@v5
with:
process-only: 'issues, prs'
</code></pre>
<ul>
<li>the action now requires Node.js 20</li>
</ul>
<h3>Features</h3>
<ul>
<li>lock discussions (<a href="0a0976f3de">0a0976f</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/25">#25</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a href="5a25b54eae">5a25b54</a>)</li>
</ul>
<h3><a href="https://github.com/dessant/lock-threads/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-06-12)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>retry and throttle GitHub API requests (<a href="1618e91da6">1618e91</a>), closes <a href="https://redirect.github.com/dessant/lock-threads/issues/35">#35</a></li>
</ul>
<h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2>
<h3>â BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1bf7ec2505"><code>1bf7ec2</code></a> chore(release): 5.0.1</li>
<li><a href="adf4aa5f8a"><code>adf4aa5</code></a> chore: update package</li>
<li><a href="0a63678232"><code>0a63678</code></a> fix: support filtering threads by labels with spaces</li>
<li>See full diff in <a href="d42e5f4980...1bf7ec2505">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
dependabot[bot]