dependabot[bot] opened a new pull request, #38:
URL: https://github.com/apache/directory-ldap-api/pull/38
Bumps [github/codeql-action](https://github.com/github/codeql-action) from
2.2.12 to 2.3.6.
Changelog
Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's
changelog.
CodeQL Action Changelog
[UNRELEASED]
No user facing changes.
2.3.5 - 25 May 2023
Allow invalid URIs to be used as values to
artifactLocation.uri properties. This reverses a change from https://redirect.github.com/github/codeql-action/pull/1668;>#1668
that inadvertently led to stricter validation of some URI values. https://redirect.github.com/github/codeql-action/pull/1705;>#1705
Gracefully handle invalid URIs when fingerprinting. https://redirect.github.com/github/codeql-action/pull/1694;>#1694
2.3.4 - 24 May 2023
Updated the SARIF 2.1.0 JSON schema file to the latest from https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json;>oasis-tcs/sarif-spec.
https://redirect.github.com/github/codeql-action/pull/1668;>#1668
We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This improves the
speed of analysis while having only a very minor impact on results. https://redirect.github.com/github/codeql-action/pull/1676;>#1676
We are improving the way that https://github.com/github/codeql-action/releases;>CodeQL bundles are
tagged to make it possible to easily identify bundles by their CodeQL semantic
version. https://redirect.github.com/github/codeql-action/pull/1682;>#1682
As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic
versions, for example codeql-bundle-v2.13.4, instead of
timestamps, like codeql-bundle-20230615.
This change does not affect the majority of workflows, and we will not
be changing tags for existing bundle releases.
Some workflows with custom logic that depends on the specific format of
the CodeQL bundle tag may need to be updated. For example, if your workflow
matches CodeQL bundle tag names against a codeql-bundle-mmdd
pattern, you should update it to also recognize
codeql-bundle-vx.y.z tags.
Remove the requirement for on.push and
on.pull_request to trigger on the same branches. https://redirect.github.com/github/codeql-action/pull/1675;>#1675
Update default CodeQL bundle version to 2.13.3. https://redirect.github.com/github/codeql-action/pull/1698;>#1698
2.3.3 - 04 May 2023
Update default CodeQL bundle version to 2.13.1. https://redirect.github.com/github/codeql-action/pull/1664;>#1664
You can now configure CodeQL within your code scanning workflow by
passing a config input to the init Action. See https://aka.ms/code-scanning-docs/config-file;>Using a custom
configuration file for more information about configuring code scanning. https://redirect.github.com/github/codeql-action/pull/1590;>#1590
2.3.2 - 27 Apr 2023
No user facing changes.
2.3.1 - 26 Apr 2023
No user facing changes.
2.3.0 - 21 Apr 2023
Update default CodeQL bundle version to 2.13.0. https://redirect.github.com/github/codeql-action/pull/1649;>#1649
Bump the minimum CodeQL bundle version to 2.8.5. https://redirect.github.com/github/codeql-action/pull/1618;>#1618
2.2.12 - 13 Apr 2023
Include the value of the GITHUB_RUN_ATTEMPT environment
variable in the telemetry sent to GitHub. https://redirect.github.com/github/codeql-action/pull/1640;>#1640
Improve the ease of debugging failed runs configured using https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically;>default
setup. The CodeQL Action will now upload diagnostic information to Code
Scanning from failed runs configured using default setup. You can view this
diagnostic information on the https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page;>tool
status page. https://redirect.github.com/github/codeql-action/pull/1619;>#1619
2.2.11 - 06 Apr 2023
No user facing changes.
2.2.10 - 05 Apr 2023
... (truncated)
Commits
https://github.com/github/codeql-action/commit/83f0fe6c4988d98a455712a27f0255212bba9bd4;>83f0fe6
Merge pull request https://redirect.github.com/github/codeql-action/issues/1713;>#1713
from github/update-v2.3.6-96f284028
https://github.com/github/codeql-action/commit/5c8f4be0e98de2abecc7af538676cf2384a881fc;>5c8f4be
Update changelog for v2.3.6
https://github.com/github/codeql-action/commit/96f284028262d223858647b5680642a84608cc87;>96f2840
Merge pull request https://redirect.github.com/github/codeql-action/issues/1711;>#1711
from
