Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ jobs:
config-file: ./.github/codeql/codeql-config.yml

- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Pin CodeQL init and analyze to the same version

This updates only codeql-action/analyze to the v4.36.2 SHA while the preceding codeql-action/init step remains pinned to the v3 SHA. CodeQL’s changelog says mixing CodeQL Action versions in one workflow is unsupported and that non-init steps now error when they load a config generated by a different init version; since this workflow always runs init before analyze, the analysis step will fail instead of uploading results. Update init to the matching v4 SHA/tag as well, or keep analyze on v3.

Useful? React with 👍 / 👎.

with:
category: "/language:python"
Loading