Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.24.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace <code>github/codeql-action/*@v3</code> by <code>github/codeql-action/*@v3.24.10</code> and <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.24.10</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4355270be1"><code>4355270</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2226">#2226</a> from github/update-v3.24.10-7df281f2f</li>
<li><a href="3f041c51a5"><code>3f041c5</code></a> Update changelog for v3.24.10</li>
<li><a href="7df281f2fe"><code>7df281f</code></a> Gracefully continue if <code>createStatusReportBase</code> throws (<a href="https://redirect.github.com/github/codeql-action/issues/2225">#2225</a>)</li>
<li><a href="f421cda8e7"><code>f421cda</code></a> Run integration test PR checks nightly (<a href="https://redirect.github.com/github/codeql-action/issues/2222">#2222</a>)</li>
<li><a href="5f535debfe"><code>5f535de</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2221">#2221</a> from github/nickfyson/upload-logging</li>
<li><a href="278465cdfb"><code>278465c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2219">#2219</a> from github/update-bundle/codeql-bundle-v2.17.0</li>
<li><a href="65e69c8a4b"><code>65e69c8</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.17.0</li>
<li><a href="c037115ddf"><code>c037115</code></a> clarify logging in response to pr review comments</li>
<li><a href="d3c32a84cb"><code>d3c32a8</code></a> fix test to respect updated logging behaviour</li>
<li><a href="26540626a5"><code>2654062</code></a> Merge branch 'main' into nickfyson/upload-logging</li>
<li>Additional commits viewable in <a href="1b1aada464...4355270be1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1b1aada464"><code>1b1aada</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2208">#2208</a> from github/update-v3.24.9-09d4101d2</li>
<li><a href="6505708f95"><code>6505708</code></a> Update changelog for v3.24.9</li>
<li><a href="09d4101d2b"><code>09d4101</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2203">#2203</a> from github/update-bundle/codeql-bundle-v2.16.5</li>
<li><a href="a3ab02e645"><code>a3ab02e</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.5</li>
<li><a href="9cf4574790"><code>9cf4574</code></a> Add changelog note</li>
<li><a href="964f5e7811"><code>964f5e7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2207">#2207</a> from github/henrymercer/more-processing-error-catego...</li>
<li><a href="9c0c35b370"><code>9c0c35b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2206">#2206</a> from github/henrymercer/improved-autobuild-error-wit...</li>
<li><a href="c84e4c8e7b"><code>c84e4c8</code></a> Mark some more processing errors as invalid SARIF upload requests</li>
<li><a href="4aca720110"><code>4aca720</code></a> Improve error message when using build modes and autobuild fails</li>
<li><a href="7f375aeb76"><code>7f375ae</code></a> Wrap configuration errors for all CLI commands</li>
<li>Additional commits viewable in <a href="05963f47d8...1b1aada464">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.24.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="05963f47d8"><code>05963f4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2200">#2200</a> from github/update-v3.24.8-1ecc2779e</li>
<li><a href="2b9b521560"><code>2b9b521</code></a> Update changelog for v3.24.8</li>
<li><a href="1ecc2779e9"><code>1ecc277</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2198">#2198</a> from github/henrymercer/improve-tracking-autobuild-e...</li>
<li><a href="e28ae3a84c"><code>e28ae3a</code></a> Add config error for Swift build failures</li>
<li><a href="bddfc7c6d5"><code>bddfc7c</code></a> Add config error for Gradle build failures</li>
<li><a href="3edd1bf725"><code>3edd1bf</code></a> Truncate autobuild errors to 10 lines</li>
<li><a href="88a0b7abb3"><code>88a0b7a</code></a> Mark Maven build failures as configuration errors</li>
<li><a href="88b28eb70d"><code>88b28eb</code></a> Surface autobuild errors from stderr stream</li>
<li><a href="f055b5e672"><code>f055b5e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2197">#2197</a> from github/henrymercer/log-job-status</li>
<li><a href="0d680ab61c"><code>0d680ab</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2196">#2196</a> from github/henrymercer/update-packs-input-description</li>
<li>Additional commits viewable in <a href="3ab4101902...05963f47d8">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3ab4101902"><code>3ab4101</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2192">#2192</a> from github/update-v3.24.7-5e882999f</li>
<li><a href="a006adfa77"><code>a006adf</code></a> Update changelog for v3.24.7</li>
<li><a href="5e882999f1"><code>5e88299</code></a> Bump the npm group with 2 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2190">#2190</a>)</li>
<li><a href="69e120d747"><code>69e120d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2191">#2191</a> from github/henrymercer/use-include-query-help-flag</li>
<li><a href="5ec06c71f0"><code>5ec06c7</code></a> Use the <code>--sarif-include-query-help</code> option when supported</li>
<li><a href="caf377935a"><code>caf3779</code></a> Update default bundle to 2.16.4 (<a href="https://redirect.github.com/github/codeql-action/issues/2185">#2185</a>)</li>
<li><a href="532ca5486e"><code>532ca54</code></a> Fail <code>analyze</code> step by passing an invalid option to <code>database finalize</code> (<a href="https://redirect.github.com/github/codeql-action/issues/2189">#2189</a>)</li>
<li><a href="2fa207a8b7"><code>2fa207a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2188">#2188</a> from github/henrymercer/prepare-build-mode-help</li>
<li><a href="24c3eda0e3"><code>24c3eda</code></a> Escape named value in input description</li>
<li><a href="27a6cd0a11"><code>27a6cd0</code></a> Remove experimental qualifiers from build mode input</li>
<li>Additional commits viewable in <a href="8a470fddaf...3ab4101902">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Context: @godofredoc pointed out that the fields in the PR template could be simplified and redesigned. Synced with @itsjustkevin and Kevin come up with [changes in this doc](https://docs.google.com/document/d/1Slppqq32toSwwxUyYTX1t6dGUQpyi0xEWxw4niGWspc/edit?resourcekey=0-v6U_9XVsMFSx0Fvx1rANhg&tab=t.0) which would improve the cherry pick template.
Github only supports a limited number of formatting options. This PR uses some workarounds and makes the following changes:
1. use divider to replace text area since Github markdown doesn't support text area
2. remove \<pre\> tags so texts can wrap around
3. use headings over bold
4. use task lists to identify the starting points of user answers
An example cherry pick template would [look like this](https://github.com/flutter/flutter/pull/143785) after the change.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8a470fddaf"><code>8a470fd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2176">#2176</a> from github/update-v3.24.6-158d0780d</li>
<li><a href="d59eafb69b"><code>d59eafb</code></a> Update changelog for v3.24.6</li>
<li><a href="158d0780dc"><code>158d078</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2175">#2175</a> from github/henrymercer/fix-languages-init-success</li>
<li><a href="2307ff547f"><code>2307ff5</code></a> Add <code>languages</code> and <code>build_mode</code> to <code>init</code> <code>success</code> status report</li>
<li><a href="ccd3f02545"><code>ccd3f02</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2173">#2173</a> from github/henrymercer/mark-third-party-limits-erro...</li>
<li><a href="c0917251d4"><code>c091725</code></a> Refactoring: Convert <code>ActionName</code> to enum</li>
<li><a href="e12a8cc5eb"><code>e12a8cc</code></a> Use <code>isFirstPartyAnalysis</code> for a stronger check</li>
<li><a href="888ab31e3e"><code>888ab31</code></a> Mark third-party SARIF limits errors as configuration errors</li>
<li><a href="bd56a05133"><code>bd56a05</code></a> Rename <code>InvalidRequestError</code> to <code>InvalidSarifUploadError</code></li>
<li><a href="7bde9061b4"><code>7bde906</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2172">#2172</a> from github/henrymercer/fix-readme-typos</li>
<li>Additional commits viewable in <a href="47b3d888fe...8a470fddaf">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.4 to 3.24.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="47b3d888fe"><code>47b3d88</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2162">#2162</a> from github/update-v3.24.5-a74dcdb05</li>
<li><a href="28c290059f"><code>28c2900</code></a> Update changelog for v3.24.5</li>
<li><a href="a74dcdb056"><code>a74dcdb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2160">#2160</a> from github/henrymercer/deptrace-with-build-mode</li>
<li><a href="aeb89ef79a"><code>aeb89ef</code></a> Enable C++ deptrace when using autobuild build mode</li>
<li><a href="2896599ec9"><code>2896599</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2060">#2060</a> from github/mbg/go/1.22</li>
<li><a href="e3a86ed8b6"><code>e3a86ed</code></a> Add comment justifying why we set <code>cache: false</code></li>
<li><a href="5d55901fc8"><code>5d55901</code></a> Use Go 1.22 in workflows</li>
<li><a href="908a88334d"><code>908a883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2158">#2158</a> from github/mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="9bce06dffb"><code>9bce06d</code></a> Merge branch 'main' into mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="c9f3eed85d"><code>c9f3eed</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="e2e140ad14...47b3d888fe">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e2e140ad14"><code>e2e140a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2157">#2157</a> from github/update-v3.24.4-982d9346a</li>
<li><a href="5b1ae298f9"><code>5b1ae29</code></a> Update changelog for v3.24.4</li>
<li><a href="982d9346ad"><code>982d934</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2111">#2111</a> from github/nickfyson/first-or-third-party</li>
<li><a href="ebda17e859"><code>ebda17e</code></a> respond to review comments</li>
<li><a href="cca1ddefc0"><code>cca1dde</code></a> Merge branch 'main' into nickfyson/first-or-third-party</li>
<li><a href="f32f0bf8e4"><code>f32f0bf</code></a> ensure only the upload-sarif action can submit a status report with first_par...</li>
<li><a href="bf8c75ee37"><code>bf8c75e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2153">#2153</a> from github/aeisenberg/add-permissions-doc</li>
<li><a href="36c51ac2b5"><code>36c51ac</code></a> Capitalize Code Scanning</li>
<li><a href="a7dc229496"><code>a7dc229</code></a> add first_party_analysis boolean to all status reports</li>
<li><a href="592977e6ae"><code>592977e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2151">#2151</a> from angelapwen/fix-cpu-group-bug</li>
<li>Additional commits viewable in <a href="379614612a...e2e140ad14">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
I don't know if this is feasible, but figured it was worth seeing.
Often times dart fixes are forgotten as part of the code review process.
I know some people ignore the PR template, but considered maybe a mention was warranted.
I've made the change reflected below:
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.1 to 3.24.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="379614612a"><code>3796146</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2148">#2148</a> from github/update-v3.24.3-3a7796d6a</li>
<li><a href="01d302a04e"><code>01d302a</code></a> Update changelog for v3.24.3</li>
<li><a href="3a7796d6ad"><code>3a7796d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2147">#2147</a> from github/henrymercer/fix-config-outside-workspace...</li>
<li><a href="56b93f29eb"><code>56b93f2</code></a> Add changelog note</li>
<li><a href="381e65f460"><code>381e65f</code></a> Allow generated user config file to be outside the workspace</li>
<li><a href="d88d538126"><code>d88d538</code></a> Add PR check for specifying configuration using the <code>config</code> input</li>
<li><a href="dc983b33c3"><code>dc983b3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2143">#2143</a> from github/mergeback/v3.24.2-to-main-ece8414c</li>
<li><a href="66a4732f1d"><code>66a4732</code></a> Update checked-in dependencies</li>
<li><a href="e62fb8e891"><code>e62fb8e</code></a> Update changelog and version after v3.24.2</li>
<li><a href="ece8414c72"><code>ece8414</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2142">#2142</a> from github/update-v3.24.2-1a41e5519</li>
<li>Additional commits viewable in <a href="e675ced7a7...379614612a">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e675ced7a7"><code>e675ced</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2131">#2131</a> from github/update-v3.24.1-c79c360e0</li>
<li><a href="41154da3e4"><code>41154da</code></a> Update changelog for v3.24.1</li>
<li><a href="c79c360e02"><code>c79c360</code></a> Bump the npm group with 3 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2128">#2128</a>)</li>
<li><a href="4075abfb06"><code>4075abf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2121">#2121</a> from jsoref/status-reports-are-not-critical</li>
<li><a href="5a6da1d85d"><code>5a6da1d</code></a> Treat status reports as non-critical</li>
<li><a href="43a8916cbe"><code>43a8916</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2124">#2124</a> from github/update-bundle/codeql-bundle-v2.16.2</li>
<li><a href="b0346e4adb"><code>b0346e4</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.2</li>
<li><a href="3ab1d29793"><code>3ab1d29</code></a> Stop running debug artifacts checks on MacOS (<a href="https://redirect.github.com/github/codeql-action/issues/2123">#2123</a>)</li>
<li><a href="9a734dafa1"><code>9a734da</code></a> Add changelog note</li>
<li><a href="8fae32eb18"><code>8fae32e</code></a> Update default bundle to codeql-bundle-v2.16.2</li>
<li>Additional commits viewable in <a href="e8893c57a1...e675ced7a7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<ul>
<li>Bump <code>@âactions/artifacts</code> to latest version to include <a href="https://redirect.github.com/actions/toolkit/pull/1648">updated GHES host check</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="5d5d22a312"><code>5d5d22a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/515">#515</a> from actions/eggyhead/update-artifact-v2.1.1</li>
<li><a href="f1e993d966"><code>f1e993d</code></a> update artifact license</li>
<li><a href="4881bfd3f2"><code>4881bfd</code></a> updating dist:</li>
<li><a href="a30777e265"><code>a30777e</code></a> <a href="https://github.com/eggyhead"><code>@âeggyhead</code></a></li>
<li><a href="3a8048248f"><code>3a80482</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/511">#511</a> from actions/robherley/migration-docs-typo</li>
<li><a href="9d63e3f2f8"><code>9d63e3f</code></a> Merge branch 'main' into robherley/migration-docs-typo</li>
<li><a href="dfa1ab292d"><code>dfa1ab2</code></a> fix typo with v3 artifact downloads in migration guide</li>
<li><a href="d00351bf69"><code>d00351b</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/509">#509</a> from markmssd/patch-1</li>
<li><a href="707f5a7b71"><code>707f5a7</code></a> Update limitation of <code>10</code> artifacts upload to <code>500</code></li>
<li>See full diff in <a href="26f96dfa69...5d5d22a312">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e8893c57a1"><code>e8893c5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2113">#2113</a> from github/update-v3.24.0-2db032717</li>
<li><a href="78d6c8e84d"><code>78d6c8e</code></a> Update changelog for v3.24.0</li>
<li><a href="2db0327171"><code>2db0327</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2112">#2112</a> from github/henrymercer/status-report-handle-disk-fa...</li>
<li><a href="f9dea84e29"><code>f9dea84</code></a> Status report: Handle failures determining disk usage</li>
<li><a href="81eb6b2bf4"><code>81eb6b2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2108">#2108</a> from github/henrymercer/build-mode-input</li>
<li><a href="483bef1dab"><code>483bef1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2106">#2106</a> from github/rasmuswl/default-no-dep-inst</li>
<li><a href="b58c2f67a6"><code>b58c2f6</code></a> Detail requirements for different build modes</li>
<li><a href="f7d53249e3"><code>f7d5324</code></a> Update wording for CHANGELOG.md</li>
<li><a href="254b53d999"><code>254b53d</code></a> Merge branch 'main' into henrymercer/build-mode-input</li>
<li><a href="e34513334c"><code>e345133</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2107">#2107</a> from github/henrymercer/refactor-config</li>
<li>Additional commits viewable in <a href="b7bf0a3ed3...e8893c57a1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Context: Follow up from sync with @itsjustkevin today. Tag and ping the actor of workflow, when the cherry pick pull request is successfully created.
1. actor of workflow will be the username of the user that triggered the initial workflow run. i.e., whoever labels the PR. This person might not necessarily be the author of the cherry pick PR.
2. PR number of newly created cherry pick PR is parsed from the output of "gh pr create" as a multi line string.
Tested: on cp success: https://github.com/flutter/flutter/pull/142674 pings the actor of workflow (not the pr author). on cp failure: [example workflow](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7734400373/job/21088324523) leaves a msg on the original PR.
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.2 to 6.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v6.0.0</h2>
<h2>Behaviour changes</h2>
<ul>
<li>The default values for <code>author</code> and <code>committer</code> have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.</li>
<li>On completion, the action now removes the temporary git remote configuration it adds when using <code>push-to-fork</code>. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.</li>
</ul>
<h2>What's new</h2>
<ul>
<li>Updated runtime to Node.js 20
<ul>
<li>The action now requires a minimum version of <a href="https://github.com/actions/runner/releases/tag/v2.308.0">v2.308.0</a> for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.</li>
</ul>
</li>
<li>The default value for <code>author</code> has been changed to <code>${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com></code>. The change adds the <code>${{ github.actor_id }}+</code> prefix to the email address to align with GitHub's standard format for the author email address.</li>
<li>The default value for <code>committer</code> has been changed to <code>github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com></code>. This is to align with the default GitHub Actions bot user account.</li>
<li>Adds input <code>git-token</code>, the <a href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">Personal Access Token (PAT)</a> that the action will use for git operations. This input defaults to the value of <code>token</code>. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.</li>
<li><code>push-to-fork</code> now supports pushing to sibling repositories in the same network.</li>
<li>Previously, when using <code>push-to-fork</code>, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.</li>
<li>If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...<em>[Pull request body truncated]</em>" to indicate that the body has been truncated.</li>
<li>The action now uses <code>--unshallow</code> only when necessary, rather than as a default argument of <code>git fetch</code>. This should improve performance, particularly for large git repositories with extensive commit history.</li>
<li>The action can now be executed on one GitHub server and create pull requests on a <em>different</em> GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2086">peter-evans/create-pull-request#2086</a></li>
<li>fix crazy-max/ghaction-import-gp parameters by <a href="https://github.com/fharper"><code>@âfharper</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li>
<li>Update distribution by <a href="https://github.com/actions-bot"><code>@âactions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2364">peter-evans/create-pull-request#2364</a></li>
<li>Use checkout v4 by <a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li>
<li>Note about <code>delete-branch</code> by <a href="https://github.com/dezren39"><code>@âdezren39</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li>
<li>98 dependency updates by <a href="https://github.com/dependabot"><code>@âdependabot</code></a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/fharper"><code>@âfharper</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2177">peter-evans/create-pull-request#2177</a></li>
<li><a href="https://github.com/okuramasafumi"><code>@âokuramasafumi</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2521">peter-evans/create-pull-request#2521</a></li>
<li><a href="https://github.com/dezren39"><code>@âdezren39</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2631">peter-evans/create-pull-request#2631</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0">https://github.com/peter-evans/create-pull-request/compare/v5.0.2...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b1ddad2c99"><code>b1ddad2</code></a> feat: v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2717">#2717</a>)</li>
<li><a href="bb809027fd"><code>bb80902</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.8 to 18.19.10 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2712">#2712</a>)</li>
<li><a href="e0037d470c"><code>e0037d4</code></a> build(deps): bump peter-evans/create-or-update-comment from 3 to 4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2702">#2702</a>)</li>
<li><a href="94b1f99e3a"><code>94b1f99</code></a> build(deps): bump peter-evans/find-comment from 2 to 3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2703">#2703</a>)</li>
<li><a href="69c27eaf4a"><code>69c27ea</code></a> build(deps-dev): bump ts-jest from 29.1.1 to 29.1.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2685">#2685</a>)</li>
<li><a href="7ea722a0f6"><code>7ea722a</code></a> build(deps-dev): bump prettier from 3.2.2 to 3.2.4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2684">#2684</a>)</li>
<li><a href="5ee839affd"><code>5ee839a</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.7 to 18.19.8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2683">#2683</a>)</li>
<li><a href="60fc256c67"><code>60fc256</code></a> build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2660">#2660</a>)</li>
<li><a href="0c67723361"><code>0c67723</code></a> build(deps-dev): bump <code>@âtypes/node</code> from 18.19.5 to 18.19.7 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2661">#2661</a>)</li>
<li><a href="4e288e851b"><code>4e288e8</code></a> build(deps-dev): bump prettier from 3.1.1 to 3.2.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2659">#2659</a>)</li>
<li>Additional commits viewable in <a href="153407881e...b1ddad2c99">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>v3.1.6</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6">https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ab904c41d6"><code>ab904c4</code></a> chore(release): bump to 3.1.6</li>
<li><a href="a8c374ae46"><code>a8c374a</code></a> Revert "action.yml: Update to Node.js 20 (<a href="https://redirect.github.com/codecov/codecov-action/issues/1228">#1228</a>)"</li>
<li>See full diff in <a href="4fe8c5f003...ab904c41d6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7bf0a3ed3"><code>b7bf0a3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2099">#2099</a> from github/update-v3.23.2-61bf02577</li>
<li><a href="33e354b34b"><code>33e354b</code></a> Changelog: Add missing PR link</li>
<li><a href="f4cfe8904c"><code>f4cfe89</code></a> Update changelog for v3.23.2</li>
<li><a href="61bf02577c"><code>61bf025</code></a> Send overall job status in init-post status report (<a href="https://redirect.github.com/github/codeql-action/issues/2097">#2097</a>)</li>
<li><a href="16150320c5"><code>1615032</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2096">#2096</a> from github/update-bundle/codeql-bundle-v2.16.1</li>
<li><a href="bd67d8d6b2"><code>bd67d8d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2098">#2098</a> from github/henrymercer/update-internal-queries</li>
<li><a href="a2619f68c8"><code>a2619f6</code></a> Internal queries: Replace deprecated predicates</li>
<li><a href="666e2f9edf"><code>666e2f9</code></a> Internal queries: Replace deprecated predicates</li>
<li><a href="d43ae36a63"><code>d43ae36</code></a> Add changelog note</li>
<li><a href="75af1f5948"><code>75af1f5</code></a> Update default bundle to codeql-bundle-v2.16.1</li>
<li>Additional commits viewable in <a href="0b21cf2492...b7bf0a3ed3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>v3.1.5</h2>
<h2>What's Changed</h2>
<ul>
<li>action.yml: Update to Node.js 20 by <a href="https://github.com/hallabro"><code>@âhallabro</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hallabro"><code>@âhallabro</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/1228">codecov/codecov-action#1228</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5">https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4fe8c5f003"><code>4fe8c5f</code></a> chore(release): bump to 3.1.5</li>
<li><a href="9140fdcf54"><code>9140fdc</code></a> action.yml: Update to Node.js 20 (<a href="https://redirect.github.com/codecov/codecov-action/issues/1228">#1228</a>)</li>
<li>See full diff in <a href="eaaf4bedf3...4fe8c5f003">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This should finally (with high confidence) fix https://github.com/flutter/flutter/issues/141980, the mysterious error where git push sometimes fail.
**Root cause**:
When a pull request merges onto flutter's master branch, it is actually a merge from a branch on a flutter contributor's repository, to flutter's repository. Therefore, the [actor](https://stackoverflow.com/questions/58737785/github-actions-empty-env-secrets) of the pull request event, is the user that opened the pull request. And this actor would not have write access to repo and therefore the repo secret resolves to empty.
Therefore [running your pull_request workflow when a pull request merges](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges) doesn't work because even though we are not running our workflows on a forked repository, the **actor** of the pull_request event comes from a forked repository, and secrets are not passed to this actor.
The correct way is using [pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event instead of pull_request event. In workflows triggered by this event, GITHUB_TOKEN is granted read/write repository permission unless the permissions key is specified and the workflow **can** access secrets, even when the actor of the workflow trigger comes from a fork.
Note that workflows of this event runs in the context of the base commit and not the merge commit. But this doesn't matter for our use case since we are good with using the actions file from the base commit in the pull request event.
**Tested**:
I was finally able to reproduce the error by:
1. create a pull request under the username of different user other than the repository owner
2. merge and label the pull request, and use the token of this different user, but use it as repository secrets in the workflow
[reproduced error](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7619699924/job/20753210562)
previously I wasn't able to reproduce this error on my personal repo because the actors in my tests are the same user.
Also tested on my personal repo, following the steps mentioned above, that using the pull_request_event type fixes the error. [succeeded run](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7630017020/job/20784762242)
**The Debug Process**:
spent quite a while looking at other things during debugging, but they turned out to be unrelated. things that we experimented with are workflow conditions, ssh setup, git push url, manual trigger, workflow env, secret setup, dependency on market place actions (actions/checkout and peter-evans/create-pullrequest)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Reorganize upload code in prep for merge logic & add more tests by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/504">actions/upload-artifact#504</a></li>
<li>Add sub-action to merge artifacts by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/505">actions/upload-artifact#505</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.3.0">https://github.com/actions/upload-artifact/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="26f96dfa69"><code>26f96df</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/505">#505</a> from actions/robherley/merge-artifacts</li>
<li><a href="530ed2c9b8"><code>530ed2c</code></a> use correct artifact name in test</li>
<li><a href="53ef6987b3"><code>53ef698</code></a> add additional integration test for merge all behavior</li>
<li><a href="90b0f8eed8"><code>90b0f8e</code></a> add workflow to test merging</li>
<li><a href="199a58f54f"><code>199a58f</code></a> more docs</li>
<li><a href="3f353f9d9e"><code>3f353f9</code></a> ncc</li>
<li><a href="997fffa355"><code>997fffa</code></a> add merge artifact sub-action</li>
<li><a href="52899c8c02"><code>52899c8</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/504">#504</a> from actions/robherley/reorganize</li>
<li><a href="da58a3f7b2"><code>da58a3f</code></a> ncc</li>
<li><a href="1f64adb853"><code>1f64adb</code></a> fix import</li>
<li>Additional commits viewable in <a href="694cdabd8b...26f96dfa69">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ability to overwrite an Artifact by <a href="https://github.com/robherley"><code>@ârobherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/501">actions/upload-artifact#501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.2.0">https://github.com/actions/upload-artifact/compare/v4...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="694cdabd8b"><code>694cdab</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/501">#501</a> from actions/robherley/overwrite-artifact</li>
<li><a href="05d4fe6702"><code>05d4fe6</code></a> run licensed against version that matches ci</li>
<li><a href="40b3052821"><code>40b3052</code></a> update readme</li>
<li><a href="49552fcb82"><code>49552fc</code></a> add overwrite tests to workflow</li>
<li><a href="79615904cc"><code>7961590</code></a> licensed cache</li>
<li><a href="11ff42c7b1"><code>11ff42c</code></a> add new overwrite input & docs</li>
<li>See full diff in <a href="1eb3cb2b3e...694cdabd8b">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* `flutter_web_plugins` didn't have a label that would make PRs show up for team triage, now they are assigned to the web team so they don't fall through the cracks
* `flutter_goldens_client` doesn't exist anymore, deleted
* `integration_test` PRs should be treated like `flutter_test` or `flutter_driver` PRs and get the `a: tests` label.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0b21cf2492"><code>0b21cf2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2089">#2089</a> from github/update-v3.23.1-f65ecd09c</li>
<li><a href="ae616145ed"><code>ae61614</code></a> Update changelog for v3.23.1</li>
<li><a href="f65ecd09c7"><code>f65ecd0</code></a> Only delete SARIF in PR check if not running on a fork (<a href="https://redirect.github.com/github/codeql-action/issues/2084">#2084</a>)</li>
<li><a href="4d75a10efa"><code>4d75a10</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2073">#2073</a> from github/update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="e65c5d92f7"><code>e65c5d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2086">#2086</a> from github/dependabot/npm_and_yarn/npm-c0441c84d9</li>
<li><a href="6b12e3d9d9"><code>6b12e3d</code></a> Update checked-in dependencies</li>
<li><a href="e292db6207"><code>e292db6</code></a> Bump the npm group with 4 updates</li>
<li><a href="1fea7a57e7"><code>1fea7a5</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.0</li>
<li><a href="96531062ba"><code>9653106</code></a> Stop setting <code>CODEQL_RUNNER</code> environment variable if CLI already sets it (<a href="https://redirect.github.com/github/codeql-action/issues/2081">#2081</a>)</li>
<li><a href="eb14aeb61d"><code>eb14aeb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2080">#2080</a> from github/henrymercer/fix-unconditional-warning</li>
<li>Additional commits viewable in <a href="e5f05b81d5...0b21cf2492">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
I continued [my mission](https://github.com/flutter/flutter/pull/141431) to find as many typos as I could. This time it's a smaller set than before.
There is no need for issues since it's a typo fix.
We recently added `open` to this as part of changing all the templates, but the lock file is often quite large, and is often ancillary to the important issues details (unlike cases like code or screenshots), so it's better to leave this one collapsed by default.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.23.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
<h2>3.22.12 - 22 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.5. <a href="https://redirect.github.com/github/codeql-action/pull/2047">#2047</a></li>
</ul>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e5f05b81d5"><code>e5f05b8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2066">#2066</a> from github/update-v3.23.0-fd55bb0b0</li>
<li><a href="48e7b8b751"><code>48e7b8b</code></a> Update changelog for v3.23.0</li>
<li><a href="fd55bb0b00"><code>fd55bb0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2065">#2065</a> from github/henrymercer/further-run-queries-cleanup</li>
<li><a href="838a022982"><code>838a022</code></a> Clean up running queries workflow now that the queries are determined by the CLI</li>
<li><a href="8516954d60"><code>8516954</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2062">#2062</a> from github/henrymercer/remove-action-config-parsing</li>
<li><a href="a533ec62b3"><code>a533ec6</code></a> Merge branch 'main' into henrymercer/remove-action-config-parsing</li>
<li><a href="08ae9bf4d0"><code>08ae9bf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2063">#2063</a> from github/henrymercer/remove-ml-powered-queries-repo</li>
<li><a href="58ff74adc3"><code>58ff74a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2031">#2031</a> from github/rasmuswl/no-dep-inst-default</li>
<li><a href="9926570d4c"><code>9926570</code></a> Generate JS</li>
<li><a href="2e27b3c56b"><code>2e27b3c</code></a> Create helper <code>isPythonDependencyInstallationDisabled</code></li>
<li>Additional commits viewable in <a href="b374143c11...e5f05b81d5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Add a workflow that simply:
1. checkout repo
2. write a file
3. create a PR
This is used to verify the permissions and validity of the github token we use to create PR.
context: https://chat.google.com/room/AAAAc_4rqiI/Ck593Sg7mvs
If we think the triggering condition is complicated, I can also change this workflow to be manual dispatch, to make it truly minimal.
sir @godofredoc pointed out that we should use a real user to create PRs with, and we already have one account with such credentials -- the mirror bot.
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<p>The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.</p>
<p>For more information, see the <a href="https://github.com/actions/toolkit/tree/main/packages/artifact"><code>@âactions/artifact</code></a> documentation.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vmjoseph"><code>@âvmjoseph</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/464">actions/upload-artifact#464</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v3...v4.0.0">https://github.com/actions/upload-artifact/compare/v3...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c7d193f32e"><code>c7d193f</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/466">#466</a> from actions/v4-beta</li>
<li><a href="13131bb095"><code>13131bb</code></a> licensed cache</li>
<li><a href="4a6c273b98"><code>4a6c273</code></a> Merge branch 'main' into v4-beta</li>
<li><a href="f391bb91a3"><code>f391bb9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/465">#465</a> from actions/robherley/v4-documentation</li>
<li><a href="9653d03c4b"><code>9653d03</code></a> Apply suggestions from code review</li>
<li><a href="875b630764"><code>875b630</code></a> add limitations section</li>
<li><a href="ecb21463e9"><code>ecb2146</code></a> add compression example</li>
<li><a href="5e7604f84a"><code>5e7604f</code></a> trim some repeated info</li>
<li><a href="d6437d0758"><code>d6437d0</code></a> naming</li>
<li><a href="1b56155703"><code>1b56155</code></a> s/v4-beta/v4/g</li>
<li>Additional commits viewable in <a href="a8a3f3ad30...c7d193f32e">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.22.11 - 13 Dec 2023</h2>
<ul>
<li>[v3+ only] The CodeQL Action now runs on Node.js v20. <a href="https://redirect.github.com/github/codeql-action/pull/2006">#2006</a></li>
</ul>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b374143c11"><code>b374143</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2034">#2034</a> from github/update-v3.22.11-64e61baea</li>
<li><a href="e2b5cc75ce"><code>e2b5cc7</code></a> Update changelog for v3.22.11</li>
<li><a href="64e61baeac"><code>64e61ba</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2006">#2006</a> from github/nickfyson/node-20</li>
<li><a href="c757f9f6de"><code>c757f9f</code></a> Apply suggestions from code review</li>
<li><a href="7898bc2041"><code>7898bc2</code></a> add pr check for node version consistency</li>
<li><a href="6b5b958063"><code>6b5b958</code></a> remove dedundant single quotes from node version strings</li>
<li><a href="ea1e72c669"><code>ea1e72c</code></a> Update .github/workflows/pr-checks.yml</li>
<li><a href="b974542e9f"><code>b974542</code></a> Merge branch 'main' into nickfyson/node-20</li>
<li><a href="b995212303"><code>b995212</code></a> Bump the actions group with 2 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2024">#2024</a>)</li>
<li><a href="3c1878d8f9"><code>3c1878d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2029">#2029</a> from github/mergeback/v2.22.10-to-main-305f6546</li>
<li>Additional commits viewable in <a href="305f654631...b374143c11">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.10 - 12 Dec 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.4. <a href="https://redirect.github.com/github/codeql-action/pull/2016">#2016</a></li>
</ul>
<h2>2.22.9 - 07 Dec 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.8 - 23 Nov 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.3. <a href="https://redirect.github.com/github/codeql-action/pull/2001">#2001</a></li>
</ul>
<h2>2.22.7 - 16 Nov 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/1993">#1993</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.22.7</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>2.22.6 - 14 Nov 2023</h2>
<ul>
<li>Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a <a href="https://github.com/actions/setup-python"><code>setup-python</code></a> step to your code scanning workflow before the step that invokes <code>github/codeql-action/init</code>.</li>
<li>Update default CodeQL bundle version to 2.15.2. <a href="https://redirect.github.com/github/codeql-action/pull/1978">#1978</a></li>
</ul>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="305f654631"><code>305f654</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2028">#2028</a> from github/update-v2.22.10-fe23b5a3e</li>
<li><a href="31e94d8cb1"><code>31e94d8</code></a> Update changelog for v2.22.10</li>
<li><a href="fe23b5a3e1"><code>fe23b5a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2016">#2016</a> from github/update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="183559cea8"><code>183559c</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4</li>
<li><a href="382a50a028"><code>382a50a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2021">#2021</a> from github/mergeback/v2.22.9-to-main-c0d1daa7</li>
<li><a href="458b4226ad"><code>458b422</code></a> Update checked-in dependencies</li>
<li><a href="5e0f9dbc48"><code>5e0f9db</code></a> Update changelog and version after v2.22.9</li>
<li><a href="b6dc4ba94b"><code>b6dc4ba</code></a> Add changelog note</li>
<li><a href="1c3b8c867b"><code>1c3b8c8</code></a> Update default bundle to codeql-bundle-v2.15.4</li>
<li>See full diff in <a href="c0d1daa7f7...305f654631">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
dependabot[bot]