ci(deps): bump github/codeql-action/init from 3.35.5 to 4.36.2#259
ci(deps): bump github/codeql-action/init from 3.35.5 to 4.36.2#259dependabot[bot] wants to merge 1 commit into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 12481eb332
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3 | ||
| uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 |
There was a problem hiding this comment.
Update all CodeQL steps to v4 together
In this workflow, init now runs the v4.36.2 SHA while the analyze step below still uses the v3.35.5 SHA. The CodeQL Action changelog says mixing different CodeQL Action versions in one workflow is unsupported, and v3.30.4+ throws an error when a later step loads configuration generated by a different init version, so the push/PR/scheduled CodeQL job will reach analyze with a mismatched init config and fail instead of uploading results. Please bump github/codeql-action/analyze to the matching v4 SHA in the same change.
Useful? React with 👍 / 👎.
Automated Dependabot review — ❌ STOP at CI (fail-fast)Change: Step 1 — Code review
Step 2/3 — Regression & CICI is failing. The The v3 DecisionPer the fail-fast policy, processing stops here — not merged. Root cause & recommendation: Dependabot split the Generated by Claude Code |
Automated Dependabot review —
|
Automated Dependabot review — ❌ blocked at CI (fail-fast)Step 1 — Code review
Step 2/3 — Regression / CI: ❌ FAILED. The Root cause: Dependabot split the codeql-action major bump into two separate PRs — this one ( Decision: Per fail-fast, this PR is not merged. Neither #259 nor #261 can pass CI in isolation, and merging either alone would break CodeQL on Suggested resolution (needs a maintainer decision): land both bumps atomically — e.g. bump both Generated by Claude Code |
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 3.35.5 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@458d36d...8aad20d) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
12481eb to
5bc81bf
Compare
Bumps github/codeql-action/init from 3.35.5 to 4.36.2.
Release notes
Sourced from github/codeql-action/init's releases.
... (truncated)
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-info