This puts the wiki pages owned by the Tool team into the docs/tool directory as planned in [flutter.dev/go/migrate-flutter-wiki-spreadsheet](https://docs.google.com/spreadsheets/d/1x65189ZBdNiLRygpUYoU08pwvXD4M-Z157c6pm8deGI/edit?usp=sharing)
It also adds the tool team labels to the label bot for future PRs.
Changes to the content were only updating cross links, or link to refer to the main branch rather than master.
Remaining links to the wiki will be updated once all other pages have finished moving, they still work in the meantime.
Part of https://github.com/flutter/flutter/issues/145009
This moves the wiki pages that have a final destination under docs/postmortems/ as planned in [flutter.dev/go/migrate-flutter-wiki-spreadsheet](https://docs.google.com/spreadsheets/d/1x65189ZBdNiLRygpUYoU08pwvXD4M-Z157c6pm8deGI/edit?usp=sharing)
It also adds the team labels to the label bot for future PRs.
Changes to the content were only updating cross links, or links to refer to the main branch rather than master.
Remaining links to the wiki will be updated once all other pages have finished moving, they still work in the meantime.
Part of https://github.com/flutter/flutter/issues/145009
This puts the wiki pages owned by the Android team into the docs/platforms/android directory as planned in [flutter.dev/go/migrate-flutter-wiki-spreadsheet](https://docs.google.com/spreadsheets/d/1x65189ZBdNiLRygpUYoU08pwvXD4M-Z157c6pm8deGI/edit?usp=sharing)
It also adds the android team labels to the label bot for future PRs.
Changes to the content were only updating cross links, or link to refer to the main branch rather than master.
Remaining links to the wiki will be updated once all other pages have finished moving, they still work in the meantime.
Part of https://github.com/flutter/flutter/issues/145009
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a href="https://redirect.github.com/github/codeql-action/pull/2295">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the <a href="https://github.com/github/codeql-action/blob/main/README.md">https://github.com/github/codeql-action/blob/main/README.md</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2273">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code> trigger when the CodeQL Action is triggered via a <code>workflow_call</code> event. <a href="https://redirect.github.com/github/codeql-action/pull/2274">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action has been renamed to <code>tools: linked</code>. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. <a href="https://redirect.github.com/github/codeql-action/pull/2281">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a href="https://redirect.github.com/github/codeql-action/pull/2270">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as <code>macos-12</code>. ARM machines with SIP disabled, including the newest <code>macos-latest</code> image, are unsupported for CLI versions before 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the <code>autobuild</code> <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build mode</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if <code>--overwrite</code> was specified in <code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the filesystem. <a href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="9fdb3e4972"><code>9fdb3e4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2300">#2300</a> from github/update-v3.25.6-63d519c0a</li>
<li><a href="00792ab1e0"><code>00792ab</code></a> Update changelog for v3.25.6</li>
<li><a href="63d519c0ae"><code>63d519c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2295">#2295</a> from github/update-bundle/codeql-bundle-v2.17.3</li>
<li><a href="0d9161ca1c"><code>0d9161c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2293">#2293</a> from github/henrymercer/update-build-mode-autobuild-...</li>
<li><a href="e9e27290e9"><code>e9e2729</code></a> Add changelog note</li>
<li><a href="de1ac31508"><code>de1ac31</code></a> Update default bundle to codeql-bundle-v2.17.3</li>
<li><a href="a57c67b895"><code>a57c67b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2286">#2286</a> from github/koesie10/ghec-dr-db-upload</li>
<li><a href="b7ef64ecb1"><code>b7ef64e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2294">#2294</a> from github/dependabot/npm_and_yarn/npm-d3285d5234</li>
<li><a href="e54dea297a"><code>e54dea2</code></a> Update checked-in dependencies</li>
<li><a href="3b42294f03"><code>3b42294</code></a> Bump the npm group across 1 directory with 4 updates</li>
<li>Additional commits viewable in <a href="b7cec75265...9fdb3e4972">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.3 to 3.25.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the <a href="https://github.com/github/codeql-action/blob/main/README.md">https://github.com/github/codeql-action/blob/main/README.md</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2273">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code> trigger when the CodeQL Action is triggered via a <code>workflow_call</code> event. <a href="https://redirect.github.com/github/codeql-action/pull/2274">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action has been renamed to <code>tools: linked</code>. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. <a href="https://redirect.github.com/github/codeql-action/pull/2281">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a href="https://redirect.github.com/github/codeql-action/pull/2270">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as <code>macos-12</code>. ARM machines with SIP disabled, including the newest <code>macos-latest</code> image, are unsupported for CLI versions before 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the <code>autobuild</code> <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build mode</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if <code>--overwrite</code> was specified in <code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the filesystem. <a href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the <code>file</code> program is not installed on a Linux runner, but is required for Go tracing to succeed. <a href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7cec75265"><code>b7cec75</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2287">#2287</a> from github/update-v3.25.5-4a5197247</li>
<li><a href="6778fe4553"><code>6778fe4</code></a> Update changelog for v3.25.5</li>
<li><a href="4a51972477"><code>4a51972</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2280">#2280</a> from github/henrymercer/on-demand-ffs</li>
<li><a href="a8c32fd278"><code>a8c32fd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2283">#2283</a> from github/henrymercer/disable-fail-fast</li>
<li><a href="f73b0b70eb"><code>f73b0b7</code></a> Disable fail fast for non-generated workflows</li>
<li><a href="c59e05245f"><code>c59e052</code></a> Disable fail fast in generated workflows</li>
<li><a href="33e416c056"><code>33e416c</code></a> Comment that <code>legacyApi</code> is false by default</li>
<li><a href="67f8a36bdb"><code>67f8a36</code></a> Merge branch 'main' into henrymercer/on-demand-ffs</li>
<li><a href="4995c49010"><code>4995c49</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2282">#2282</a> from github/henrymercer/no-build-mode-tracing-improv...</li>
<li><a href="def4d2cd4e"><code>def4d2c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2273">#2273</a> from github/aeisenberg/specify-versions</li>
<li>Additional commits viewable in <a href="d39d31e687...b7cec75265">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.3.1 to 2.3.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dc50aa9510"><code>dc50aa9</code></a>
🌱 Bump docker tag for v2.3.3 release (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1368">#1368</a>)</li>
<li><a
href="8ff5700173"><code>8ff5700</code></a>
🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0....</li>
<li><a
href="8ba5e73d11"><code>8ba5e73</code></a>
update api links to new scorecard.dev site (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1376">#1376</a>)</li>
<li><a
href="92ddde3eaf"><code>92ddde3</code></a>
Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1374">#1374</a>)</li>
<li><a
href="6c55905542"><code>6c55905</code></a>
🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1373">#1373</a>)</li>
<li><a
href="09bb953b6a"><code>09bb953</code></a>
🌱 Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1372">#1372</a>)</li>
<li><a
href="1511e1305b"><code>1511e13</code></a>
🌱 Bump the github-actions group across 1 directory with 6
updates (#...</li>
<li><a
href="df66cd8fd8"><code>df66cd8</code></a>
🌱 Bump the docker-images group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1370">#1370</a>)</li>
<li><a
href="fad9a3cc53"><code>fad9a3c</code></a>
🌱 Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1364">#1364</a>)</li>
<li><a
href="1e01a309c1"><code>1e01a30</code></a>
🌱 Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1365">#1365</a>)</li>
<li>Additional commits viewable in <a
href="0864cf1902...dc50aa9510">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.2 to 3.25.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as <code>macos-12</code>. ARM machines with SIP disabled, including the newest <code>macos-latest</code> image, are unsupported for CLI versions before 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the <code>autobuild</code> <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build mode</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if <code>--overwrite</code> was specified in <code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the filesystem. <a href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the <code>file</code> program is not installed on a Linux runner, but is required for Go tracing to succeed. <a href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace <code>github/codeql-action/*@v3</code> by <code>github/codeql-action/*@v3.24.10</code> and <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.24.10</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d39d31e687"><code>d39d31e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2262">#2262</a> from github/update-v3.25.3-ac2f82a1f</li>
<li><a href="a7278252c7"><code>a727825</code></a> Move changenote to most recent section</li>
<li><a href="1efa8597b1"><code>1efa859</code></a> Update changelog for v3.25.3</li>
<li><a href="ac2f82a1ff"><code>ac2f82a</code></a> Log warning if SIP is disabled and CLI version is < 2.15.1 (<a href="https://redirect.github.com/github/codeql-action/issues/2261">#2261</a>)</li>
<li><a href="0ad7791640"><code>0ad7791</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2247">#2247</a> from github/update-bundle/codeql-bundle-v2.17.1</li>
<li><a href="79d9ee7f07"><code>79d9ee7</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.17.1</li>
<li><a href="dbf2b1706b"><code>dbf2b17</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2255">#2255</a> from github/mergeback/v3.25.2-to-main-8f596b4a</li>
<li><a href="ff6a3c42a5"><code>ff6a3c4</code></a> Update checked-in dependencies</li>
<li><a href="619dc0c4b8"><code>619dc0c</code></a> Update changelog and version after v3.25.2</li>
<li><a href="39e1e6509e"><code>39e1e65</code></a> Add changelog note</li>
<li>Additional commits viewable in <a href="8f596b4ae3...d39d31e687">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.4 to 6.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v6.0.5</h2>
<p>âï¸ Fixes an issue with proxy support for users that run self-hosted behind a proxy.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: update proxy support to follow octokit change to fetch api by <a href="https://github.com/peter-evans"><code>@âpeter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2867">peter-evans/create-pull-request#2867</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v6.0.4...v6.0.5">https://github.com/peter-evans/create-pull-request/compare/v6.0.4...v6.0.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="6d6857d369"><code>6d6857d</code></a> fix: update proxy support to follow octokit change to fetch api (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2867">#2867</a>)</li>
<li>See full diff in <a href="9153d834b6...6d6857d369">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v4.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>updating <code>@actions/artifact</code> dependency to v2.1.6 by <a href="https://github.com/eggyhead"><code>@âeggyhead</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/565">actions/upload-artifact#565</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3">https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="65462800fd"><code>6546280</code></a> updating package version</li>
<li><a href="c004fb4bf6"><code>c004fb4</code></a> Merge branch 'main' into eggyhead/use-artifact-v2.1.6</li>
<li><a href="90aba496fc"><code>90aba49</code></a> updating toolkit artifact dependency to 2.1.6</li>
<li><a href="b06cde36fc"><code>b06cde3</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/563">#563</a> from actions/eggyhead/release-4.3.2</li>
<li>See full diff in <a href="1746f4ab65...65462800fd">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.1 to 3.25.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="8f596b4ae3"><code>8f596b4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2254">#2254</a> from github/update-v3.25.2-4909c1ffb</li>
<li><a href="de8916ec5a"><code>de8916e</code></a> Update changelog for v3.25.2</li>
<li><a href="4909c1ffb9"><code>4909c1f</code></a> Bump the npm group with 3 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2253">#2253</a>)</li>
<li><a href="f45390cde1"><code>f45390c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2252">#2252</a> from github/henrymercer/failed-external-repo-config-...</li>
<li><a href="1be8c488eb"><code>1be8c48</code></a> Add configuration error for failing to clone external Git repo</li>
<li><a href="82edfe29ce"><code>82edfe2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2246">#2246</a> from github/koesie10/remove-incorrect-log</li>
<li><a href="8786e1f9a1"><code>8786e1f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2249">#2249</a> from github/mergeback/v3.25.1-to-main-c7f91257</li>
<li><a href="3c7ac61481"><code>3c7ac61</code></a> Update checked-in dependencies</li>
<li><a href="b5bd9be6da"><code>b5bd9be</code></a> Update changelog and version after v3.25.1</li>
<li><a href="5d73b1bd71"><code>5d73b1b</code></a> Remove incorrect log message</li>
<li>See full diff in <a href="c7f9125735...8f596b4ae3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.0 to 3.25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the <code>autobuild</code> <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build mode</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if <code>--overwrite</code> was specified in <code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the filesystem. <a href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the <code>file</code> program is not installed on a Linux runner, but is required for Go tracing to succeed. <a href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace <code>github/codeql-action/*@v3</code> by <code>github/codeql-action/*@v3.24.10</code> and <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.24.10</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c7f9125735"><code>c7f9125</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2248">#2248</a> from github/update-v3.25.1-c4fb45143</li>
<li><a href="1c7e8b2cf2"><code>1c7e8b2</code></a> Update changelog for v3.25.1</li>
<li><a href="c4fb451437"><code>c4fb451</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2245">#2245</a> from github/henrymercer/ignore-already-specified-flags</li>
<li><a href="556b3bcfae"><code>556b3bc</code></a> Add changelog note</li>
<li><a href="ef66aeacbf"><code>ef66aea</code></a> Merge branch 'main' into henrymercer/ignore-already-specified-flags</li>
<li><a href="9b87e0a8c4"><code>9b87e0a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2241">#2241</a> from github/nickfyson/speculative-script-fix</li>
<li><a href="18111b696b"><code>18111b6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2235">#2235</a> from github/henrymercer/autobuild-with-direct-tracing</li>
<li><a href="ade98b980a"><code>ade98b9</code></a> Ensure <code>--overwrite</code> flag is only passed once</li>
<li><a href="8566d50a79"><code>8566d50</code></a> Add regression test for double <code>--overwrite</code></li>
<li><a href="453a95695a"><code>453a956</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2243">#2243</a> from github/dependabot/npm_and_yarn/npm-9b31496ffc</li>
<li>Additional commits viewable in <a href="df5a14dc28...c7f9125735">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.3 to 6.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v6.0.4</h2>
<p>â¡ Improves performance in some cases for very large git repositories.</p>
<h2>What's Changed</h2>
<ul>
<li>perf: limit the fetch depth of pr branch by <a href="https://github.com/peter-evans"><code>@âpeter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/2857">peter-evans/create-pull-request#2857</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v6.0.3...v6.0.4">https://github.com/peter-evans/create-pull-request/compare/v6.0.3...v6.0.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="9153d834b6"><code>9153d83</code></a> perf: limit the fetch depth of pr branch (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/2857">#2857</a>)</li>
<li>See full diff in <a href="c55203cfde...9153d834b6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 3.25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the filesystem. <a href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the <code>file</code> program is not installed on a Linux runner, but is required for Go tracing to succeed. <a href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace <code>github/codeql-action/*@v3</code> by <code>github/codeql-action/*@v3.24.10</code> and <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.24.10</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="df5a14dc28"><code>df5a14d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2238">#2238</a> from github/update-v3.25.0-2b2cee522</li>
<li><a href="3f70eaa4d3"><code>3f70eaa</code></a> Update changelog for v3.25.0</li>
<li><a href="2b2cee5229"><code>2b2cee5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2234">#2234</a> from github/mbg/clearer-file-command-failure</li>
<li><a href="4fcf7a216c"><code>4fcf7a2</code></a> Add changelog entry</li>
<li><a href="d30d1cabb4"><code>d30d1ca</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2237">#2237</a> from github/henrymercer/more-configuration-errors</li>
<li><a href="55585360a3"><code>5558536</code></a> Add configuration error for unsupported build mode</li>
<li><a href="fa75c144b4"><code>fa75c14</code></a> Capture rate limit and ref not existing config errors</li>
<li><a href="5a599c68cf"><code>5a599c6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2236">#2236</a> from github/henrymercer/feature-flags-with-tool-feat...</li>
<li><a href="829376a618"><code>829376a</code></a> Allow feature flags to specify tool feature requirements</li>
<li><a href="efc474680f"><code>efc4746</code></a> Downgrade log levels for some messages to debug</li>
<li>Additional commits viewable in <a href="4355270be1...df5a14dc28">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.24.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. <a href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace <code>github/codeql-action/*@v3</code> by <code>github/codeql-action/*@v3.24.10</code> and <code>github/codeql-action/*@v2</code> by <code>github/codeql-action/*@v2.24.10</code> in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4355270be1"><code>4355270</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2226">#2226</a> from github/update-v3.24.10-7df281f2f</li>
<li><a href="3f041c51a5"><code>3f041c5</code></a> Update changelog for v3.24.10</li>
<li><a href="7df281f2fe"><code>7df281f</code></a> Gracefully continue if <code>createStatusReportBase</code> throws (<a href="https://redirect.github.com/github/codeql-action/issues/2225">#2225</a>)</li>
<li><a href="f421cda8e7"><code>f421cda</code></a> Run integration test PR checks nightly (<a href="https://redirect.github.com/github/codeql-action/issues/2222">#2222</a>)</li>
<li><a href="5f535debfe"><code>5f535de</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2221">#2221</a> from github/nickfyson/upload-logging</li>
<li><a href="278465cdfb"><code>278465c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2219">#2219</a> from github/update-bundle/codeql-bundle-v2.17.0</li>
<li><a href="65e69c8a4b"><code>65e69c8</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.17.0</li>
<li><a href="c037115ddf"><code>c037115</code></a> clarify logging in response to pr review comments</li>
<li><a href="d3c32a84cb"><code>d3c32a8</code></a> fix test to respect updated logging behaviour</li>
<li><a href="26540626a5"><code>2654062</code></a> Merge branch 'main' into nickfyson/upload-logging</li>
<li>Additional commits viewable in <a href="1b1aada464...4355270be1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1b1aada464"><code>1b1aada</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2208">#2208</a> from github/update-v3.24.9-09d4101d2</li>
<li><a href="6505708f95"><code>6505708</code></a> Update changelog for v3.24.9</li>
<li><a href="09d4101d2b"><code>09d4101</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2203">#2203</a> from github/update-bundle/codeql-bundle-v2.16.5</li>
<li><a href="a3ab02e645"><code>a3ab02e</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.16.5</li>
<li><a href="9cf4574790"><code>9cf4574</code></a> Add changelog note</li>
<li><a href="964f5e7811"><code>964f5e7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2207">#2207</a> from github/henrymercer/more-processing-error-catego...</li>
<li><a href="9c0c35b370"><code>9c0c35b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2206">#2206</a> from github/henrymercer/improved-autobuild-error-wit...</li>
<li><a href="c84e4c8e7b"><code>c84e4c8</code></a> Mark some more processing errors as invalid SARIF upload requests</li>
<li><a href="4aca720110"><code>4aca720</code></a> Improve error message when using build modes and autobuild fails</li>
<li><a href="7f375aeb76"><code>7f375ae</code></a> Wrap configuration errors for all CLI commands</li>
<li>Additional commits viewable in <a href="05963f47d8...1b1aada464">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.24.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. <a href="https://redirect.github.com/github/codeql-action/pull/2195">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="05963f47d8"><code>05963f4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2200">#2200</a> from github/update-v3.24.8-1ecc2779e</li>
<li><a href="2b9b521560"><code>2b9b521</code></a> Update changelog for v3.24.8</li>
<li><a href="1ecc2779e9"><code>1ecc277</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2198">#2198</a> from github/henrymercer/improve-tracking-autobuild-e...</li>
<li><a href="e28ae3a84c"><code>e28ae3a</code></a> Add config error for Swift build failures</li>
<li><a href="bddfc7c6d5"><code>bddfc7c</code></a> Add config error for Gradle build failures</li>
<li><a href="3edd1bf725"><code>3edd1bf</code></a> Truncate autobuild errors to 10 lines</li>
<li><a href="88a0b7abb3"><code>88a0b7a</code></a> Mark Maven build failures as configuration errors</li>
<li><a href="88b28eb70d"><code>88b28eb</code></a> Surface autobuild errors from stderr stream</li>
<li><a href="f055b5e672"><code>f055b5e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2197">#2197</a> from github/henrymercer/log-job-status</li>
<li><a href="0d680ab61c"><code>0d680ab</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2196">#2196</a> from github/henrymercer/update-packs-input-description</li>
<li>Additional commits viewable in <a href="3ab4101902...05963f47d8">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a href="https://redirect.github.com/github/codeql-action/pull/2185">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3ab4101902"><code>3ab4101</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2192">#2192</a> from github/update-v3.24.7-5e882999f</li>
<li><a href="a006adfa77"><code>a006adf</code></a> Update changelog for v3.24.7</li>
<li><a href="5e882999f1"><code>5e88299</code></a> Bump the npm group with 2 updates (<a href="https://redirect.github.com/github/codeql-action/issues/2190">#2190</a>)</li>
<li><a href="69e120d747"><code>69e120d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2191">#2191</a> from github/henrymercer/use-include-query-help-flag</li>
<li><a href="5ec06c71f0"><code>5ec06c7</code></a> Use the <code>--sarif-include-query-help</code> option when supported</li>
<li><a href="caf377935a"><code>caf3779</code></a> Update default bundle to 2.16.4 (<a href="https://redirect.github.com/github/codeql-action/issues/2185">#2185</a>)</li>
<li><a href="532ca5486e"><code>532ca54</code></a> Fail <code>analyze</code> step by passing an invalid option to <code>database finalize</code> (<a href="https://redirect.github.com/github/codeql-action/issues/2189">#2189</a>)</li>
<li><a href="2fa207a8b7"><code>2fa207a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2188">#2188</a> from github/henrymercer/prepare-build-mode-help</li>
<li><a href="24c3eda0e3"><code>24c3eda</code></a> Escape named value in input description</li>
<li><a href="27a6cd0a11"><code>27a6cd0</code></a> Remove experimental qualifiers from build mode input</li>
<li>Additional commits viewable in <a href="8a470fddaf...3ab4101902">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Context: @godofredoc pointed out that the fields in the PR template could be simplified and redesigned. Synced with @itsjustkevin and Kevin come up with [changes in this doc](https://docs.google.com/document/d/1Slppqq32toSwwxUyYTX1t6dGUQpyi0xEWxw4niGWspc/edit?resourcekey=0-v6U_9XVsMFSx0Fvx1rANhg&tab=t.0) which would improve the cherry pick template.
Github only supports a limited number of formatting options. This PR uses some workarounds and makes the following changes:
1. use divider to replace text area since Github markdown doesn't support text area
2. remove \<pre\> tags so texts can wrap around
3. use headings over bold
4. use task lists to identify the starting points of user answers
An example cherry pick template would [look like this](https://github.com/flutter/flutter/pull/143785) after the change.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.6 - 29 Feb 2024</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8a470fddaf"><code>8a470fd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2176">#2176</a> from github/update-v3.24.6-158d0780d</li>
<li><a href="d59eafb69b"><code>d59eafb</code></a> Update changelog for v3.24.6</li>
<li><a href="158d0780dc"><code>158d078</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2175">#2175</a> from github/henrymercer/fix-languages-init-success</li>
<li><a href="2307ff547f"><code>2307ff5</code></a> Add <code>languages</code> and <code>build_mode</code> to <code>init</code> <code>success</code> status report</li>
<li><a href="ccd3f02545"><code>ccd3f02</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2173">#2173</a> from github/henrymercer/mark-third-party-limits-erro...</li>
<li><a href="c0917251d4"><code>c091725</code></a> Refactoring: Convert <code>ActionName</code> to enum</li>
<li><a href="e12a8cc5eb"><code>e12a8cc</code></a> Use <code>isFirstPartyAnalysis</code> for a stronger check</li>
<li><a href="888ab31e3e"><code>888ab31</code></a> Mark third-party SARIF limits errors as configuration errors</li>
<li><a href="bd56a05133"><code>bd56a05</code></a> Rename <code>InvalidRequestError</code> to <code>InvalidSarifUploadError</code></li>
<li><a href="7bde9061b4"><code>7bde906</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2172">#2172</a> from github/henrymercer/fix-readme-typos</li>
<li>Additional commits viewable in <a href="47b3d888fe...8a470fddaf">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.4 to 3.24.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.24.5 - 23 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.3. <a href="https://redirect.github.com/github/codeql-action/pull/2156">#2156</a></li>
</ul>
<h2>3.24.4 - 21 Feb 2024</h2>
<ul>
<li>Fix an issue where an existing, but empty, <code>/sys/fs/cgroup/cpuset.cpus</code> file always resulted in a single-threaded run. <a href="https://redirect.github.com/github/codeql-action/pull/2151">#2151</a></li>
</ul>
<h2>3.24.3 - 15 Feb 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action would fail to load a configuration specified by the <code>config</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/2147">#2147</a></li>
</ul>
<h2>3.24.2 - 15 Feb 2024</h2>
<ul>
<li>Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. <a href="https://redirect.github.com/github/codeql-action/pull/2141">#2141</a></li>
</ul>
<h2>3.24.1 - 13 Feb 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.2. <a href="https://redirect.github.com/github/codeql-action/pull/2124">#2124</a></li>
<li>The CodeQL action no longer fails if it can't write to the telemetry api endpoint. <a href="https://redirect.github.com/github/codeql-action/pull/2121">#2121</a></li>
</ul>
<h2>3.24.0 - 02 Feb 2024</h2>
<ul>
<li>CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See <a href="https://github.com/github/codeql-action/blob/main/#3230---08-jan-2024">release notes for 3.23.0</a> for more details. <a href="https://redirect.github.com/github/codeql-action/pull/2106">#2106</a></li>
</ul>
<h2>3.23.2 - 26 Jan 2024</h2>
<ul>
<li>On Linux, the maximum possible value for the <code>--threads</code> option now respects the CPU count as specified in <code>cgroup</code> files to more accurately reflect the number of available cores when running in containers. <a href="https://redirect.github.com/github/codeql-action/pull/2083">#2083</a></li>
<li>Update default CodeQL bundle version to 2.16.1. <a href="https://redirect.github.com/github/codeql-action/pull/2096">#2096</a></li>
</ul>
<h2>3.23.1 - 17 Jan 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.0. <a href="https://redirect.github.com/github/codeql-action/pull/2073">#2073</a></li>
<li>Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. <a href="https://redirect.github.com/github/codeql-action/pull/2079">#2079</a></li>
</ul>
<h2>3.23.0 - 08 Jan 2024</h2>
<ul>
<li>We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false</code> in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/2031">#2031</a></li>
<li>The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see <a href="https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023">the corresponding changelog entry for CodeQL Action version 2.22.7</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2009">#2009</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="47b3d888fe"><code>47b3d88</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2162">#2162</a> from github/update-v3.24.5-a74dcdb05</li>
<li><a href="28c290059f"><code>28c2900</code></a> Update changelog for v3.24.5</li>
<li><a href="a74dcdb056"><code>a74dcdb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2160">#2160</a> from github/henrymercer/deptrace-with-build-mode</li>
<li><a href="aeb89ef79a"><code>aeb89ef</code></a> Enable C++ deptrace when using autobuild build mode</li>
<li><a href="2896599ec9"><code>2896599</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2060">#2060</a> from github/mbg/go/1.22</li>
<li><a href="e3a86ed8b6"><code>e3a86ed</code></a> Add comment justifying why we set <code>cache: false</code></li>
<li><a href="5d55901fc8"><code>5d55901</code></a> Use Go 1.22 in workflows</li>
<li><a href="908a88334d"><code>908a883</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2158">#2158</a> from github/mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="9bce06dffb"><code>9bce06d</code></a> Merge branch 'main' into mergeback/v3.24.4-to-main-e2e140ad</li>
<li><a href="c9f3eed85d"><code>c9f3eed</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="e2e140ad14...47b3d888fe">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Kate Lovett