GoogleCloudPlatform
deps: Update dependencies for github
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| github/codeql-action | action | minor | v3.29.9 -> v3.31.3 |
| google-github-actions/auth | action | patch | v2.1.12 -> v2.1.13 |
| google-github-actions/get-secretmanager-secrets | action | patch | v2.2.4 -> v2.2.5 |
| ossf/scorecard-action | action | patch | v2.4.2 -> v2.4.3 |
Release Notes
github/codeql-action (github/codeql-action)
v3.31.3
v3.31.2
v3.31.1
v3.31.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222
See the full CHANGELOG.md for more information.
v3.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
See the full CHANGELOG.md for more information.
v3.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.7
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.7 - 06 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.6
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2. #3168
See the full CHANGELOG.md for more information.
v3.30.5
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.5 - 26 Sep 2025
- We fixed a bug that was introduced in
3.30.4withupload-sarifwhich resulted in files without a.sarifextension not getting uploaded. #3160
See the full CHANGELOG.md for more information.
v3.30.4
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.4 - 25 Sep 2025
- We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the
codeql-action/initstep if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of thecodeql-action/initstep. #3099 and #3100 - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
- You can now run the latest CodeQL nightly bundle by passing
tools: nightlyto theinitaction. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130 - Update default CodeQL bundle version to 2.23.1. #3118
See the full CHANGELOG.md for more information.
v3.30.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.3 - 10 Sep 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.2
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.2 - 09 Sep 2025
- Fixed a bug which could cause language autodetection to fail. #3084
- Experimental: The
quality-queriesinput that was added in3.29.2as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a newanalysis-kindsinput, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064
See the full CHANGELOG.md for more information.
v3.30.1
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.1 - 05 Sep 2025
- Update default CodeQL bundle version to 2.23.0. #3077
See the full CHANGELOG.md for more information.
v3.30.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.0 - 01 Sep 2025
- Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054
See the full CHANGELOG.md for more information.
v3.29.11
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.29.11 - 21 Aug 2025
- Update default CodeQL bundle version to 2.22.4. #3044
See the full CHANGELOG.md for more information.
v3.29.10
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.29.10 - 18 Aug 2025
No user facing changes.
See the full CHANGELOG.md for more information.
google-github-actions/auth (google-github-actions/auth)
v2.1.13
What's Changed
- Update deps by @sethvargo in #506
- Release: v2.1.13 by @google-github-actions-bot in #507
Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.12...v2.1.13
google-github-actions/get-secretmanager-secrets (google-github-actions/get-secretmanager-secrets)
v2.2.5
What's Changed
- Update deps by @sethvargo in #322
- Release: v2.2.5 by @google-github-actions-bot in #323
Full Changelog: https://github.com/google-github-actions/get-secretmanager-secrets/compare/v2.2.4...v2.2.5
ossf/scorecard-action (ossf/scorecard-action)
v2.4.3
What's Changed
This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.
Documentation
- docs: clarify
GITHUB_TOKENpermissions needed for private repos by @pankajtaneja5 in #1574 - :book: Fix recommended command to test the image in development by @deivid-rodriguez in #1583
Other
- add missing top-level token permissions to workflows by @timothyklee in #1566
- setup codeowners for requesting reviews by @spencerschrock in #1576
- :seedling: Improve printing options by @deivid-rodriguez in #1584
New Contributors
- @timothyklee made their first contribution in #1566
- @pankajtaneja5 made their first contribution in #1574
- @deivid-rodriguez made their first contribution in #1584
Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
