dependabot[bot] opened a new pull request, #226:
URL: https://github.com/apache/directory-kerby/pull/226
Bumps [github/codeql-action](https://github.com/github/codeql-action) from
2.20.1 to 2.20.3.
Changelog
Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's
changelog.
CodeQL Action Changelog
[UNRELEASED]
This is the last release of the Action that supports CodeQL CLI versions
2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20,
2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the
next release of the CodeQL Action (2.21.0).
If you are using one of these versions, please update to CodeQL CLI
version 2.9.4 or later. For instance, if you have specified a custom version of
the CLI using the 'tools' input to the 'init' Action, you can remove this input
to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI
between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/https://github.com/v2";>@v2' by
'github/codeql-action/https://github.com/v2";>@v2.20.4' in your code scanning
workflow to ensure you continue using this version of the CodeQL Action.
We are rolling out a feature in July 2023 that will slightly reduce the
default amount of RAM used for query execution, in proportion to the runner's
total memory. This will help to avoid out-of-memory failures on larger runners.
https://redirect.github.com/github/codeql-action/pull/1760";>#1760
2.20.3 - 06 Jul 2023
Update default CodeQL bundle version to 2.13.5. https://redirect.github.com/github/codeql-action/pull/1743";>#1743
2.20.2 - 03 Jul 2023
No user facing changes.
2.20.1 - 21 Jun 2023
Update default CodeQL bundle version to 2.13.4. https://redirect.github.com/github/codeql-action/pull/1721";>#1721
Experimental: add a new resolve-environment action which
attempts to infer a configuration for the build environment that is required to
build a given project. Do not use this in production as it is part of an
internal experiment and subject to change at any time.
2.20.0 - 13 Jun 2023
Bump the version of the Action to 2.20.0. This ensures that users who
received a Dependabot upgrade to https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a";>cdcdbb5,
which was mistakenly marked as Action version 2.13.4, continue to receive
updates to the CodeQL Action. Full details in https://redirect.github.com/github/codeql-action/pull/1729";>#1729
2.3.6 - 01 Jun 2023
Update default CodeQL bundle version to 2.13.3. https://redirect.github.com/github/codeql-action/pull/1698";>#1698
2.3.5 - 25 May 2023
Allow invalid URIs to be used as values to
artifactLocation.uri properties. This reverses a change from https://redirect.github.com/github/codeql-action/pull/1668";>#1668
that inadvertently led to stricter validation of some URI values. https://redirect.github.com/github/codeql-action/pull/1705";>#1705
Gracefully handle invalid URIs when fingerprinting. https://redirect.github.com/github/codeql-action/pull/1694";>#1694
2.3.4 - 24 May 2023
Updated the SARIF 2.1.0 JSON schema file to the latest from https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json";>oasis-tcs/sarif-spec.
https://redirect.github.com/github/codeql-action/pull/1668";>#1668
We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This improves the
speed of analysis while having only a very minor impact on results. https://redirect.github.com/github/codeql-action/pull/1676";>#1676
We are improving the way that https://github.com/github/codeql-action/releases";>CodeQL bundles are
tagged to make it possible to easily identify bundles by their CodeQL semantic
version. https://redirect.github.com/github/codeql-action/pull/1682";>#1682
As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic
versions, for example codeql-bundle-v2.13.4, instead of
timestamps, like codeql-bundle-20230615.
This change does not affect the majority of workflows, and we will not
be changing tags for existing bundle releases.
Some workflows with custom logic that depends on the specific format of
the CodeQL bundle tag may need to be updated. For example, if your workflow
matches CodeQL bundle tag names against a codeql-bundle-mmdd
pattern, you should update it to also recognize
codeql-bundle-vx.y.z tags.
Remove the requirement for on.push and
on.pull_request to trigger on the same branches. https://redirect.github.com/github/codeql-action/pull/1675";>#1675
2.3.3 - 04 May 2023
Update default CodeQL bundle version to 2.13.1. https://redirect.github.com/github/codeql-action/pull/1664";>#1664
You can