dependabot[bot] opened a new pull request, #94: URL: https://github.com/apache/doris-opentelemetry-demo/pull/94
Bumps the actions-production-dependencies group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.18.0` | | [fossas/fossa-action](https://github.com/fossas/fossa-action) | `1.5.0` | `1.7.0` | | [gradle/actions](https://github.com/gradle/actions) | `4.3.0` | `4.4.2` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.12` | `3.29.8` | Updates `actions/checkout` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases";>actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226";>actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238";>actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1";>Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0";>https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss";><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971";>actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail";><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977";>actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells";><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043";>actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross";><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044";>actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89";><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194";>actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang";><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224";>actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236";>actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237";>actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss";><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971";>actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail";><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977";>actions/checkout#1977</a></li> <li><a href="https://github.com/benwells";><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043";>actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89";><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194";>actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236";>actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0";>https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941";>actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946";>actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2";>https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy";><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924";>actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass";><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919";>actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1";>https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8";><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238";>#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917";><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226";>#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5";>compare view</a></li> </ul> </details> <br /> Updates `docker/build-push-action` from 6.15.0 to 6.18.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases";>docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.18.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1 in <a href="https://redirect.github.com/docker/build-push-action/pull/1381";>docker/build-push-action#1381</a></li> </ul> <blockquote> <p>[!NOTE] <a href="https://docs.docker.com/build/ci/github-actions/build-summary/";>Build summary</a> is now supported with <a href="https://docs.docker.com/build-cloud/";>Docker Build Cloud</a>.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0";>https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0</a></p> <h2>v6.17.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.59.0 to 0.61.0 by <a href="https://github.com/crazy-max";><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1364";>docker/build-push-action#1364</a></li> </ul> <blockquote> <p>[!NOTE] Build record is now exported using the <a href="https://docs.docker.com/reference/cli/docker/buildx/history/export/";><code>buildx history export</code></a> command instead of the legacy export-build tool.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0";>https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0</a></p> <h2>v6.16.0</h2> <ul> <li>Handle no default attestations env var by <a href="https://github.com/crazy-max";><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1343";>docker/build-push-action#1343</a></li> <li>Only print secret keys in build summary output by <a href="https://github.com/crazy-max";><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1353";>docker/build-push-action#1353</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1352";>docker/build-push-action#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0";>https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/263435318d21b8e681c14492fe198d362a7d2c83";><code>2634353</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1381";>#1381</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/c0432d2e016ab17a336cee48256683e74d5c4c9e";><code>c0432d2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/0bb1f27d6b9fc90993f41febd9b53ee89397d3f8";><code>0bb1f27</code></a> set builder driver and endpoint attributes for dbc summary support</li> <li><a href="https://github.com/docker/build-push-action/commit/5f9dbf956c8481ecf630d0e53941d9d3afaa53bb";><code>5f9dbf9</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1</li> <li><a href="https://github.com/docker/build-push-action/commit/0788c444d8b4d67580213712e34a148cae3a6c4e";><code>0788c44</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1375";>#1375</a> from crazy-max/remove-gcr</li> <li><a href="https://github.com/docker/build-push-action/commit/aa179ca4f405fed7a76dad90a23bd02d6f2a8d2d";><code>aa179ca</code></a> e2e: remove GCR</li> <li><a href="https://github.com/docker/build-push-action/commit/1dc73863535b631f98b2378be8619f83b136f4a0";><code>1dc7386</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1364";>#1364</a> from crazy-max/history-export-cmd</li> <li><a href="https://github.com/docker/build-push-action/commit/9c9803f36437c54a2bf7b2c9a4a9011c2a812d71";><code>9c9803f</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/db1f6c46e8d64f89ec10010e409681bcf7951c05";><code>db1f6c4</code></a> DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export</li> <li><a href="https://github.com/docker/build-push-action/commit/721e8c79de660781840d3a69a11e39e1e836ef8e";><code>721e8c7</code></a> Bump <code>@docker/actions-toolkit</code> from 0.59.0 to 0.61.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.18.0";>compare view</a></li> </ul> </details> <br /> Updates `fossas/fossa-action` from 1.5.0 to 1.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fossas/fossa-action/releases";>fossas/fossa-action's releases</a>.</em></p> <blockquote> <h2>v1.7.0</h2> <h2>What's Changed</h2> <ul> <li>Adds an optional working directory option to change where FOSSA analyzes.</li> </ul> <h2>v1.6.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade node to v20 by <a href="https://github.com/jssblck";><code>@jssblck</code></a> in <a href="https://redirect.github.com/fossas/fossa-action/pull/60";>fossas/fossa-action#60</a></li> <li>Update dependencies, enable auto dependabot by <a href="https://github.com/jssblck";><code>@jssblck</code></a> in <a href="https://redirect.github.com/fossas/fossa-action/pull/61";>fossas/fossa-action#61</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fossas/fossa-action/compare/v1.5.0...v1.6.0";>https://github.com/fossas/fossa-action/compare/v1.5.0...v1.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fossas/fossa-action/commit/3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac";><code>3ebcea1</code></a> Working directory (<a href="https://redirect.github.com/fossas/fossa-action/issues/115";>#115</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/80c50d8140221c46f82e9937d71b9c1e5af9c149";><code>80c50d8</code></a> Bump <code>@typescript-eslint/parser</code> from 8.31.1 to 8.32.1 (<a href="https://redirect.github.com/fossas/fossa-action/issues/112";>#112</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/267a0dade8406d1b15019b0790eb23554c05db7f";><code>267a0da</code></a> Bump <code>@types/node</code> from 22.15.16 to 22.15.18 (<a href="https://redirect.github.com/fossas/fossa-action/issues/114";>#114</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/7e171c764c0b32e3407c48ed546d11b11d800d06";><code>7e171c7</code></a> Bump eslint-plugin-n from 17.17.0 to 17.18.0 (<a href="https://redirect.github.com/fossas/fossa-action/issues/111";>#111</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/d143aecb842d7540f5797f8653fa697eccf44622";><code>d143aec</code></a> Bump globals from 16.0.0 to 16.1.0 (<a href="https://redirect.github.com/fossas/fossa-action/issues/109";>#109</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/4b26d275899cdd8641f18b69b706de43129d60d4";><code>4b26d27</code></a> Bump <code>@types/node</code> from 22.15.14 to 22.15.16 (<a href="https://redirect.github.com/fossas/fossa-action/issues/108";>#108</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/2e0e33f64bcab969b6ab07bbed10d1c1e2e4dbc4";><code>2e0e33f</code></a> Bump <code>@eslint/compat</code> from 1.2.8 to 1.2.9 (<a href="https://redirect.github.com/fossas/fossa-action/issues/100";>#100</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/9c50c101ab98a7efe7a0f80574f3994fa70daa4f";><code>9c50c10</code></a> Bump <code>@types/node</code> from 22.15.3 to 22.15.14 (<a href="https://redirect.github.com/fossas/fossa-action/issues/107";>#107</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/1e44083f42f930649bcb6943629bdb0d794e748b";><code>1e44083</code></a> Bump <code>@typescript-eslint/eslint-plugin</code> from 8.31.1 to 8.32.0 (<a href="https://redirect.github.com/fossas/fossa-action/issues/104";>#104</a>)</li> <li><a href="https://github.com/fossas/fossa-action/commit/4c5a7ae3c98b3f7ba4c9d06d1ab25bc9d4daa196";><code>4c5a7ae</code></a> Bump eslint from 9.25.1 to 9.26.0 (<a href="https://redirect.github.com/fossas/fossa-action/issues/101";>#101</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fossas/fossa-action/compare/93a52ecf7c3ac7eb40f5de77fd69b1a19524de94...3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac";>compare view</a></li> </ul> </details> <br /> Updates `gradle/actions` from 4.3.0 to 4.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases";>gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.2</h2> <p>This patch release updates a bunch of dependency versions</p> <h2>What's Changed</h2> <ul> <li>Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/703";>gradle/actions#703</a>)</li> <li>Bumps the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/pull/702";>gradle/actions#702</a>)</li> <li>Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/pull/704";>gradle/actions#704</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/701";>gradle/actions#701</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/695";>gradle/actions#695</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/696";>gradle/actions#696</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/697";>gradle/actions#697</a>)</li> <li>Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/693";>gradle/actions#693</a>)</li> <li>Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/691";>gradle/actions#691</a>)</li> <li>Bump the npm-dependencies group in /sources with 5 updates (<a href="https://redirect.github.com/gradle/actions/pull/692";>gradle/actions#692</a>)</li> <li>Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (<a href="https://redirect.github.com/gradle/actions/pull/685";>gradle/actions#685</a>)</li> <li>Bump the npm-dependencies group across 1 directory with 8 updates (<a href="https://redirect.github.com/gradle/actions/pull/684";>gradle/actions#684</a>)</li> <li>Run Gradle release candidate tests with JDK 17 (<a href="https://redirect.github.com/gradle/actions/pull/690";>gradle/actions#690</a>)</li> <li>Update Develocity npm agent to version 1.0.1 (<a href="https://redirect.github.com/gradle/actions/pull/687";>gradle/actions#687</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/688";>gradle/actions#688</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (<a href="https://redirect.github.com/gradle/actions/pull/683";>gradle/actions#683</a></li> <li>Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/gradle/actions/pull/675";>gradle/actions#675</a>)</li> <li>Bump the gradle group across 3 directories with 2 updates (<a href="https://redirect.github.com/gradle/actions/pull/674";>gradle/actions#674</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (<a href="https://redirect.github.com/gradle/actions/pull/679";>gradle/actions#679</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/682";>gradle/actions#682</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/681";>gradle/actions#681</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/680";>gradle/actions#680</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/676";>gradle/actions#676</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.1...v4.4.2";>https://github.com/gradle/actions/compare/v4.4.1...v4.4.2</a></p> <h2>v4.4.1</h2> <p>This patch release fixes a bug in Develocity Injection with a custom plugin repository. The <code>gradle-plugin-repository-*</code> action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.</p> <p>This issue has been fixed by setting the correct environment variables:</p> <ul> <li><code>gradle-plugin-repository-url</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL</code></li> <li><code>gradle-plugin-repository-username</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME</code></li> <li><code>gradle-plugin-repository-password</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD</code></li> </ul> <p>Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.</p> <h2>What's Changed</h2> <ul> <li>Dependency updates by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/667";>gradle/actions#667</a></li> <li>Fix plugin repository env vars by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/669";>gradle/actions#669</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.0...v4.4.1";>https://github.com/gradle/actions/compare/v4.4.0...v4.4.1</a></p> <h2>v4.4.0</h2> <p>This release updates 2 downstream components:</p> <ul> <li>Develocity injection has been updated to <a href="https://github.com/gradle/develocity-ci-injection/releases/tag/v2.0";>v2.0</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/017a9effdb900e5b5b2fddfb590a105619dca3c3";><code>017a9ef</code></a> Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group a...</li> <li><a href="https://github.com/gradle/actions/commit/d5397cf4c822cff29ba7b79b2c9ed29917bbe84a";><code>d5397cf</code></a> Merge branch 'main' into dependabot/github_actions/github-actions-12d2e1d0cf</li> <li><a href="https://github.com/gradle/actions/commit/559dfbd266963f24dd17a76f3ce0f009a6c020ef";><code>559dfbd</code></a> Bump the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/issues/702";>#702</a>)</li> <li><a href="https://github.com/gradle/actions/commit/075ee283cc5fba335ac5184eb48b40672919612a";><code>075ee28</code></a> Merge branch 'main' into dependabot/npm_and_yarn/sources/npm-dependencies-fda...</li> <li><a href="https://github.com/gradle/actions/commit/c3e68c5c72468b5662b0e325d727b1c1e6a14c16";><code>c3e68c5</code></a> Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/issues/704";>#704</a>)</li> <li><a href="https://github.com/gradle/actions/commit/d7e674f97b03ec86a7d6f688bd66c45269b35bf1";><code>d7e674f</code></a> Fix init script tests dependencies</li> <li><a href="https://github.com/gradle/actions/commit/3e6512898620556ad8848c4073e8279051eaf7db";><code>3e65128</code></a> Upgrade init script tests to Gradle 9</li> <li><a href="https://github.com/gradle/actions/commit/896b9fa30994e16abfabdffea39f9bbffa8ade46";><code>896b9fa</code></a> Run tests on Gradle release candidate and current with JDK 17 as required sin...</li> <li><a href="https://github.com/gradle/actions/commit/431b3e39ba5839847f90c3917165b1f0b5b2d0fa";><code>431b3e3</code></a> Bump github/codeql-action in the github-actions group across 1 directory</li> <li><a href="https://github.com/gradle/actions/commit/44c3664945acba910b91b10f41602a5caceb57df";><code>44c3664</code></a> Bump the npm-dependencies group in /sources with 4 updates</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/v4.3.0...v4.4.2";>compare view</a></li> </ul> </details> <br /> Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.2</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.0";>v5.2.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.1";>v5.2.1</a> release notes.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2";>https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde";><code>05b42c6</code></a> :seedling: bump docker to ghcr v2.4.2 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1548";>#1548</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011";><code>b225da6</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1550";>#1550</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe";><code>9399f6f</code></a> :seedling: Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1";>#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae";><code>e1daa8c</code></a> :seedling: Bump the github-actions group across 1 directory with 5 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402";><code>9fe6511</code></a> :seedling: Bump golang.org/x/net from 0.39.0 to 0.40.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1542";>#1542</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129";><code>25b9cd9</code></a> :seedling: Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1547";>#1547</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42";><code>18cc9b8</code></a> :seedling: Bump golang.org/x/net from 0.38.0 to 0.39.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1536";>#1536</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e";><code>db78142</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1538";>#1538</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f";><code>de386ed</code></a> :seedling: Bump golang from 1.24.1 to 1.24.2 in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1534";>#1534</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00";><code>5b7cedb</code></a> :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1537";>#1537</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde";>compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3.28.12 to 3.29.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases";>github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015";>#3015</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.29.7</h2> <p>This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.</p> <h2>v3.29.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999";>#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000";>#3000</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.6/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.29.5</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986";>#2986</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.5/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.29.4</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.4/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.29.3</h2> <h1>CodeQL Action Changelog</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015";>#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999";>#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000";>#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986";>#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935";>#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938";>#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950";>#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925";>#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912";>#2912</a></li> </ul> <h2>3.28.21 - 28 July 2025</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/76621b61decf072c1cee8dd1ce2d2a82d33c17ed";><code>76621b6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3019";>#3019</a> from github/update-v3.29.8-679a40d33</li> <li><a href="https://github.com/github/codeql-action/commit/29ac3cefbb645d41622f6f9baa1415e06d73cf06";><code>29ac3ce</code></a> Add release notes for 3.29.7</li> <li><a href="https://github.com/github/codeql-action/commit/737cfdebe687c6e720fb99761f23d89751c3b93a";><code>737cfde</code></a> Update changelog for v3.29.8</li> <li><a href="https://github.com/github/codeql-action/commit/679a40d337fedd9b7318253dd72bfe7dc6d1886c";><code>679a40d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3014";>#3014</a> from github/henrymercer/rebuild-dispatch</li> <li><a href="https://github.com/github/codeql-action/commit/6fe50b283a3d2e5533299f72d99216cd8815500f";><code>6fe50b2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3015";>#3015</a> from github/henrymercer/language-autodetection-worka...</li> <li><a href="https://github.com/github/codeql-action/commit/6bc91d64f66d435200c8ba85c64878c3cbfad33b";><code>6bc91d6</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/6b4fedca4f3428195d7ba1ca7c7404f9ea472911";><code>6b4fedc</code></a> Bump Action patch version</li> <li><a href="https://github.com/github/codeql-action/commit/5794ffcb4ab0e87e4b8a8446ef048488303db295";><code>5794ffc</code></a> Fix auto-detection of extractors that aren't languages</li> <li><a href="https://github.com/github/codeql-action/commit/bd62bf449cd8695f818546752cc8157693e1716c";><code>bd62bf4</code></a> Finish in-progress merges</li> <li><a href="https://github.com/github/codeql-action/commit/2afb4e6f3c84ec0534284f2b47ae8206dcb401bf";><code>2afb4e6</code></a> Avoid specifying branch unnecessarily</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/5f8171a638ada777af81d42b55959a643bb29017...76621b61decf072c1cee8dd1ce2d2a82d33c17ed";>compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
