From d2ee8e08d9e85efe2f1e55e6b980d16c15dbceb0 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 10:41:35 -0700 Subject: [PATCH 001/176] Upgrade trunk (#106) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - buf-lint 1.32.0 → 1.32.1 - checkov 3.2.95 → 3.2.106 - markdown-link-check 3.11.2 → 3.12.2 - pylint 3.2.0 → 3.2.2 - renovate 37.368.4 → 37.374.3 - ruff 0.4.4 → 0.4.5 - trivy 0.51.1 → 0.51.2 1 tool was upgraded: - gt 1.3.4 → 1.3.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 90a1035..ec0d573 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -15,10 +15,10 @@ lint: - actionlint@1.7.0 - bandit@1.7.8 - black@24.4.2 - - buf-lint@1.32.0 + - buf-lint@1.32.1 - buildifier@7.1.1 - cfnlint@0.87.3 - - checkov@3.2.95 + - checkov@3.2.106 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -29,7 +29,7 @@ lint: - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.40.0 - - markdown-link-check@3.11.2 + - markdown-link-check@3.12.2 - mypy@1.10.0 - nancy@1.0.46 - osv-scanner@1.7.3 @@ -37,10 +37,10 @@ lint: - pragma-once - prettier@3.2.5 - prisma@5.14.0 - - pylint@3.2.0 - - renovate@37.368.4 + - pylint@3.2.2 + - renovate@37.374.3 - rubocop@1.39.0 - - ruff@0.4.4 + - ruff@0.4.5 - rustfmt@1.68.2 - semgrep@1.73.0 - shellcheck@0.10.0 @@ -54,7 +54,7 @@ lint: - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 - - trivy@0.51.1 + - trivy@0.51.2 - trufflehog@3.76.3 - trunk-toolbox@0.3.1 - yamllint@1.35.1 @@ -89,4 +89,4 @@ actions: tools: enabled: - gh@2.49.2 - - gt@1.3.4 + - gt@1.3.5 From 73922ae0c7c2c894f145d1a468576f64da6d3a6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 10:27:27 -0700 Subject: [PATCH 002/176] Bump the dependencies group with 2 updates (#107) Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.25.5 to 3.25.6
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

3.25.6 - 20 May 2024

3.25.5 - 13 May 2024

3.25.4 - 08 May 2024

3.25.3 - 25 Apr 2024

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

3.25.0 - 15 Apr 2024

... (truncated)

Commits

Updates `trunk-io/trunk-action` from 1.1.14 to 1.1.15
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.15

What's Changed

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.1.14...v1.1.15

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index cc46594..7ede198 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9d46014..b865c77 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index 16e7278..d2e7991 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@bd686325615e9cf5a4ef98372ba94a472f9b5238 + uses: trunk-io/trunk-action/upgrade@f6c5f1b90503c30e02059667dbc247f2257b63c5 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From 9aae6bc09a6ad6078a86f64426c1c369d05a6e18 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 10:28:23 -0700 Subject: [PATCH 003/176] Upgrade trunk (#108) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - buildifier 7.1.1 → 7.1.2 - renovate 37.374.3 → 37.376.0 - semgrep 1.73.0 → 1.74.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index ec0d573..66bf9e4 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -16,7 +16,7 @@ lint: - bandit@1.7.8 - black@24.4.2 - buf-lint@1.32.1 - - buildifier@7.1.1 + - buildifier@7.1.2 - cfnlint@0.87.3 - checkov@3.2.106 - clang-format@17.0.1 @@ -38,11 +38,11 @@ lint: - prettier@3.2.5 - prisma@5.14.0 - pylint@3.2.2 - - renovate@37.374.3 + - renovate@37.376.0 - rubocop@1.39.0 - ruff@0.4.5 - rustfmt@1.68.2 - - semgrep@1.73.0 + - semgrep@1.74.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 From f05632d8593db9de42e0e0421d8fe6db1b97c193 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 11:12:27 -0700 Subject: [PATCH 004/176] Upgrade trunk (#109) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 11 linters were upgraded: - actionlint 1.7.0 → 1.7.1 - buf-lint 1.32.1 → 1.32.2 - cfnlint 0.87.3 → 0.87.4 - checkov 3.2.106 → 3.2.114 - markdownlint 0.40.0 → 0.41.0 - osv-scanner 1.7.3 → 1.7.4 - renovate 37.376.0 → 37.381.7 - ruff 0.4.5 → 0.4.6 - stylelint 16.5.0 → 16.6.1 - trivy 0.51.2 → 0.51.4 - trufflehog 3.76.3 → 3.77.0 2 tools were upgraded: - gh 2.49.2 → 2.50.0 - gt 1.3.5 → 1.3.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 66bf9e4..3963dd5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.0 + - actionlint@1.7.1 - bandit@1.7.8 - black@24.4.2 - - buf-lint@1.32.1 + - buf-lint@1.32.2 - buildifier@7.1.2 - - cfnlint@0.87.3 - - checkov@3.2.106 + - cfnlint@0.87.4 + - checkov@3.2.114 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -28,34 +28,34 @@ lint: - golangci-lint@1.57.2 - hadolint@2.12.0 - isort@5.13.2 - - markdownlint@0.40.0 + - markdownlint@0.41.0 - markdown-link-check@3.12.2 - mypy@1.10.0 - nancy@1.0.46 - - osv-scanner@1.7.3 + - osv-scanner@1.7.4 - oxipng@9.1.1 - pragma-once - prettier@3.2.5 - prisma@5.14.0 - pylint@3.2.2 - - renovate@37.376.0 + - renovate@37.381.7 - rubocop@1.39.0 - - ruff@0.4.5 + - ruff@0.4.6 - rustfmt@1.68.2 - semgrep@1.74.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - sql-formatter@15.3.1 - - stylelint@16.5.0: + - stylelint@16.6.1: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@5.4.2 - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 - - trivy@0.51.2 - - trufflehog@3.76.3 + - trivy@0.51.4 + - trufflehog@3.77.0 - trunk-toolbox@0.3.1 - yamllint@1.35.1 @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.49.2 - - gt@1.3.5 + - gh@2.50.0 + - gt@1.3.6 From 94f1f90b5eccc6ef50a981f0034ef38f9d55b049 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:23:55 -0700 Subject: [PATCH 005/176] Upgrade trunk (#111) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - checkov 3.2.114 → 3.2.120 - renovate 37.381.7 → 37.382.4 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3963dd5..b1a0f31 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.32.2 - buildifier@7.1.2 - cfnlint@0.87.4 - - checkov@3.2.114 + - checkov@3.2.120 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.2.5 - prisma@5.14.0 - pylint@3.2.2 - - renovate@37.381.7 + - renovate@37.382.4 - rubocop@1.39.0 - ruff@0.4.6 - rustfmt@1.68.2 From ecfa72f0821befaf94443a3d3907e920287ef78d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:33:06 -0700 Subject: [PATCH 006/176] Bump github/codeql-action from 3.25.6 to 3.25.7 in the dependencies group (#110) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.25.6 to 3.25.7
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

  • We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235
  • Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

  • The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

    As a result, the following inputs and environment variables are now ignored:

    • The setup-python-dependencies input to the init Action
    • The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.6&new-version=3.25.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 7ede198..1d13d74 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b865c77..cb7ec48 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From aad37dbefefc1f76658b426e3b26b0a3eaaee09c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 10:36:21 -0400 Subject: [PATCH 007/176] Upgrade trunk (#112) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - checkov 3.2.120 → 3.2.125 - prettier 3.2.5 → 3.3.1 - prisma 5.14.0 → 5.15.0 - renovate 37.382.4 → 37.393.0 - ruff 0.4.6 → 0.4.8 - semgrep 1.74.0 → 1.75.0 - stylelint 16.6.1 → 16.6.1 - stylelint-config-clean-order 5.4.2 → 6.0.0 - trivy 0.51.4 → 0.52.0 - trufflehog 3.77.0 → 3.78.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b1a0f31..b1715eb 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.32.2 - buildifier@7.1.2 - cfnlint@0.87.4 - - checkov@3.2.120 + - checkov@3.2.125 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -35,14 +35,14 @@ lint: - osv-scanner@1.7.4 - oxipng@9.1.1 - pragma-once - - prettier@3.2.5 - - prisma@5.14.0 + - prettier@3.3.1 + - prisma@5.15.0 - pylint@3.2.2 - - renovate@37.382.4 + - renovate@37.393.0 - rubocop@1.39.0 - - ruff@0.4.6 + - ruff@0.4.8 - rustfmt@1.68.2 - - semgrep@1.74.0 + - semgrep@1.75.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 @@ -50,12 +50,12 @@ lint: - stylelint@16.6.1: packages: - stylelint-config-standard-scss@13.1.0 - - stylelint-config-clean-order@5.4.2 + - stylelint-config-clean-order@6.0.0 - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 - - trivy@0.51.4 - - trufflehog@3.77.0 + - trivy@0.52.0 + - trufflehog@3.78.0 - trunk-toolbox@0.3.1 - yamllint@1.35.1 From 0d510b88b7724f1401395e10bef5cb7df0b19418 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 00:36:52 -0400 Subject: [PATCH 008/176] Bump github/codeql-action from 3.25.7 to 3.25.8 in the dependencies group (#113) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.25.7 to 3.25.8
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

  • We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235
  • Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

  • The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

... (truncated)

Commits
  • 2e230e8 Merge pull request #2323 from github/update-v3.25.8-18b06dd1d
  • 66ad891 Update changelog for v3.25.8
  • 18b06dd Merge pull request #2322 from github/dependabot/npm_and_yarn/npm-10d82c2911
  • 200dd0c Update checked-in dependencies
  • 2bb35ea bump the npm group with 4 updates
  • 9c15e42 Merge pull request #2321 from github/update-bundle/codeql-bundle-v2.17.4
  • 98e7922 Merge branch 'main' into update-bundle/codeql-bundle-v2.17.4
  • 440350b Add changelog note
  • d4fcc8b Update default bundle to codeql-bundle-v2.17.4
  • add199b Merge pull request #2320 from github/angelapwen/use-linked-in-tests
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.7&new-version=3.25.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 1d13d74..42a24c9 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cb7ec48..d7fb300 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 7484f00606dab25758c1bdb73f35647974d57ed7 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 11:39:24 -0400 Subject: [PATCH 009/176] Upgrade trunk (#114) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - checkov 3.2.125 → 3.2.128 - pylint 3.2.2 → 3.2.3 - renovate 37.393.0 → 37.396.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b1715eb..48e76b7 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.32.2 - buildifier@7.1.2 - cfnlint@0.87.4 - - checkov@3.2.125 + - checkov@3.2.128 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -37,8 +37,8 @@ lint: - pragma-once - prettier@3.3.1 - prisma@5.15.0 - - pylint@3.2.2 - - renovate@37.393.0 + - pylint@3.2.3 + - renovate@37.396.1 - rubocop@1.39.0 - ruff@0.4.8 - rustfmt@1.68.2 From 7014636bca95636bb77455bea1d1f3bdd595c8c8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Wed, 19 Jun 2024 10:05:18 -0700 Subject: [PATCH 010/176] Upgrade trunk (#115) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - bandit 1.7.8 → 1.7.9 - buf-lint 1.32.2 → 1.33.0 - cfnlint 0.87.4 → 0.87.7 - checkov 3.2.128 → 3.2.136 - golangci-lint 1.57.2 → 1.59.1 - prettier 3.3.1 → 3.3.2 - renovate 37.396.1 → 37.408.0 - trivy 0.52.0 → 0.52.1 - trufflehog 3.78.0 → 3.78.1 2 tools were upgraded: - gh 2.50.0 → 2.51.0 - gt 1.3.6 → 1.3.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 48e76b7..0b79e74 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,19 +13,19 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.1 - - bandit@1.7.8 + - bandit@1.7.9 - black@24.4.2 - - buf-lint@1.32.2 + - buf-lint@1.33.0 - buildifier@7.1.2 - - cfnlint@0.87.4 - - checkov@3.2.128 + - cfnlint@0.87.7 + - checkov@3.2.136 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.57.2 + - golangci-lint@1.59.1 - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.41.0 @@ -35,10 +35,10 @@ lint: - osv-scanner@1.7.4 - oxipng@9.1.1 - pragma-once - - prettier@3.3.1 + - prettier@3.3.2 - prisma@5.15.0 - pylint@3.2.3 - - renovate@37.396.1 + - renovate@37.408.0 - rubocop@1.39.0 - ruff@0.4.8 - rustfmt@1.68.2 @@ -54,8 +54,8 @@ lint: - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 - - trivy@0.52.0 - - trufflehog@3.78.0 + - trivy@0.52.1 + - trufflehog@3.78.1 - trunk-toolbox@0.3.1 - yamllint@1.35.1 @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.50.0 - - gt@1.3.6 + - gh@2.51.0 + - gt@1.3.7 From 548cce3c3fad0d3e41083dfbbb51bf330498a0e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jun 2024 10:06:54 -0700 Subject: [PATCH 011/176] Bump github/codeql-action from 3.25.8 to 3.25.10 in the dependencies group (#116) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.25.8 to 3.25.10
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

... (truncated)

Commits
  • 23acc5c Merge pull request #2337 from github/update-v3.25.10-5bf6dad35
  • 9b72dbd Update changelog for v3.25.10
  • 5bf6dad Merge pull request #2329 from github/henrymercer/csharp-buildless-rollback-me...
  • feec81c Merge branch 'main' into henrymercer/csharp-buildless-rollback-mechanism
  • 789b5f8 Merge pull request #2328 from github/henrymercer/direct-tracing-fix
  • c36b5fc Merge pull request #2327 from github/update-bundle/codeql-bundle-v2.17.5
  • b3642aa Merge branch 'main' into update-bundle/codeql-bundle-v2.17.5
  • 1fc6e20 Merge pull request #2335 from github/mergeback/v3.25.9-to-main-530d4fea
  • 356bee4 Update checked-in dependencies
  • 385808c Update changelog and version after v3.25.9
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.8&new-version=3.25.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 42a24c9..94fa05b 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d7fb300..238965c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif From dc2ce33aa4beaf11de58041c78fd77981688e8e0 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:29:54 -0700 Subject: [PATCH 012/176] Upgrade trunk (#117) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - checkov 3.2.136 → 3.2.141 - prisma 5.15.0 → 5.15.1 - renovate 37.408.0 → 37.413.2 - ruff 0.4.8 → 0.4.9 - semgrep 1.75.0 → 1.76.0 - sql-formatter 15.3.1 → 15.3.2 - trivy 0.52.1 → 0.52.2 1 tool was upgraded: - gt 1.3.7 → 1.3.9 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0b79e74..180f04d 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.33.0 - buildifier@7.1.2 - cfnlint@0.87.7 - - checkov@3.2.136 + - checkov@3.2.141 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,17 +36,17 @@ lint: - oxipng@9.1.1 - pragma-once - prettier@3.3.2 - - prisma@5.15.0 + - prisma@5.15.1 - pylint@3.2.3 - - renovate@37.408.0 + - renovate@37.413.2 - rubocop@1.39.0 - - ruff@0.4.8 + - ruff@0.4.9 - rustfmt@1.68.2 - - semgrep@1.75.0 + - semgrep@1.76.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - - sql-formatter@15.3.1 + - sql-formatter@15.3.2 - stylelint@16.6.1: packages: - stylelint-config-standard-scss@13.1.0 @@ -54,7 +54,7 @@ lint: - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 - - trivy@0.52.1 + - trivy@0.52.2 - trufflehog@3.78.1 - trunk-toolbox@0.3.1 - yamllint@1.35.1 @@ -89,4 +89,4 @@ actions: tools: enabled: - gh@2.51.0 - - gt@1.3.7 + - gt@1.3.9 From 85e221a77fddd3bf24e7ec32a259a9fe964ceb8c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 10:48:47 -0700 Subject: [PATCH 013/176] Upgrade trunk (#118) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - osv-scanner 1.7.4 → 1.8.1 - renovate 37.413.2 → 37.413.4 - ruff 0.4.9 → 0.4.10 - trufflehog 3.78.1 → 3.78.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 180f04d..3275e0b 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -32,15 +32,15 @@ lint: - markdown-link-check@3.12.2 - mypy@1.10.0 - nancy@1.0.46 - - osv-scanner@1.7.4 + - osv-scanner@1.8.1 - oxipng@9.1.1 - pragma-once - prettier@3.3.2 - prisma@5.15.1 - pylint@3.2.3 - - renovate@37.413.2 + - renovate@37.413.4 - rubocop@1.39.0 - - ruff@0.4.9 + - ruff@0.4.10 - rustfmt@1.68.2 - semgrep@1.76.0 - shellcheck@0.10.0 @@ -55,7 +55,7 @@ lint: - taplo@0.8.1 - terrascan@1.19.1 - trivy@0.52.2 - - trufflehog@3.78.1 + - trufflehog@3.78.2 - trunk-toolbox@0.3.1 - yamllint@1.35.1 From a4dbd371236c962c0fdb91eb77530f863979c3b3 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 28 Jun 2024 10:19:29 -0700 Subject: [PATCH 014/176] Upgrade trunk (#119) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - buf-lint 1.33.0 → 1.34.0 - cfnlint 0.87.7 → 1.3.7 - checkov 3.2.141 → 3.2.148 - mypy 1.10.0 → 1.10.1 - prisma 5.15.1 → 5.16.0 - pylint 3.2.3 → 3.2.4 - renovate 37.413.4 → 37.420.1 - semgrep 1.76.0 → 1.77.0 - trufflehog 3.78.2 → 3.79.0 - trunk-toolbox 0.3.1 → 0.3.2 1 tool was upgraded: - gh 2.51.0 → 2.52.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3275e0b..6886cb0 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -15,10 +15,10 @@ lint: - actionlint@1.7.1 - bandit@1.7.9 - black@24.4.2 - - buf-lint@1.33.0 + - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@0.87.7 - - checkov@3.2.141 + - cfnlint@1.3.7 + - checkov@3.2.148 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,19 +30,19 @@ lint: - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - - mypy@1.10.0 + - mypy@1.10.1 - nancy@1.0.46 - osv-scanner@1.8.1 - oxipng@9.1.1 - pragma-once - prettier@3.3.2 - - prisma@5.15.1 - - pylint@3.2.3 - - renovate@37.413.4 + - prisma@5.16.0 + - pylint@3.2.4 + - renovate@37.420.1 - rubocop@1.39.0 - ruff@0.4.10 - rustfmt@1.68.2 - - semgrep@1.76.0 + - semgrep@1.77.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 @@ -55,8 +55,8 @@ lint: - taplo@0.8.1 - terrascan@1.19.1 - trivy@0.52.2 - - trufflehog@3.78.2 - - trunk-toolbox@0.3.1 + - trufflehog@3.79.0 + - trunk-toolbox@0.3.2 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.51.0 + - gh@2.52.0 - gt@1.3.9 From 12e702ae086dcaed664d951547e37e094e5de966 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 09:54:10 -0700 Subject: [PATCH 015/176] Bump the dependencies group with 2 updates (#120) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.25.10 to 3.25.11
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

... (truncated)

Commits
  • b611370 Merge pull request #2357 from github/update-v3.25.11-de945755c
  • 3e6431f Update changelog for v3.25.11
  • de94575 Merge pull request #2352 from github/update-bundle/codeql-bundle-v2.17.6
  • a32d305 Add changelog note
  • 9ccc995 Update default bundle to codeql-bundle-v2.17.6
  • 9b7c22c Merge pull request #2351 from github/dependabot/npm_and_yarn/npm-6791eaa26c
  • 9cf3243 Rebuild
  • 1895b29 Update checked-in dependencies
  • 9dcfde9 Bump the npm group with 2 updates
  • 8723b5b Merge pull request #2350 from github/angelapwen/add-exclude-pr-check-param
  • Additional commits viewable in compare view

Updates `trunk-io/trunk-action` from 1.1.15 to 1.1.16
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.16

What's Changed

New Contributors

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1...v1.1.16

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 94fa05b..f045c13 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 238965c..934c7df 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index d2e7991..1eef06b 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@f6c5f1b90503c30e02059667dbc247f2257b63c5 + uses: trunk-io/trunk-action/upgrade@86b68ffae610a05105e90b1f52ad8c549ef482c2 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From 7a24477479168df11c0d39bbae7c1e55673b7933 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 09:57:04 -0700 Subject: [PATCH 016/176] Upgrade trunk (#121) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - cfnlint 1.3.7 → 1.4.2 - checkov 3.2.148 → 3.2.156 - prisma 5.16.0 → 5.16.1 - ruff 0.4.10 → 0.5.0 - semgrep 1.77.0 → 1.78.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6886cb0..0b45c9a 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@1.3.7 - - checkov@3.2.148 + - cfnlint@1.4.2 + - checkov@3.2.156 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,13 +36,13 @@ lint: - oxipng@9.1.1 - pragma-once - prettier@3.3.2 - - prisma@5.16.0 + - prisma@5.16.1 - pylint@3.2.4 - renovate@37.420.1 - rubocop@1.39.0 - - ruff@0.4.10 + - ruff@0.5.0 - rustfmt@1.68.2 - - semgrep@1.77.0 + - semgrep@1.78.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 From 326e542ee016319f82ce72f1847843077e8b0dc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 10:29:13 -0700 Subject: [PATCH 017/176] Bump actions/upload-artifact from 4.3.3 to 4.3.4 in the dependencies group (#123) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4.3.3 to 4.3.4
Release notes

Sourced from actions/upload-artifact's releases.

v4.3.4

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.3.3&new-version=4.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 934c7df..b6224fa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From 9c4759042344be20c76cc617f0a2cb16dece1249 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 10:29:36 -0700 Subject: [PATCH 018/176] Upgrade trunk (#122) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - cfnlint 1.4.2 → 1.5.0 - checkov 3.2.156 → 3.2.174 - pylint 3.2.4 → 3.2.5 - renovate 37.420.1 → 37.424.1 - stylelint 16.6.1 → 16.6.1 - stylelint-config-clean-order 6.0.0 → 6.1.0 1 tool was upgraded: - gt 1.3.9 → 1.3.10 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0b45c9a..cf53c32 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@1.4.2 - - checkov@3.2.156 + - cfnlint@1.5.0 + - checkov@3.2.174 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -37,8 +37,8 @@ lint: - pragma-once - prettier@3.3.2 - prisma@5.16.1 - - pylint@3.2.4 - - renovate@37.420.1 + - pylint@3.2.5 + - renovate@37.424.1 - rubocop@1.39.0 - ruff@0.5.0 - rustfmt@1.68.2 @@ -50,7 +50,7 @@ lint: - stylelint@16.6.1: packages: - stylelint-config-standard-scss@13.1.0 - - stylelint-config-clean-order@6.0.0 + - stylelint-config-clean-order@6.1.0 - svgo@3.3.2 - taplo@0.8.1 - terrascan@1.19.1 @@ -89,4 +89,4 @@ actions: tools: enabled: - gh@2.52.0 - - gt@1.3.9 + - gt@1.3.10 From 42d48b9849b8e303c905ccafe1d8be95d971ad71 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:52:58 -0700 Subject: [PATCH 019/176] Upgrade trunk (#124) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.5.0 → 1.5.3 - checkov 3.2.174 → 3.2.184 - osv-scanner 1.8.1 → 1.8.2 - prisma 5.16.1 → 5.16.2 - renovate 37.424.1 → 37.428.2 - ruff 0.5.0 → 0.5.1 - semgrep 1.78.0 → 1.79.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index cf53c32..6531304 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@1.5.0 - - checkov@3.2.174 + - cfnlint@1.5.3 + - checkov@3.2.184 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,17 +32,17 @@ lint: - markdown-link-check@3.12.2 - mypy@1.10.1 - nancy@1.0.46 - - osv-scanner@1.8.1 + - osv-scanner@1.8.2 - oxipng@9.1.1 - pragma-once - prettier@3.3.2 - - prisma@5.16.1 + - prisma@5.16.2 - pylint@3.2.5 - - renovate@37.424.1 + - renovate@37.428.2 - rubocop@1.39.0 - - ruff@0.5.0 + - ruff@0.5.1 - rustfmt@1.68.2 - - semgrep@1.78.0 + - semgrep@1.79.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 From 752c161a3a028ba82113703f3d3530d21da008fd Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 10:01:18 -0700 Subject: [PATCH 020/176] Upgrade trunk (#126) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - cfnlint 1.5.3 → 1.6.0 - checkov 3.2.184 → 3.2.186 - renovate 37.428.2 → 37.429.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6531304..6922488 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@1.5.3 - - checkov@3.2.184 + - cfnlint@1.6.0 + - checkov@3.2.186 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.3.2 - prisma@5.16.2 - pylint@3.2.5 - - renovate@37.428.2 + - renovate@37.429.1 - rubocop@1.39.0 - ruff@0.5.1 - rustfmt@1.68.2 From f799a3e04f5a9643867f73e98734db527580b786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 08:01:53 -0700 Subject: [PATCH 021/176] Bump github/codeql-action from 3.25.11 to 3.25.12 in the dependencies group (#125) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.25.11 to 3.25.12
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • Add codeql-version to outputs. #2368

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

... (truncated)

Commits
  • 4fa2a79 Merge pull request #2369 from github/update-v3.25.12-947b18fb7
  • dec6fb7 Update changelog for v3.25.12
  • 947b18f Merge pull request #2365 from github/dependabot/npm_and_yarn/npm-88aac57241
  • 9ab7277 Merge pull request #2364 from github/update-bundle/codeql-bundle-v2.18.0
  • 1c60bf1 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.0
  • be825d5 Merge pull request #2353 from github/henrymercer/enable-direct-tracing
  • 243e392 Fix PR number in changelog
  • 026682f Fix bad auto merge in changelog
  • 264cbe2 Merge branch 'main' into henrymercer/enable-direct-tracing
  • 0b65015 Update checked-in dependencies
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.11&new-version=3.25.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f045c13..2b7458f 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b6224fa..32a9f3b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From ecebac00cd2e8980dca632fe93a2f81ab3b5bd6c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 10:53:07 -0700 Subject: [PATCH 022/176] Upgrade trunk (#127) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - cfnlint 1.6.0 → 1.8.0 - checkov 3.2.186 → 3.2.193 - oxipng 9.1.1 → 9.1.2 - prettier 3.3.2 → 3.3.3 - prisma 5.16.2 → 5.17.0 - renovate 37.429.1 → 37.432.0 - ruff 0.5.1 → 0.5.2 - stylelint 16.6.1 → 16.7.0 - taplo 0.8.1 → 0.9.2 - trivy 0.52.2 → 0.53.0 1 tool was upgraded: - gh 2.52.0 → 2.53.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6922488..f1e2bb7 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.34.0 - buildifier@7.1.2 - - cfnlint@1.6.0 - - checkov@3.2.186 + - cfnlint@1.8.0 + - checkov@3.2.193 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -33,28 +33,28 @@ lint: - mypy@1.10.1 - nancy@1.0.46 - osv-scanner@1.8.2 - - oxipng@9.1.1 + - oxipng@9.1.2 - pragma-once - - prettier@3.3.2 - - prisma@5.16.2 + - prettier@3.3.3 + - prisma@5.17.0 - pylint@3.2.5 - - renovate@37.429.1 + - renovate@37.432.0 - rubocop@1.39.0 - - ruff@0.5.1 + - ruff@0.5.2 - rustfmt@1.68.2 - semgrep@1.79.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - sql-formatter@15.3.2 - - stylelint@16.6.1: + - stylelint@16.7.0: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@6.1.0 - svgo@3.3.2 - - taplo@0.8.1 + - taplo@0.9.2 - terrascan@1.19.1 - - trivy@0.52.2 + - trivy@0.53.0 - trufflehog@3.79.0 - trunk-toolbox@0.3.2 - yamllint@1.35.1 @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.52.0 + - gh@2.53.0 - gt@1.3.10 From 6ba6d9f0d738ff07ad313f1e2f645c76fa52680b Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:07:08 -0700 Subject: [PATCH 023/176] Upgrade trunk (#129) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - buf-lint 1.34.0 → 1.35.1 - cfnlint 1.8.0 → 1.8.2 - checkov 3.2.193 → 3.2.205 - mypy 1.10.1 → 1.11.0 - pylint 3.2.5 → 3.2.6 - renovate 37.432.0 → 37.440.7 - ruff 0.5.2 → 0.5.4 - semgrep 1.79.0 → 1.81.0 - trufflehog 3.79.0 → 3.80.1 1 tool was upgraded: - gt 1.3.10 → 1.4.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index f1e2bb7..381f42e 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -15,10 +15,10 @@ lint: - actionlint@1.7.1 - bandit@1.7.9 - black@24.4.2 - - buf-lint@1.34.0 + - buf-lint@1.35.1 - buildifier@7.1.2 - - cfnlint@1.8.0 - - checkov@3.2.193 + - cfnlint@1.8.2 + - checkov@3.2.205 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,19 +30,19 @@ lint: - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - - mypy@1.10.1 + - mypy@1.11.0 - nancy@1.0.46 - osv-scanner@1.8.2 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - prisma@5.17.0 - - pylint@3.2.5 - - renovate@37.432.0 + - pylint@3.2.6 + - renovate@37.440.7 - rubocop@1.39.0 - - ruff@0.5.2 + - ruff@0.5.4 - rustfmt@1.68.2 - - semgrep@1.79.0 + - semgrep@1.81.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 @@ -55,7 +55,7 @@ lint: - taplo@0.9.2 - terrascan@1.19.1 - trivy@0.53.0 - - trufflehog@3.79.0 + - trufflehog@3.80.1 - trunk-toolbox@0.3.2 - yamllint@1.35.1 @@ -89,4 +89,4 @@ actions: tools: enabled: - gh@2.53.0 - - gt@1.3.10 + - gt@1.4.1 From 1f6e6d0f11f0f542410faaaa7d651037c5d4d514 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Jul 2024 16:37:49 -0700 Subject: [PATCH 024/176] Bump the dependencies group across 1 directory with 2 updates (#130) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `github/codeql-action` from 3.25.12 to 3.25.15
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time.

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

... (truncated)

Commits
  • afb54ba Merge pull request #2391 from github/update-v3.25.15-4b1d7da10
  • 57a4b22 Update changelog for v3.25.15
  • 4b1d7da Merge pull request #2385 from github/update-bundle/codeql-bundle-v2.18.1
  • 97e8f69 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1
  • f8e94f9 Merge pull request #2389 from github/mergeback/v3.25.14-to-main-5cf07d8b
  • 9e375a8 Update checked-in dependencies
  • 02d73d0 Update changelog and version after v3.25.14
  • 5cf07d8 Merge pull request #2388 from github/update-v3.25.14-1b214db07
  • ecab108 Update changelog for v3.25.14
  • 1b214db Merge pull request #2387 from github/aibaars/remove-set-secret
  • Additional commits viewable in compare view

Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

Commits
  • 62b2cac bump docker tag to v2.4.0 for release (#1414)
  • c09630c lower license score alert threshold to 9 (#1411)
  • cf8594c :seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
  • de5fcb9 :seedling: Bump the github-actions group with 2 updates (#1412)
  • a46b90b bump scorecard to v5.0.0 release (#1410)
  • 9fc518d :seedling: Bump golang in the docker-images group (#1407)
  • a8eaa1b :seedling: Bump the github-actions group with 2 updates (#1408)
  • 873d5fd :seedling: Bump the github-actions group across 1 directory with 2 updates (#...
  • 54cc1fe :seedling: Bump the docker-images group with 2 updates (#1401)
  • 82bcb91 :seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 2b7458f..50c570f 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 32a9f3b..f10d52f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 292416b2cdbacad77065dbe661e231d95d93007e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 09:56:05 -0700 Subject: [PATCH 025/176] Upgrade trunk (#131) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - checkov 3.2.205 → 3.2.208 - renovate 37.440.7 → 38.6.0 - ruff 0.5.4 → 0.5.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 381f42e..86d5195 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.35.1 - buildifier@7.1.2 - cfnlint@1.8.2 - - checkov@3.2.205 + - checkov@3.2.208 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,9 +38,9 @@ lint: - prettier@3.3.3 - prisma@5.17.0 - pylint@3.2.6 - - renovate@37.440.7 + - renovate@38.6.0 - rubocop@1.39.0 - - ruff@0.5.4 + - ruff@0.5.5 - rustfmt@1.68.2 - semgrep@1.81.0 - shellcheck@0.10.0 From 25a5f9910fbb6f438aa6fd10d7b05043461d3811 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:16:32 -0700 Subject: [PATCH 026/176] Upgrade trunk (#132) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.8.2 → 1.9.2 - checkov 3.2.208 → 3.2.217 - mypy 1.11.0 → 1.11.1 - renovate 38.6.0 → 38.17.1 - semgrep 1.81.0 → 1.82.0 - stylelint 16.7.0 → 16.8.1 - taplo 0.9.2 → 0.9.3 - trivy 0.53.0 → 0.54.1 - trufflehog 3.80.1 → 3.80.5 1 tool was upgraded: - gh 2.53.0 → 2.54.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 86d5195..0a416c3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.4.2 - buf-lint@1.35.1 - buildifier@7.1.2 - - cfnlint@1.8.2 - - checkov@3.2.208 + - cfnlint@1.9.2 + - checkov@3.2.217 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,7 +30,7 @@ lint: - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - - mypy@1.11.0 + - mypy@1.11.1 - nancy@1.0.46 - osv-scanner@1.8.2 - oxipng@9.1.2 @@ -38,24 +38,24 @@ lint: - prettier@3.3.3 - prisma@5.17.0 - pylint@3.2.6 - - renovate@38.6.0 + - renovate@38.17.1 - rubocop@1.39.0 - ruff@0.5.5 - rustfmt@1.68.2 - - semgrep@1.81.0 + - semgrep@1.82.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - sql-formatter@15.3.2 - - stylelint@16.7.0: + - stylelint@16.8.1: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@6.1.0 - svgo@3.3.2 - - taplo@0.9.2 + - taplo@0.9.3 - terrascan@1.19.1 - - trivy@0.53.0 - - trufflehog@3.80.1 + - trivy@0.54.1 + - trufflehog@3.80.5 - trunk-toolbox@0.3.2 - yamllint@1.35.1 @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.53.0 + - gh@2.54.0 - gt@1.4.1 From 3309525c1d188d045f4395b56a7e9d0611c4cde5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:00:15 -0700 Subject: [PATCH 027/176] Bump actions/upload-artifact from 4.3.4 to 4.3.5 in the dependencies group (#133) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
Release notes

Sourced from actions/upload-artifact's releases.

v4.3.5

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.3.4&new-version=4.3.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f10d52f..13e9470 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif From 7a8aef33246f68300e0b845c0da9aecd2bad9c6b Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:03:35 -0700 Subject: [PATCH 028/176] Upgrade trunk (#134) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - cfnlint 1.9.2 → 1.9.3 - renovate 38.17.1 → 38.18.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0a416c3..97c1424 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.4.2 - buf-lint@1.35.1 - buildifier@7.1.2 - - cfnlint@1.9.2 + - cfnlint@1.9.3 - checkov@3.2.217 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,7 +38,7 @@ lint: - prettier@3.3.3 - prisma@5.17.0 - pylint@3.2.6 - - renovate@38.17.1 + - renovate@38.18.7 - rubocop@1.39.0 - ruff@0.5.5 - rustfmt@1.68.2 From aa567ba79a01be7953dc8cdb040508eccdf37738 Mon Sep 17 00:00:00 2001 From: Chris Clearwater Date: Wed, 7 Aug 2024 11:48:58 -0700 Subject: [PATCH 029/176] Pin buf to an older version to avoid timeout (#135) See https://github.com/bufbuild/buf/issues/3219 --- .trunk/trunk.yaml | 4 ++-- plugin.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 4704bd1..fc9f08f 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,11 +1,11 @@ version: 0.1 cli: - version: 1.20.1 + version: 1.22.2 plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.4.5 + ref: v1.6.1 - id: configs local: . diff --git a/plugin.yaml b/plugin.yaml index 97c1424..e1d2de2 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -15,7 +15,7 @@ lint: - actionlint@1.7.1 - bandit@1.7.9 - black@24.4.2 - - buf-lint@1.35.1 + - buf-lint@1.31.0! - buildifier@7.1.2 - cfnlint@1.9.3 - checkov@3.2.217 From 38c580c7c586ae330fa6728092352579b4ab9b65 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 10:01:01 -0700 Subject: [PATCH 030/176] Upgrade trunk (#136) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - black 24.4.2 → 24.8.0 - cfnlint 1.9.3 → 1.9.5 - checkov 3.2.217 → 3.2.219 - osv-scanner 1.8.2 → 1.8.3 - prisma 5.17.0 → 5.18.0 - renovate 38.18.7 → 38.21.4 - ruff 0.5.5 → 0.5.6 - semgrep 1.82.0 → 1.84.1 - trufflehog 3.80.5 → 3.81.7 1 tool was upgraded: - gt 1.4.1 → 1.4.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index e1d2de2..46ab48f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -14,11 +14,11 @@ lint: enabled: - actionlint@1.7.1 - bandit@1.7.9 - - black@24.4.2 + - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.9.3 - - checkov@3.2.217 + - cfnlint@1.9.5 + - checkov@3.2.219 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,17 +32,17 @@ lint: - markdown-link-check@3.12.2 - mypy@1.11.1 - nancy@1.0.46 - - osv-scanner@1.8.2 + - osv-scanner@1.8.3 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.17.0 + - prisma@5.18.0 - pylint@3.2.6 - - renovate@38.18.7 + - renovate@38.21.4 - rubocop@1.39.0 - - ruff@0.5.5 + - ruff@0.5.6 - rustfmt@1.68.2 - - semgrep@1.82.0 + - semgrep@1.84.1 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 @@ -55,7 +55,7 @@ lint: - taplo@0.9.3 - terrascan@1.19.1 - trivy@0.54.1 - - trufflehog@3.80.5 + - trufflehog@3.81.7 - trunk-toolbox@0.3.2 - yamllint@1.35.1 @@ -89,4 +89,4 @@ actions: tools: enabled: - gh@2.54.0 - - gt@1.4.1 + - gt@1.4.2 From bc23b2397c4c7ae80822f515ca6785f37362641b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 11 Aug 2024 18:51:03 -0700 Subject: [PATCH 031/176] Bump the dependencies group with 2 updates (#137) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.25.15 to 3.26.0
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2376

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

... (truncated)

Commits
  • eb055d7 Merge pull request #2410 from github/update-v3.26.0-c24926b73
  • 3884d04 Update changelog for v3.26.0
  • c24926b Merge pull request #2407 from github/dependabot/npm_and_yarn/npm-7954a73ad2
  • 68ba39b Merge branch 'main' into dependabot/npm_and_yarn/npm-7954a73ad2
  • 8dd1773 Merge pull request #2408 from github/henrymercer/deprecate-codeql-2.13.4
  • 441c9d9 Merge pull request #2409 from github/henrymercer/fix-required-checks
  • f03da13 Exclude push-only unit tests job from required PR checks script
  • 29a5cfc Bump version to 3.26.0
  • 9e440ad Add changelog note
  • 136f5a5 Add CodeQL v2.17.6 to default test versions
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
Release notes

Sourced from actions/upload-artifact's releases.

v4.3.6

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.3.6

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 50c570f..332f8a1 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 13e9470..35e730c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From fc68fc6c8060c21e631aa9c88f566e5113ef35f9 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 10:03:11 -0700 Subject: [PATCH 032/176] Upgrade trunk (#138) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - cfnlint 1.9.5 → 1.9.6 - renovate 38.21.4 → 38.23.2 - ruff 0.5.6 → 0.5.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 46ab48f..e80fbb6 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.9.5 + - cfnlint@1.9.6 - checkov@3.2.219 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,9 +38,9 @@ lint: - prettier@3.3.3 - prisma@5.18.0 - pylint@3.2.6 - - renovate@38.21.4 + - renovate@38.23.2 - rubocop@1.39.0 - - ruff@0.5.6 + - ruff@0.5.7 - rustfmt@1.68.2 - semgrep@1.84.1 - shellcheck@0.10.0 From c9588a355202f90d71bf5fcc9b0ed3eb6d578367 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 16 Aug 2024 10:00:07 -0700 Subject: [PATCH 033/176] Upgrade trunk (#139) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.9.6 → 1.10.1 - checkov 3.2.219 → 3.2.225 - golangci-lint 1.59.1 → 1.60.1 - renovate 38.23.2 → 38.33.0 - sql-formatter 15.3.2 → 15.4.0 - trufflehog 3.81.7 → 3.81.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index e80fbb6..6532fc2 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,15 +17,15 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.9.6 - - checkov@3.2.219 + - cfnlint@1.10.1 + - checkov@3.2.225 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.59.1 + - golangci-lint@1.60.1 - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.41.0 @@ -38,7 +38,7 @@ lint: - prettier@3.3.3 - prisma@5.18.0 - pylint@3.2.6 - - renovate@38.23.2 + - renovate@38.33.0 - rubocop@1.39.0 - ruff@0.5.7 - rustfmt@1.68.2 @@ -46,7 +46,7 @@ lint: - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - - sql-formatter@15.3.2 + - sql-formatter@15.4.0 - stylelint@16.8.1: packages: - stylelint-config-standard-scss@13.1.0 @@ -55,7 +55,7 @@ lint: - taplo@0.9.3 - terrascan@1.19.1 - trivy@0.54.1 - - trufflehog@3.81.7 + - trufflehog@3.81.8 - trunk-toolbox@0.3.2 - yamllint@1.35.1 From 4c225a870c96732acba0777ced4dcff423d5a753 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 10:46:45 -0700 Subject: [PATCH 034/176] Upgrade trunk (#141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.10.1 → 1.10.2 - checkov 3.2.225 → 3.2.228 - renovate 38.33.0 → 38.37.1 - ruff 0.5.7 → 0.6.0 - semgrep 1.84.1 → 1.85.0 - stylelint 16.8.1 → 16.8.2 - trufflehog 3.81.8 → 3.81.9 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6532fc2..73049ea 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.10.1 - - checkov@3.2.225 + - cfnlint@1.10.2 + - checkov@3.2.228 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,16 +38,16 @@ lint: - prettier@3.3.3 - prisma@5.18.0 - pylint@3.2.6 - - renovate@38.33.0 + - renovate@38.37.1 - rubocop@1.39.0 - - ruff@0.5.7 + - ruff@0.6.0 - rustfmt@1.68.2 - - semgrep@1.84.1 + - semgrep@1.85.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.0 - sql-formatter@15.4.0 - - stylelint@16.8.1: + - stylelint@16.8.2: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@6.1.0 @@ -55,7 +55,7 @@ lint: - taplo@0.9.3 - terrascan@1.19.1 - trivy@0.54.1 - - trufflehog@3.81.8 + - trufflehog@3.81.9 - trunk-toolbox@0.3.2 - yamllint@1.35.1 From 193587d32073010b7c59b44f05db0371d4c6d9ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 16:28:51 -0700 Subject: [PATCH 035/176] Bump github/codeql-action from 3.26.0 to 3.26.2 in the dependencies group (#140) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.0 to 3.26.2
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2376

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

... (truncated)

Commits
  • 429e197 Merge pull request #2425 from github/update-v3.26.2-a93f8c2fd
  • 9eec338 Update changelog for v3.26.2
  • a93f8c2 Merge pull request #2423 from github/mergeback/v3.26.1-to-main-29d86d22
  • af1f2e8 Address incorrect CHANGELOG.md
  • 2bc3b83 Update checked-in dependencies
  • dd9700c Reapply "Merge pull request #2417 from github/update-bundle/codeql-bundle-v2....
  • ece28a8 Update changelog and version after v3.26.1
  • 29d86d2 Merge pull request #2422 from github/update-v3.26.1-0d5982aa3
  • 5b15b9e Revert "Merge pull request #2417 from github/update-bundle/codeql-bundle-v2.1...
  • 18ac79e Update changelog for v3.26.1
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.0&new-version=3.26.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 332f8a1..59e7be7 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 35e730c..9a06467 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From b548635cc464b20c3b219065e276e1cb711be682 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 10:00:38 -0700 Subject: [PATCH 036/176] Upgrade trunk (#142) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.10.2 → 1.10.3 - checkov 3.2.228 → 3.2.235 - golangci-lint 1.60.1 → 1.60.3 - osv-scanner 1.8.3 → 1.8.4 - renovate 38.37.1 → 38.51.1 - ruff 0.6.0 → 0.6.2 - sort-package-json 2.10.0 → 2.10.1 2 tools were upgraded: - gh 2.54.0 → 2.55.0 - gt 1.4.2 → 1.4.3 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 73049ea..0582bbd 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,35 +17,35 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.10.2 - - checkov@3.2.228 + - cfnlint@1.10.3 + - checkov@3.2.235 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.60.1 + - golangci-lint@1.60.3 - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - mypy@1.11.1 - nancy@1.0.46 - - osv-scanner@1.8.3 + - osv-scanner@1.8.4 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - prisma@5.18.0 - pylint@3.2.6 - - renovate@38.37.1 + - renovate@38.51.1 - rubocop@1.39.0 - - ruff@0.6.0 + - ruff@0.6.2 - rustfmt@1.68.2 - semgrep@1.85.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@2.10.0 + - sort-package-json@2.10.1 - sql-formatter@15.4.0 - stylelint@16.8.2: packages: @@ -88,5 +88,5 @@ actions: tools: enabled: - - gh@2.54.0 - - gt@1.4.2 + - gh@2.55.0 + - gt@1.4.3 From bfd3cab8695608b151ce05e96413f4e2d209006a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:29:49 -0700 Subject: [PATCH 037/176] Bump github/codeql-action from 3.26.2 to 3.26.5 in the dependencies group (#143) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.2 to 3.26.5
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2376

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

... (truncated)

Commits
  • 2c779ab Merge main into releases/v3 (#2444)
  • 68cd1f9 Update changelog for v3.26.5
  • 7e27807 Only run check SIP enablement once in init step (#2441)
  • fd5fa13 Merge pull request #2438 from github/mergeback/v3.26.4-to-main-f0f3afee
  • 6f10eb0 Update checked-in dependencies
  • b15a247 Update changelog and version after v3.26.4
  • f0f3afe Merge main into releases/v3 (#2437)
  • e354359 Update changelog for v3.26.4
  • ae01f80 Merge pull request #2436 from rvermeulen/rvermeulen/deprecate-add-snippets
  • 72bc3f7 Address incorrect changelog location
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.2&new-version=3.26.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 59e7be7..99a04c0 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9a06467..baf986d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From 25e3e781bf239a3b0bfe5372b90916280e672ae7 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:34:27 -0700 Subject: [PATCH 038/176] Upgrade trunk (#144) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.10.3 → 1.11.0 - checkov 3.2.235 → 3.2.239 - mypy 1.11.1 → 1.11.2 - prisma 5.18.0 → 5.19.0 - renovate 38.51.1 → 38.57.0 - sql-formatter 15.4.0 → 15.4.1 - stylelint 16.8.2 → 16.9.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ --------- Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> Co-authored-by: Tyler Jang --- .trunk/trunk.yaml | 2 +- plugin.yaml | 17 +++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index fc9f08f..765b52d 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -5,7 +5,7 @@ plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.6.1 + ref: v1.6.2 - id: configs local: . diff --git a/plugin.yaml b/plugin.yaml index 0582bbd..a417735 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.10.3 - - checkov@3.2.235 + - cfnlint@1.11.0 + - checkov@3.2.239 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,15 +30,15 @@ lint: - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - - mypy@1.11.1 + - mypy@1.11.2 - nancy@1.0.46 - osv-scanner@1.8.4 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.18.0 + - prisma@5.19.0 - pylint@3.2.6 - - renovate@38.51.1 + - renovate@38.57.0 - rubocop@1.39.0 - ruff@0.6.2 - rustfmt@1.68.2 @@ -46,15 +46,16 @@ lint: - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 - - sql-formatter@15.4.0 - - stylelint@16.8.2: + - sql-formatter@15.4.1 + - stylelint@16.9.0: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@6.1.0 - svgo@3.3.2 - taplo@0.9.3 - terrascan@1.19.1 - - trivy@0.54.1 + # Disabled until filesystem scanner initialize error resolved. + # - trivy@0.54.1 - trufflehog@3.81.9 - trunk-toolbox@0.3.2 - yamllint@1.35.1 From 011c32a9ca08e301a6f4086afc4073b93a42b390 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:38:30 -0700 Subject: [PATCH 039/176] Bump the dependencies group with 2 updates (#145) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.26.5 to 3.26.6
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2376

3.25.13 - 19 Jul 2024

... (truncated)

Commits
  • 4dd1613 Merge pull request #2452 from github/update-v3.26.6-7233ec5e6
  • dd9dd2d Update changelog for v3.26.6
  • 7233ec5 Merge pull request #2449 from github/update-bundle/codeql-bundle-v2.18.3
  • a32c44d Add changelog note
  • 2966897 Update default bundle to codeql-bundle-v2.18.3
  • b8efe4d Merge pull request #2435 from github/update-supported-enterprise-server-versions
  • ab408a8 Merge branch 'main' into update-supported-enterprise-server-versions
  • 864b979 Merge pull request #2443 from github/dbartol/config-file-telemetry
  • d36c7aa Merge pull request #2448 from github/dependabot/npm_and_yarn/npm-09b7c43f6b
  • b3bf514 Update checked-in dependencies
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.3.6 to 4.4.0
Release notes

Sourced from actions/upload-artifact's releases.

v4.4.0

Notice: Breaking Changes :warning:

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0

Commits
  • 5076954 Merge pull request #598 from actions/joshmgross/exclude-hidden-files
  • d52396a Add a warning about enabling include-hidden-files
  • 710f362 Remove "merged" from include-hidden-files input description
  • 3b315f2 npm run release again 🙂
  • 3be2180 Remove another trailing comma
  • 453e8d0 Update glob license
  • 0a398c1 npm run release
  • a0c40cf Update to latest @actions/glob and fix tests
  • acb59e4 lint
  • cb6558b Exclude hidden files by default
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 99a04c0..e7c9646 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index baf986d..64c7d84 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif From e35625f6f3a98a11c55a7ce9c2dd0a4de4cab8ec Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:40:48 -0700 Subject: [PATCH 040/176] Upgrade trunk (#146) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - cfnlint 1.11.0 → 1.11.1 - renovate 38.57.0 → 38.58.0 - ruff 0.6.2 → 0.6.3 - trufflehog 3.81.9 → 3.81.10 - trunk-toolbox 0.3.2 → 0.4.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index a417735..1115fa8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.1.2 - - cfnlint@1.11.0 + - cfnlint@1.11.1 - checkov@3.2.239 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,9 +38,9 @@ lint: - prettier@3.3.3 - prisma@5.19.0 - pylint@3.2.6 - - renovate@38.57.0 + - renovate@38.58.0 - rubocop@1.39.0 - - ruff@0.6.2 + - ruff@0.6.3 - rustfmt@1.68.2 - semgrep@1.85.0 - shellcheck@0.10.0 @@ -56,8 +56,8 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.81.9 - - trunk-toolbox@0.3.2 + - trufflehog@3.81.10 + - trunk-toolbox@0.4.0 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters From f5900dd04aeb279c6755bb97e64f0eb237f95713 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 6 Sep 2024 10:02:17 -0700 Subject: [PATCH 041/176] Upgrade trunk (#147) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - buildifier 7.1.2 → 7.3.1 - cfnlint 1.11.1 → 1.12.3 - checkov 3.2.239 → 3.2.245 - prisma 5.19.0 → 5.19.1 - pylint 3.2.6 → 3.2.7 - renovate 38.58.0 → 38.67.5 - semgrep 1.85.0 → 1.86.0 - trunk-toolbox 0.4.0 → 0.4.1 1 tool was upgraded: - gt 1.4.3 → 1.4.4 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1115fa8..07bb0d5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -16,9 +16,9 @@ lint: - bandit@1.7.9 - black@24.8.0 - buf-lint@1.31.0! - - buildifier@7.1.2 - - cfnlint@1.11.1 - - checkov@3.2.239 + - buildifier@7.3.1 + - cfnlint@1.12.3 + - checkov@3.2.245 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,13 +36,13 @@ lint: - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.19.0 - - pylint@3.2.6 - - renovate@38.58.0 + - prisma@5.19.1 + - pylint@3.2.7 + - renovate@38.67.5 - rubocop@1.39.0 - ruff@0.6.3 - rustfmt@1.68.2 - - semgrep@1.85.0 + - semgrep@1.86.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -57,7 +57,7 @@ lint: # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - trufflehog@3.81.10 - - trunk-toolbox@0.4.0 + - trunk-toolbox@0.4.1 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters @@ -90,4 +90,4 @@ actions: tools: enabled: - gh@2.55.0 - - gt@1.4.3 + - gt@1.4.4 From 014b9d839f4702f306da788be2e5ae78147d95e2 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 09:47:33 -0700 Subject: [PATCH 042/176] Upgrade trunk (#148) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - cfnlint 1.12.3 → 1.12.4 - checkov 3.2.245 → 3.2.246 - renovate 38.67.5 → 38.70.0 - ruff 0.6.3 → 0.6.4 - sql-formatter 15.4.1 → 15.4.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 07bb0d5..5d2ff41 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.12.3 - - checkov@3.2.245 + - cfnlint@1.12.4 + - checkov@3.2.246 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,15 +38,15 @@ lint: - prettier@3.3.3 - prisma@5.19.1 - pylint@3.2.7 - - renovate@38.67.5 + - renovate@38.70.0 - rubocop@1.39.0 - - ruff@0.6.3 + - ruff@0.6.4 - rustfmt@1.68.2 - semgrep@1.86.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 - - sql-formatter@15.4.1 + - sql-formatter@15.4.2 - stylelint@16.9.0: packages: - stylelint-config-standard-scss@13.1.0 From e230c7c002573486e4e1f7d88e6674b774dea47c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:09:40 -0700 Subject: [PATCH 043/176] Upgrade trunk (#149) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - checkov 3.2.246 → 3.2.252 - golangci-lint 1.60.3 → 1.61.0 - osv-scanner 1.8.4 → 1.8.5 - renovate 38.70.0 → 38.77.0 - trufflehog 3.81.10 → 3.82.1 1 tool was upgraded: - gh 2.55.0 → 2.56.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 5d2ff41..1880173 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,27 +18,27 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.12.4 - - checkov@3.2.246 + - checkov@3.2.252 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.60.3 + - golangci-lint@1.61.0 - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.41.0 - markdown-link-check@3.12.2 - mypy@1.11.2 - nancy@1.0.46 - - osv-scanner@1.8.4 + - osv-scanner@1.8.5 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - prisma@5.19.1 - pylint@3.2.7 - - renovate@38.70.0 + - renovate@38.77.0 - rubocop@1.39.0 - ruff@0.6.4 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.81.10 + - trufflehog@3.82.1 - trunk-toolbox@0.4.1 - yamllint@1.35.1 @@ -89,5 +89,5 @@ actions: tools: enabled: - - gh@2.55.0 + - gh@2.56.0 - gt@1.4.4 From bc21378269b05fddb2b8bd5718e7a59b56ba580e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 09:56:13 -0700 Subject: [PATCH 044/176] Upgrade trunk (#151) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - checkov 3.2.252 → 3.2.253 - renovate 38.77.0 → 38.77.3 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1880173..43edaa8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.12.4 - - checkov@3.2.252 + - checkov@3.2.253 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.3.3 - prisma@5.19.1 - pylint@3.2.7 - - renovate@38.77.0 + - renovate@38.77.3 - rubocop@1.39.0 - ruff@0.6.4 - rustfmt@1.68.2 From 523d81ad0027fe4deb36be1e5c04893d59e385ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 09:57:04 -0700 Subject: [PATCH 045/176] Bump github/codeql-action from 3.26.6 to 3.26.7 in the dependencies group (#150) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.6 to 3.26.7
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

... (truncated)

Commits
  • 8214744 Merge pull request #2478 from github/update-v3.26.7-4a01ec798
  • a3b3e07 Update changelog for v3.26.7
  • 4a01ec7 Merge pull request #2474 from github/aeisenberg/always-upload-eslint-sarif
  • 762dbae Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.4
  • 0d0f998 Always upload eslint.sarif
  • e817992 Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif
  • 49021ad Merge pull request #2472 from rvermeulen/rvermeulen/update-release-branch-authz
  • 56b8418 Ignore suppressed alerts
  • f824adb Merge branch 'main' into rvermeulen/update-release-branch-authz
  • 8d9ed0b Add changelog note
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.6&new-version=3.26.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e7c9646..01d10d8 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 64c7d84..1e0cf72 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From 5b1f9fb16138423a5bf55e35dd48b832e92ab56f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Sep 2024 21:53:45 -0700 Subject: [PATCH 046/176] Bump github/codeql-action from 3.26.7 to 3.26.8 in the dependencies group (#153) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.7 to 3.26.8
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

... (truncated)

Commits
  • 294a9d9 Merge pull request #2490 from github/update-v3.26.8-64431c66d
  • 00b3604 Update changelog for v3.26.8
  • 64431c6 Merge pull request #2483 from github/update-bundle/codeql-bundle-v2.19.0
  • e0e2d75 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0
  • cb28816 Merge pull request #2487 from rvermeulen/rvermeulen/uri-errors-as-warnings
  • 498c508 Rebuild JavaScript files
  • a1a585f Merge branch 'main' into rvermeulen/uri-errors-as-warnings
  • 34666c1 Merge pull request #2488 from github/henrymercer/debug-artifacts-better-logging
  • 6e24973 Improve logging for combined SARIF debug artifact
  • d0a3cf2 Improve logging for debug artifacts
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.7&new-version=3.26.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 01d10d8..f984aa8 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1e0cf72..300fc6c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From 139958af7482bce906f136373ab35d11310af4ca Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 02:43:19 -0700 Subject: [PATCH 047/176] Upgrade trunk (#152) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.12.4 → 1.14.2 - checkov 3.2.253 → 3.2.255 - renovate 38.77.3 → 38.91.0 - ruff 0.6.4 → 0.6.6 - semgrep 1.86.0 → 1.89.0 - trufflehog 3.82.1 → 3.82.2 2 tools were upgraded: - gh 2.56.0 → 2.57.0 - gt 1.4.4 → 1.4.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 43edaa8..0539a5c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.12.4 - - checkov@3.2.253 + - cfnlint@1.14.2 + - checkov@3.2.255 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,11 +38,11 @@ lint: - prettier@3.3.3 - prisma@5.19.1 - pylint@3.2.7 - - renovate@38.77.3 + - renovate@38.91.0 - rubocop@1.39.0 - - ruff@0.6.4 + - ruff@0.6.6 - rustfmt@1.68.2 - - semgrep@1.86.0 + - semgrep@1.89.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.1 + - trufflehog@3.82.2 - trunk-toolbox@0.4.1 - yamllint@1.35.1 @@ -89,5 +89,5 @@ actions: tools: enabled: - - gh@2.56.0 - - gt@1.4.4 + - gh@2.57.0 + - gt@1.4.5 From 5b8b9cea0326f77d882babbc266447368f346181 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:46:57 -0700 Subject: [PATCH 048/176] Upgrade trunk (#154) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - actionlint 1.7.1 → 1.7.2 - bandit 1.7.9 → 1.7.10 - cfnlint 1.14.2 → 1.15.1 - markdownlint 0.41.0 → 0.42.0 - prisma 5.19.1 → 5.20.0 - pylint 3.2.7 → 3.3.1 - renovate 38.91.0 → 38.96.0 - ruff 0.6.6 → 0.6.7 - semgrep 1.89.0 → 1.90.0 - trufflehog 3.82.2 → 3.82.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0539a5c..7ac7417 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,12 +12,12 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.1 - - bandit@1.7.9 + - actionlint@1.7.2 + - bandit@1.7.10 - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.14.2 + - cfnlint@1.15.1 - checkov@3.2.255 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -28,7 +28,7 @@ lint: - golangci-lint@1.61.0 - hadolint@2.12.0 - isort@5.13.2 - - markdownlint@0.41.0 + - markdownlint@0.42.0 - markdown-link-check@3.12.2 - mypy@1.11.2 - nancy@1.0.46 @@ -36,13 +36,13 @@ lint: - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.19.1 - - pylint@3.2.7 - - renovate@38.91.0 + - prisma@5.20.0 + - pylint@3.3.1 + - renovate@38.96.0 - rubocop@1.39.0 - - ruff@0.6.6 + - ruff@0.6.7 - rustfmt@1.68.2 - - semgrep@1.89.0 + - semgrep@1.90.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.2 + - trufflehog@3.82.5 - trunk-toolbox@0.4.1 - yamllint@1.35.1 From af94c722352b719fba6a12ee8a927c0e0686fa55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 29 Sep 2024 17:54:55 -0700 Subject: [PATCH 049/176] Bump github/codeql-action from 3.26.8 to 3.26.9 in the dependencies group (#155) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.8 to 3.26.9
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403

... (truncated)

Commits
  • 461ef6c Merge pull request #2503 from github/update-v3.26.9-f861efb2b
  • 00b1146 Update changelog for v3.26.9
  • f861efb Merge pull request #2498 from github/dependabot/npm_and_yarn/npm-9874b37b58
  • 426821d Merge pull request #2485 from github/dependabot/github_actions/actions-a88a8c...
  • 07e8133 Merge pull request #2501 from github/henrymercer/missing-autobuild-config-error
  • e0a151e Fix inconsistency in autobuild error tracking
  • 6b0ce4e revert eslint-plugin-import to 2.29.1
  • 07fd497 Merge branch 'main' into dependabot/github_actions/actions-a88a8c5a24
  • 2cddcb1 Merge pull request #2499 from github/aeisenberg/no-upload-sarif
  • 6225a95 Don't upload during cancelled jobs
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.8&new-version=3.26.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f984aa8..1d0b316 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 300fc6c..cc48708 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From 279b222b73500f2016a66fd0847d65125b546c4a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 02:03:21 -0700 Subject: [PATCH 050/176] Upgrade trunk (#156) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - renovate 38.96.0 → 38.98.0 - ruff 0.6.7 → 0.6.8 - trufflehog 3.82.5 → 3.82.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 7ac7417..0b3a0bc 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,9 +38,9 @@ lint: - prettier@3.3.3 - prisma@5.20.0 - pylint@3.3.1 - - renovate@38.96.0 + - renovate@38.98.0 - rubocop@1.39.0 - - ruff@0.6.7 + - ruff@0.6.8 - rustfmt@1.68.2 - semgrep@1.90.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.5 + - trufflehog@3.82.6 - trunk-toolbox@0.4.1 - yamllint@1.35.1 From 8f0a2e041e453b2fbe7f3bb41f0a13cfb5ad0b58 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:17:52 -0700 Subject: [PATCH 051/176] Upgrade trunk (#157) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - actionlint 1.7.2 → 1.7.3 - cfnlint 1.15.1 → 1.15.2 - checkov 3.2.255 → 3.2.256 - osv-scanner 1.8.5 → 1.9.0 - renovate 38.98.0 → 38.106.4 2 tools were upgraded: - gh 2.57.0 → 2.58.0 - gt 1.4.5 → 1.4.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0b3a0bc..7e0f700 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.2 + - actionlint@1.7.3 - bandit@1.7.10 - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.15.1 - - checkov@3.2.255 + - cfnlint@1.15.2 + - checkov@3.2.256 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,13 +32,13 @@ lint: - markdown-link-check@3.12.2 - mypy@1.11.2 - nancy@1.0.46 - - osv-scanner@1.8.5 + - osv-scanner@1.9.0 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - prisma@5.20.0 - pylint@3.3.1 - - renovate@38.98.0 + - renovate@38.106.4 - rubocop@1.39.0 - ruff@0.6.8 - rustfmt@1.68.2 @@ -89,5 +89,5 @@ actions: tools: enabled: - - gh@2.57.0 - - gt@1.4.5 + - gh@2.58.0 + - gt@1.4.6 From 95d3837beea324dc31ba5d6f72ff0feba9641fb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 6 Oct 2024 17:31:57 -0700 Subject: [PATCH 052/176] Bump the dependencies group with 2 updates (#158) Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.26.9 to 3.26.11
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

    This change is currently unavailable for GitHub Enterprise Server customers, as actions/upload-artifact@v4 and actions/download-artifact@v4 are not yet compatible with GHES.

  • Update default CodeQL bundle version to 2.19.1. #2519

3.26.10 - 30 Sep 2024

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436

... (truncated)

Commits
  • 6db8d63 Merge pull request #2522 from github/update-v3.26.11-8aba5f2c4
  • 389647f Update changelog for v3.26.11
  • 8aba5f2 Merge pull request #2516 from github/aeisenberg/dependabot-exclude
  • ecac2c6 Exclupde eslint-plugin-import updates from dependabot
  • e85017e Merge pull request #2514 from github/henrymercer/zstd-better-failure-logging
  • a60db1d Add notice for dependency upgrade timeline (#2513)
  • 28db28f Improve clean up if extraction fails
  • 3da852e Capture stderr from extracting .tar.zst
  • c4d433c Merge pull request #2510 from github/dependabot/npm_and_yarn/npm-13baf58ce8
  • 2f6cf48 Undo eslint-plugin-import bump
  • Additional commits viewable in compare view

Updates `trunk-io/trunk-action` from 1.1.16 to 1.1.17
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.17

What's Changed

  • Add option to disable LFS checkout (#260)

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.1.16...v1.1.17

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 1d0b316..89c4425 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cc48708..ec5ff7c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index 1eef06b..a338bb6 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@86b68ffae610a05105e90b1f52ad8c549ef482c2 + uses: trunk-io/trunk-action/upgrade@12da16fcdd5cad1903d0082e591e09df7b67c7f0 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From b5ae003a5c7222c328a3f380a03657cd5e8d387c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 01:20:49 -0700 Subject: [PATCH 053/176] Upgrade trunk (#159) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - cfnlint 1.15.2 → 1.16.0 - renovate 38.106.4 → 38.109.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 7e0f700..566dc9d 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.8.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.15.2 + - cfnlint@1.16.0 - checkov@3.2.256 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,7 +38,7 @@ lint: - prettier@3.3.3 - prisma@5.20.0 - pylint@3.3.1 - - renovate@38.106.4 + - renovate@38.109.0 - rubocop@1.39.0 - ruff@0.6.8 - rustfmt@1.68.2 From f9407794893f8f73f0d714ebd23bfc3b0a94a49a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 01:35:40 -0700 Subject: [PATCH 054/176] Upgrade trunk (#160) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - black 24.8.0 → 24.10.0 - checkov 3.2.256 → 3.2.257 - renovate 38.109.0 → 38.115.1 - ruff 0.6.8 → 0.6.9 - sql-formatter 15.4.2 → 15.4.3 - trufflehog 3.82.6 → 3.82.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 566dc9d..eae41da 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -14,11 +14,11 @@ lint: enabled: - actionlint@1.7.3 - bandit@1.7.10 - - black@24.8.0 + - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.16.0 - - checkov@3.2.256 + - checkov@3.2.257 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,15 +38,15 @@ lint: - prettier@3.3.3 - prisma@5.20.0 - pylint@3.3.1 - - renovate@38.109.0 + - renovate@38.115.1 - rubocop@1.39.0 - - ruff@0.6.8 + - ruff@0.6.9 - rustfmt@1.68.2 - semgrep@1.90.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 - - sql-formatter@15.4.2 + - sql-formatter@15.4.3 - stylelint@16.9.0: packages: - stylelint-config-standard-scss@13.1.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.6 + - trufflehog@3.82.7 - trunk-toolbox@0.4.1 - yamllint@1.35.1 From 9861fb24f50bd0e7a4bfa63942194f0668c9db1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 13 Oct 2024 16:00:26 -0700 Subject: [PATCH 055/176] Bump the dependencies group with 2 updates (#161) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.26.11 to 3.26.12
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

    This change is currently unavailable for GitHub Enterprise Server customers, as actions/upload-artifact@v4 and actions/download-artifact@v4 are not yet compatible with GHES.

  • Update default CodeQL bundle version to 2.19.1. #2519

3.26.10 - 30 Sep 2024

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

... (truncated)

Commits
  • c36620d Merge pull request #2529 from github/update-v3.26.12-c9a70ff45
  • 570aecb Update changelog for v3.26.12
  • c9a70ff Merge pull request #2526 from github/henrymercer/check-zstd-on-path
  • d65a176 Rebuild
  • bf2e624 Update src/tar.ts
  • 56d1975 Merge pull request #2489 from github/redsun82/rust
  • 7cf65a5 Merge pull request #2518 from github/dependabot/npm_and_yarn/npm-88156698cd
  • 8a56dd2 Update to @​actions/core 1.11.1
  • 1532671 Update default bundle to 2.19.1 (#2519)
  • 64871a8 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3

v4.4.2

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2

v4.4.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1

Commits
  • b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
  • 92b01eb Undo indirect dependency updates from #627
  • 8448086 Merge pull request #627 from actions/robherley/v4.4.2
  • b1d4642 add explicit relative and absolute symlinks to workflow
  • d50e660 bump version
  • aabe6f8 build with @​actions/artifact v2.1.11
  • 604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
  • 0150148 paste right core version
  • a009b25 update licenses
  • 9f6f6f4 update @​actions/core and @​actions/artifact to latest versions
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 89c4425..607f2ea 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ec5ff7c..cb80474 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif From ceb0c8e38804a293d33c6e8f7aae3a9227ddae7a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 16:33:21 -0700 Subject: [PATCH 056/176] Upgrade trunk (#162) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - cfnlint 1.16.0 → 1.16.1 - renovate 38.115.1 → 38.117.1 - semgrep 1.90.0 → 1.91.0 - trufflehog 3.82.7 → 3.82.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index eae41da..a9157d0 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.16.0 + - cfnlint@1.16.1 - checkov@3.2.257 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,11 +38,11 @@ lint: - prettier@3.3.3 - prisma@5.20.0 - pylint@3.3.1 - - renovate@38.115.1 + - renovate@38.117.1 - rubocop@1.39.0 - ruff@0.6.9 - rustfmt@1.68.2 - - semgrep@1.90.0 + - semgrep@1.91.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.7 + - trufflehog@3.82.8 - trunk-toolbox@0.4.1 - yamllint@1.35.1 From 88727471feaa45612c45360d99201796cede751e Mon Sep 17 00:00:00 2001 From: Tyler Jang Date: Thu, 17 Oct 2024 09:57:48 -0700 Subject: [PATCH 057/176] (Feat): Add tool trunk-analytics-cli (#164) Keeping this in this repo rather than plugins since it should be specific to us for debugging. After this releases, upgrading in the monorepo will let everyone have `trunk-analytics-cli` in their PATH --- plugin.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/plugin.yaml b/plugin.yaml index a9157d0..1f0ed73 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -87,7 +87,26 @@ actions: - trunk-check-pre-push - trunk-fmt-pre-commit +downloads: + - name: trunk-analytics-cli + downloads: + - os: + linux: unknown-linux + macos: apple-darwin + cpu: + x86_64: x86_64 + arm_64: aarch64 + url: https://github.com/trunk-io/analytics-cli/releases/download/${version}/trunk-analytics-cli-${cpu}-${os}.tar.gz tools: + definitions: + - name: trunk-analytics-cli + download: trunk-analytics-cli + known_good_version: 0.5.32 + shims: [trunk-analytics-cli] + health_checks: + - command: trunk-analytics-cli --version + parse_regex: trunk-analytics-cli ${semver} enabled: - gh@2.58.0 - gt@1.4.6 + - trunk-analytics-cli@0.5.32 From e692315f403aa019edf285d808faed93f75d90f4 Mon Sep 17 00:00:00 2001 From: Tyler Jang Date: Thu, 17 Oct 2024 10:31:28 -0700 Subject: [PATCH 058/176] (Chore): Enable grpcui tool (#163) Enabled by default for easy use. When this is released and monorepo is upgraded, it will auto-have this enabled --- .trunk/trunk.yaml | 4 ++-- plugin.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 765b52d..90ec77f 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,11 +1,11 @@ version: 0.1 cli: - version: 1.22.2 + version: 1.22.6 plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.6.2 + ref: v1.6.4 - id: configs local: . diff --git a/plugin.yaml b/plugin.yaml index 1f0ed73..da96d39 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -108,5 +108,6 @@ tools: parse_regex: trunk-analytics-cli ${semver} enabled: - gh@2.58.0 + - grpcui@1.4.1 - gt@1.4.6 - trunk-analytics-cli@0.5.32 From 31d82c35ae2022a92f1d7b9c52c4dd27d305a4f8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 10:01:48 -0700 Subject: [PATCH 059/176] Upgrade trunk (#165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - checkov 3.2.257 → 3.2.267 - mypy 1.11.2 → 1.12.0 - prisma 5.20.0 → 5.21.0 - renovate 38.117.1 → 38.124.3 - stylelint 16.9.0 → 16.10.0 - trufflehog 3.82.8 → 3.82.9 1 tool was upgraded: - gh 2.58.0 → 2.59.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index da96d39..2be902f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.16.1 - - checkov@3.2.257 + - checkov@3.2.267 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,15 +30,15 @@ lint: - isort@5.13.2 - markdownlint@0.42.0 - markdown-link-check@3.12.2 - - mypy@1.11.2 + - mypy@1.12.0 - nancy@1.0.46 - osv-scanner@1.9.0 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.20.0 + - prisma@5.21.0 - pylint@3.3.1 - - renovate@38.117.1 + - renovate@38.124.3 - rubocop@1.39.0 - ruff@0.6.9 - rustfmt@1.68.2 @@ -47,7 +47,7 @@ lint: - shfmt@3.6.0 - sort-package-json@2.10.1 - sql-formatter@15.4.3 - - stylelint@16.9.0: + - stylelint@16.10.0: packages: - stylelint-config-standard-scss@13.1.0 - stylelint-config-clean-order@6.1.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.8 + - trufflehog@3.82.9 - trunk-toolbox@0.4.1 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.58.0 + - gh@2.59.0 - grpcui@1.4.1 - gt@1.4.6 - trunk-analytics-cli@0.5.32 From 965801cfe54532fab28c0acf1f8df8f4702805b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:02:09 -0700 Subject: [PATCH 060/176] Bump github/codeql-action from 3.26.12 to 3.26.13 in the dependencies group (#166) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.12 to 3.26.13
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

    This change is currently unavailable for GitHub Enterprise Server customers, as actions/upload-artifact@v4 and actions/download-artifact@v4 are not yet compatible with GHES.

  • Update default CodeQL bundle version to 2.19.1. #2519

3.26.10 - 30 Sep 2024

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

  • Update default CodeQL bundle version to 2.18.4. #2471

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

... (truncated)

Commits
  • f779452 Merge pull request #2539 from github/update-v3.26.13-0c3e00641
  • 5329324 Update CHANGELOG.md
  • 007ba25 Update changelog for v3.26.13
  • 0c3e006 Merge pull request #2536 from yoff/python/ff-std-lib-extraction
  • 38469af Merge pull request #2537 from github/henrymercer/no-zstd-windows
  • 5b6984e Assert that Windows downloads gzip
  • eefb943 Don't use Zstandard bundles on Windows
  • 201e02e rebuild the action
  • ce5f900 formatting
  • 65dd816 remove unused import
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.12&new-version=3.26.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 607f2ea..b40a196 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cb80474..f3fa2cb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif From 379bad1367a76ee91ba1e151f9a652451c16b652 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:03:57 -0700 Subject: [PATCH 061/176] Upgrade trunk (#167) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.16.1 → 1.17.1 - prisma 5.21.0 → 5.21.1 - renovate 38.124.3 → 38.127.0 - ruff 0.6.9 → 0.7.0 - semgrep 1.91.0 → 1.92.0 - trufflehog 3.82.9 → 3.82.11 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 2be902f..69007f8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.16.1 + - cfnlint@1.17.1 - checkov@3.2.267 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -36,13 +36,13 @@ lint: - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.21.0 + - prisma@5.21.1 - pylint@3.3.1 - - renovate@38.124.3 + - renovate@38.127.0 - rubocop@1.39.0 - - ruff@0.6.9 + - ruff@0.7.0 - rustfmt@1.68.2 - - semgrep@1.91.0 + - semgrep@1.92.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.9 + - trufflehog@3.82.11 - trunk-toolbox@0.4.1 - yamllint@1.35.1 From 57b3bac955d4c94319e5775b4c14aaa52607c7f8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:01:32 -0700 Subject: [PATCH 062/176] Upgrade trunk (#168) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.17.1 → 1.18.1 - checkov 3.2.267 → 3.2.269 - mypy 1.12.0 → 1.12.1 - renovate 38.127.0 → 38.130.2 - semgrep 1.92.0 → 1.93.0 - sql-formatter 15.4.3 → 15.4.5 - trufflehog 3.82.11 → 3.82.12 1 tool was upgraded: - gh 2.59.0 → 2.60.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 69007f8..57124cc 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.17.1 - - checkov@3.2.267 + - cfnlint@1.18.1 + - checkov@3.2.269 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,7 +30,7 @@ lint: - isort@5.13.2 - markdownlint@0.42.0 - markdown-link-check@3.12.2 - - mypy@1.12.0 + - mypy@1.12.1 - nancy@1.0.46 - osv-scanner@1.9.0 - oxipng@9.1.2 @@ -38,15 +38,15 @@ lint: - prettier@3.3.3 - prisma@5.21.1 - pylint@3.3.1 - - renovate@38.127.0 + - renovate@38.130.2 - rubocop@1.39.0 - ruff@0.7.0 - rustfmt@1.68.2 - - semgrep@1.92.0 + - semgrep@1.93.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 - - sql-formatter@15.4.3 + - sql-formatter@15.4.5 - stylelint@16.10.0: packages: - stylelint-config-standard-scss@13.1.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.11 + - trufflehog@3.82.12 - trunk-toolbox@0.4.1 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.59.0 + - gh@2.60.0 - grpcui@1.4.1 - gt@1.4.6 - trunk-analytics-cli@0.5.32 From 192404b8621aecfe16a2076ee4b9aa47f78366f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Oct 2024 21:48:33 -0700 Subject: [PATCH 063/176] Bump the dependencies group with 2 updates (#169) Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.26.13 to 3.27.0
Release notes

Sourced from github/codeql-action's releases.

v3.27.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

    This change is currently unavailable for GitHub Enterprise Server customers, as actions/upload-artifact@v4 and actions/download-artifact@v4 are not yet compatible with GHES.

  • Update default CodeQL bundle version to 2.19.1. #2519

3.26.10 - 30 Sep 2024

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

  • Update default CodeQL bundle version to 2.19.0. #2483

3.26.7 - 13 Sep 2024

... (truncated)

Commits
  • 6624720 Merge pull request #2561 from github/update-v3.27.0-b35b023d9
  • ce7c2b5 Update changelog for v3.27.0
  • b35b023 Merge pull request #2552 from github/update-bundle/codeql-bundle-v2.19.2
  • dafc762 Merge pull request #2560 from github/aeisenberg/fix-required-checks
  • 0d1eb88 Remove ESLint from required checks
  • 0a30541 Merge pull request #2558 from github/dependabot/npm_and_yarn/npm-6515e6e328
  • 2a6a6ad Update checked-in dependencies
  • 26c18c2 Bump the npm group with 3 updates
  • 7080a68 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.2
  • 63eb7bb Merge pull request #2551 from github/cklin/diff-informed-queries-feature
  • Additional commits viewable in compare view

Updates `trunk-io/trunk-action` from 1.1.17 to 1.1.18
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.18

What's Changed

  • Updated several github action dependencies (#183, #209, #231, #261)
  • Stops suppressing trunk launcher output (#249)
  • Added labels input for adding labels to the created PR (#254)

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.1.17...v1.1.18

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index b40a196..4a5cba6 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f3fa2cb..149218c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index a338bb6..caa82f4 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@12da16fcdd5cad1903d0082e591e09df7b67c7f0 + uses: trunk-io/trunk-action/upgrade@2eaee169140ec559bd556208f9f99cdfdf468da8 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From e0bbe5da2dd7475e6feb03ade355dd38d20a3105 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 11:23:21 -0700 Subject: [PATCH 064/176] Upgrade trunk (#170) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - mypy 1.12.1 → 1.13.0 - renovate 38.130.2 → 38.130.4 - ruff 0.7.0 → 0.7.1 - trufflehog 3.82.12 → 3.82.13 2 tools were upgraded: - gh 2.60.0 → 2.60.1 - trunk-analytics-cli 0.5.32 → 0.5.34 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 57124cc..4ee8d10 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -30,7 +30,7 @@ lint: - isort@5.13.2 - markdownlint@0.42.0 - markdown-link-check@3.12.2 - - mypy@1.12.1 + - mypy@1.13.0 - nancy@1.0.46 - osv-scanner@1.9.0 - oxipng@9.1.2 @@ -38,9 +38,9 @@ lint: - prettier@3.3.3 - prisma@5.21.1 - pylint@3.3.1 - - renovate@38.130.2 + - renovate@38.130.4 - rubocop@1.39.0 - - ruff@0.7.0 + - ruff@0.7.1 - rustfmt@1.68.2 - semgrep@1.93.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.12 + - trufflehog@3.82.13 - trunk-toolbox@0.4.1 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.60.0 + - gh@2.60.1 - grpcui@1.4.1 - gt@1.4.6 - - trunk-analytics-cli@0.5.32 + - trunk-analytics-cli@0.5.34 From b72e48d7b454b926c8a612dd6be6fe24189fceec Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 09:27:36 -0700 Subject: [PATCH 065/176] Upgrade trunk (#171) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.18.1 → 1.18.3 - checkov 3.2.269 → 3.2.276 - osv-scanner 1.9.0 → 1.9.1 - renovate 38.130.4 → 38.135.2 - semgrep 1.93.0 → 1.94.0 - trufflehog 3.82.13 → 3.83.1 - trunk-toolbox 0.4.1 → 0.5.0 1 tool was upgraded: - trunk-analytics-cli 0.5.34 → 0.5.36 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4ee8d10..6d47a81 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.18.1 - - checkov@3.2.269 + - cfnlint@1.18.3 + - checkov@3.2.276 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,17 +32,17 @@ lint: - markdown-link-check@3.12.2 - mypy@1.13.0 - nancy@1.0.46 - - osv-scanner@1.9.0 + - osv-scanner@1.9.1 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - prisma@5.21.1 - pylint@3.3.1 - - renovate@38.130.4 + - renovate@38.135.2 - rubocop@1.39.0 - ruff@0.7.1 - rustfmt@1.68.2 - - semgrep@1.93.0 + - semgrep@1.94.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,8 +56,8 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.82.13 - - trunk-toolbox@0.4.1 + - trufflehog@3.83.1 + - trunk-toolbox@0.5.0 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters @@ -110,4 +110,4 @@ tools: - gh@2.60.1 - grpcui@1.4.1 - gt@1.4.6 - - trunk-analytics-cli@0.5.34 + - trunk-analytics-cli@0.5.36 From 4020db5af9f764a36641d6f513450e1c8f4d2004 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 09:45:33 -0800 Subject: [PATCH 066/176] Upgrade trunk (#172) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - renovate 38.135.2 → 38.142.0 - semgrep 1.94.0 → 1.95.0 - trufflehog 3.83.1 → 3.83.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6d47a81..62b3bbe 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,11 +38,11 @@ lint: - prettier@3.3.3 - prisma@5.21.1 - pylint@3.3.1 - - renovate@38.135.2 + - renovate@38.142.0 - rubocop@1.39.0 - ruff@0.7.1 - rustfmt@1.68.2 - - semgrep@1.94.0 + - semgrep@1.95.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.1 + - trufflehog@3.83.2 - trunk-toolbox@0.5.0 - yamllint@1.35.1 From c4ee59c08605beecab4d747014cf74be05818329 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 10:52:07 -0800 Subject: [PATCH 067/176] Upgrade trunk (#173) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - actionlint 1.7.3 → 1.7.4 - cfnlint 1.18.3 → 1.18.4 - checkov 3.2.276 → 3.2.281 - markdown-link-check 3.12.2 → 3.13.6 - prisma 5.21.1 → 5.22.0 - renovate 38.142.0 → 39.7.1 - ruff 0.7.1 → 0.7.2 - trufflehog 3.83.2 → 3.83.4 3 tools were upgraded: - gh 2.60.1 → 2.61.0 - gt 1.4.6 → 1.4.8 - trunk-analytics-cli 0.5.36 → 0.5.38 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 62b3bbe..29d13ea 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.3 + - actionlint@1.7.4 - bandit@1.7.10 - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.18.3 - - checkov@3.2.276 + - cfnlint@1.18.4 + - checkov@3.2.281 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -29,18 +29,18 @@ lint: - hadolint@2.12.0 - isort@5.13.2 - markdownlint@0.42.0 - - markdown-link-check@3.12.2 + - markdown-link-check@3.13.6 - mypy@1.13.0 - nancy@1.0.46 - osv-scanner@1.9.1 - oxipng@9.1.2 - pragma-once - prettier@3.3.3 - - prisma@5.21.1 + - prisma@5.22.0 - pylint@3.3.1 - - renovate@38.142.0 + - renovate@39.7.1 - rubocop@1.39.0 - - ruff@0.7.1 + - ruff@0.7.2 - rustfmt@1.68.2 - semgrep@1.95.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.2 + - trufflehog@3.83.4 - trunk-toolbox@0.5.0 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.60.1 + - gh@2.61.0 - grpcui@1.4.1 - - gt@1.4.6 - - trunk-analytics-cli@0.5.36 + - gt@1.4.8 + - trunk-analytics-cli@0.5.38 From bcbf8868c452ee281b2d840c9f07417d8575c162 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 14:40:54 -0800 Subject: [PATCH 068/176] Bump the dependencies group with 2 updates (#174) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.27.0 to 3.27.1
Release notes

Sourced from github/codeql-action's releases.

v3.27.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

    This change is currently unavailable for GitHub Enterprise Server customers, as actions/upload-artifact@v4 and actions/download-artifact@v4 are not yet compatible with GHES.

  • Update default CodeQL bundle version to 2.19.1. #2519

3.26.10 - 30 Sep 2024

  • We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with Zstandard. Our aim is to improve the performance of setting up CodeQL. #2502

3.26.9 - 24 Sep 2024

No user facing changes.

... (truncated)

Commits
  • 4f3212b Merge pull request #2585 from github/update-v3.27.1-3ef4c0845
  • 63b548d Update changelog for v3.27.1
  • 3ef4c08 Merge pull request #2576 from github/update-bundle/codeql-bundle-v2.19.3
  • 4e033f0 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.3
  • 5ac2ddd Merge pull request #2580 from jsoref/minor-cleanup
  • 3b7b85f Conditionally clear runner cache
  • 688ea53 Fix publish-immutable-action version
  • 1e6d67b Give expected-queries-runs permissions
  • d5e7384 Strip trailing whitespace generated by ruamel-yaml
  • 756aa64 spelling: macos
  • Additional commits viewable in compare view

Updates `trunk-io/trunk-action` from 1.1.18 to 1.1.19
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.19

What's Changed

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1...v1.1.19

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 4a5cba6..25b0b17 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 149218c..214b67a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index caa82f4..48a4219 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@2eaee169140ec559bd556208f9f99cdfdf468da8 + uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From 1fd65a23a2255e8e19b56178f438e4f42292a601 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 14:42:03 -0800 Subject: [PATCH 069/176] Upgrade trunk (#175) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - checkov 3.2.281 → 3.2.282 - renovate 39.7.1 → 39.7.5 - semgrep 1.95.0 → 1.96.0 - trufflehog 3.83.4 → 3.83.5 1 tool was upgraded: - trunk-analytics-cli 0.5.38 → 0.5.39 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 29d13ea..59ab014 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.18.4 - - checkov@3.2.281 + - checkov@3.2.282 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,11 +38,11 @@ lint: - prettier@3.3.3 - prisma@5.22.0 - pylint@3.3.1 - - renovate@39.7.1 + - renovate@39.7.5 - rubocop@1.39.0 - ruff@0.7.2 - rustfmt@1.68.2 - - semgrep@1.95.0 + - semgrep@1.96.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.4 + - trufflehog@3.83.5 - trunk-toolbox@0.5.0 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.61.0 - grpcui@1.4.1 - gt@1.4.8 - - trunk-analytics-cli@0.5.38 + - trunk-analytics-cli@0.5.39 From 1aed928619d3bc4327b05c8cec84f61f5290c1bf Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:14:19 -0800 Subject: [PATCH 070/176] Upgrade trunk (#176) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.18.4 → 1.19.0 - checkov 3.2.282 → 3.2.293 - golangci-lint 1.61.0 → 1.62.0 - hadolint 2.12.0 → 2.12.1-beta - renovate 39.7.5 → 39.15.0 - ruff 0.7.2 → 0.7.3 - sql-formatter 15.4.5 → 15.4.6 - trufflehog 3.83.5 → 3.83.6 - trunk-toolbox 0.5.0 → 0.5.3 2 tools were upgraded: - gh 2.61.0 → 2.62.0 - trunk-analytics-cli 0.5.39 → 0.5.40 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 59ab014..eb9e16c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,16 +17,16 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.18.4 - - checkov@3.2.282 + - cfnlint@1.19.0 + - checkov@3.2.293 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.61.0 - - hadolint@2.12.0 + - golangci-lint@1.62.0 + - hadolint@2.12.1-beta - isort@5.13.2 - markdownlint@0.42.0 - markdown-link-check@3.13.6 @@ -38,15 +38,15 @@ lint: - prettier@3.3.3 - prisma@5.22.0 - pylint@3.3.1 - - renovate@39.7.5 + - renovate@39.15.0 - rubocop@1.39.0 - - ruff@0.7.2 + - ruff@0.7.3 - rustfmt@1.68.2 - semgrep@1.96.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.10.1 - - sql-formatter@15.4.5 + - sql-formatter@15.4.6 - stylelint@16.10.0: packages: - stylelint-config-standard-scss@13.1.0 @@ -56,8 +56,8 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.5 - - trunk-toolbox@0.5.0 + - trufflehog@3.83.6 + - trunk-toolbox@0.5.3 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.61.0 + - gh@2.62.0 - grpcui@1.4.1 - gt@1.4.8 - - trunk-analytics-cli@0.5.39 + - trunk-analytics-cli@0.5.40 From 6dc77d107a2041097fa3ba269d27bf1afd6bbc29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 22:08:05 -0800 Subject: [PATCH 071/176] Bump github/codeql-action from 3.27.1 to 3.27.4 in the dependencies group (#177) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.1 to 3.27.4
Release notes

Sourced from github/codeql-action's releases.

v3.27.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

  • Upcoming breaking change: Add support for using actions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

    Starting November 30, 2024, GitHub.com customers will no longer be able to use actions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the CODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable to true and bump actions/download-artifact@v3 to actions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to actions/download-artifact@v3 to actions/download-artifact@v4 will begin failing then.

... (truncated)

Commits
  • ea9e4e3 Merge pull request #2605 from github/update-v3.27.4-3ab67a219
  • 845ea92 Update changelog for v3.27.4
  • 3ab67a2 Merge pull request #2597 from github/mbg/caching/output-improvements
  • 6e3a010 Merge pull request #2583 from jsoref/use-artifact-4
  • 1c83cd1 Upgrade actions/upload-artifact to v4
  • 024283f Merge pull request #2602 from github/mergeback/v3.27.3-to-main-396bb3e4
  • 613fe96 Update checked-in dependencies
  • e35d4aa Update changelog and version after v3.27.3
  • 396bb3e Merge pull request #2601 from github/update-v3.27.3-f04790367
  • 2b13194 Update changelog for v3.27.3
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.27.1&new-version=3.27.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 25b0b17..6b17435 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 214b67a..b21157c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 9106475449908934b4656e79af42a06670ad6116 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 00:36:35 -0800 Subject: [PATCH 072/176] Upgrade trunk (#178) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - checkov 3.2.293 → 3.2.296 - renovate 39.15.0 → 39.16.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index eb9e16c..37d3c88 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.19.0 - - checkov@3.2.293 + - checkov@3.2.296 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.3.3 - prisma@5.22.0 - pylint@3.3.1 - - renovate@39.15.0 + - renovate@39.16.0 - rubocop@1.39.0 - ruff@0.7.3 - rustfmt@1.68.2 From 10363ad77b768c543010426fb81360818e679fec Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:20:02 -0800 Subject: [PATCH 073/176] Upgrade trunk (#179) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 1 linter was upgraded: - trufflehog 3.83.6 → 3.83.7 1 tool was upgraded: - trunk-analytics-cli 0.5.40 → 0.6.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 37d3c88..31ac5eb 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.6 + - trufflehog@3.83.7 - trunk-toolbox@0.5.3 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.62.0 - grpcui@1.4.1 - gt@1.4.8 - - trunk-analytics-cli@0.5.40 + - trunk-analytics-cli@0.6.2 From 2e8ceae67b596bd78b9ca5678d1a612f61a1d24f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:51:22 -0800 Subject: [PATCH 074/176] Bump github/codeql-action from 3.27.4 to 3.27.5 in the dependencies group (#180) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.4 to 3.27.5
Release notes

Sourced from github/codeql-action's releases.

v3.27.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.5 - 19 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

... (truncated)

Commits
  • f09c1c0 Merge pull request #2616 from github/update-v3.27.5-a6c8729a5
  • 67b73ea Update changelog for v3.27.5
  • a6c8729 Merge pull request #2614 from github/marcogario/per-platform-proxy
  • 8f3b487 Start-proxy: Fetch OS specific binary
  • cba5fb5 Merge pull request #2613 from github/dependabot/npm_and_yarn/npm_and_yarn-018...
  • e782c3a Merge pull request #2612 from github/angelapwen/report-linux-runner-release
  • db67881 Update checked-in dependencies
  • ecde4d2 Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group
  • e3c67a0 Merge pull request #2610 from github/dependabot/npm_and_yarn/npm-d2ca52e617
  • f9ada54 Telemetry: report OS release for GitHub-hosted Linux runners
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.27.4&new-version=3.27.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 6b17435..d74aede 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b21157c..db2718c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif From f7b49d3184ba4d16f3174d8fc35f116759b4422d Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 18:16:32 -0800 Subject: [PATCH 075/176] Upgrade trunk (#181) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 12 linters were upgraded: - bandit 1.7.10 → 1.8.0 - cfnlint 1.19.0 → 1.20.1 - checkov 3.2.296 → 3.2.321 - golangci-lint 1.62.0 → 1.62.2 - markdownlint 0.42.0 → 0.43.0 - prettier 3.3.3 → 3.4.1 - renovate 39.16.0 → 39.32.0 - ruff 0.7.3 → 0.8.0 - semgrep 1.96.0 → 1.97.0 - sort-package-json 2.10.1 → 2.12.0 - trufflehog 3.83.7 → 3.84.1 - trunk-toolbox 0.5.3 → 0.5.4 1 tool was upgraded: - gh 2.62.0 → 2.63.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 31ac5eb..92bcca5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,39 +13,39 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.4 - - bandit@1.7.10 + - bandit@1.8.0 - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.19.0 - - checkov@3.2.296 + - cfnlint@1.20.1 + - checkov@3.2.321 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.62.0 + - golangci-lint@1.62.2 - hadolint@2.12.1-beta - isort@5.13.2 - - markdownlint@0.42.0 + - markdownlint@0.43.0 - markdown-link-check@3.13.6 - mypy@1.13.0 - nancy@1.0.46 - osv-scanner@1.9.1 - oxipng@9.1.2 - pragma-once - - prettier@3.3.3 + - prettier@3.4.1 - prisma@5.22.0 - pylint@3.3.1 - - renovate@39.16.0 + - renovate@39.32.0 - rubocop@1.39.0 - - ruff@0.7.3 + - ruff@0.8.0 - rustfmt@1.68.2 - - semgrep@1.96.0 + - semgrep@1.97.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@2.10.1 + - sort-package-json@2.12.0 - sql-formatter@15.4.6 - stylelint@16.10.0: packages: @@ -56,8 +56,8 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.83.7 - - trunk-toolbox@0.5.3 + - trufflehog@3.84.1 + - trunk-toolbox@0.5.4 - yamllint@1.35.1 # Sourcing repos will have these configs available to applicable linters @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.62.0 + - gh@2.63.0 - grpcui@1.4.1 - gt@1.4.8 - trunk-analytics-cli@0.6.2 From 7d9043bd864d5303e964aaede09a6da4b96499e2 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 00:37:31 -0800 Subject: [PATCH 076/176] Upgrade trunk (#182) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - checkov 3.2.321 → 3.2.322 - renovate 39.32.0 → 39.38.0 - ruff 0.8.0 → 0.8.1 - stylelint 16.10.0 → 16.11.0 - stylelint-config-standard-scss 13.1.0 → 14.0.0 1 tool was upgraded: - grpcui 1.4.1 → 1.4.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 92bcca5..b415f7f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.20.1 - - checkov@3.2.321 + - checkov@3.2.322 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,18 +38,18 @@ lint: - prettier@3.4.1 - prisma@5.22.0 - pylint@3.3.1 - - renovate@39.32.0 + - renovate@39.38.0 - rubocop@1.39.0 - - ruff@0.8.0 + - ruff@0.8.1 - rustfmt@1.68.2 - semgrep@1.97.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 - sql-formatter@15.4.6 - - stylelint@16.10.0: + - stylelint@16.11.0: packages: - - stylelint-config-standard-scss@13.1.0 + - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@6.1.0 - svgo@3.3.2 - taplo@0.9.3 @@ -108,6 +108,6 @@ tools: parse_regex: trunk-analytics-cli ${semver} enabled: - gh@2.63.0 - - grpcui@1.4.1 + - grpcui@1.4.2 - gt@1.4.8 - trunk-analytics-cli@0.6.2 From f66e5cbdca42cb323e704a0c50458ebea57c4d10 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 00:17:49 -0800 Subject: [PATCH 077/176] Upgrade trunk (#183) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.20.1 → 1.20.2 - checkov 3.2.322 → 3.2.330 - oxipng 9.1.2 → 9.1.3 - prettier 3.4.1 → 3.4.2 - pylint 3.3.1 → 3.3.2 - renovate 39.38.0 → 39.49.3 - trufflehog 3.84.1 → 3.84.2 2 tools were upgraded: - gh 2.63.0 → 2.63.2 - trunk-analytics-cli 0.6.2 → 0.6.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b415f7f..329de9a 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.20.1 - - checkov@3.2.322 + - cfnlint@1.20.2 + - checkov@3.2.330 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -33,12 +33,12 @@ lint: - mypy@1.13.0 - nancy@1.0.46 - osv-scanner@1.9.1 - - oxipng@9.1.2 + - oxipng@9.1.3 - pragma-once - - prettier@3.4.1 + - prettier@3.4.2 - prisma@5.22.0 - - pylint@3.3.1 - - renovate@39.38.0 + - pylint@3.3.2 + - renovate@39.49.3 - rubocop@1.39.0 - ruff@0.8.1 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.84.1 + - trufflehog@3.84.2 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.63.0 + - gh@2.63.2 - grpcui@1.4.2 - gt@1.4.8 - - trunk-analytics-cli@0.6.2 + - trunk-analytics-cli@0.6.5 From a792015923e4f5d9b2df1f728ac519cafaf685ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 8 Dec 2024 22:04:23 -0800 Subject: [PATCH 078/176] Bump github/codeql-action from 3.27.5 to 3.27.6 in the dependencies group (#184) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.5 to 3.27.6
Release notes

Sourced from github/codeql-action's releases.

v3.27.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

  • Bump the minimum CodeQL bundle version to 2.14.6. #2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
  • Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

    • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

... (truncated)

Commits
  • aa57810 Merge pull request #2628 from github/update-v3.27.6-af49565b8
  • 34e77b7 Update changelog for v3.27.6
  • af49565 Merge pull request #2620 from github/cklin/DiffThunkRange-fix
  • 5659f01 Merge pull request #2626 from github/update-bundle/codeql-bundle-v2.19.4
  • 5333ff3 Add changelog note
  • e4fb28d Update default bundle to codeql-bundle-v2.19.4
  • 3d3d628 Merge pull request #2617 from github/update-supported-enterprise-server-versions
  • 2eea97e Fix DiffThunkRange access
  • f8e782a Merge pull request #2618 from github/mergeback/v3.27.5-to-main-f09c1c0a
  • 49b7c97 Update checked-in dependencies
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.27.5&new-version=3.27.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d74aede..fe89808 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index db2718c..d475c3c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif From feb6e4785452c33b8d6e32412b735b9608eb2fb8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 01:14:32 -0800 Subject: [PATCH 079/176] Upgrade trunk (#185) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.20.2 → 1.22.0 - checkov 3.2.330 → 3.2.334 - prisma 5.22.0 → 6.0.1 - renovate 39.49.3 → 39.62.6 - ruff 0.8.1 → 0.8.2 - semgrep 1.97.0 → 1.99.0 - trufflehog 3.84.2 → 3.86.1 1 tool was upgraded: - trunk-analytics-cli 0.6.5 → 0.6.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 329de9a..9952a49 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.20.2 - - checkov@3.2.330 + - cfnlint@1.22.0 + - checkov@3.2.334 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,13 +36,13 @@ lint: - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - - prisma@5.22.0 + - prisma@6.0.1 - pylint@3.3.2 - - renovate@39.49.3 + - renovate@39.62.6 - rubocop@1.39.0 - - ruff@0.8.1 + - ruff@0.8.2 - rustfmt@1.68.2 - - semgrep@1.97.0 + - semgrep@1.99.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.84.2 + - trufflehog@3.86.1 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.63.2 - grpcui@1.4.2 - gt@1.4.8 - - trunk-analytics-cli@0.6.5 + - trunk-analytics-cli@0.6.8 From b8846a0a5961b81017f7507daceb9ab7a4433f9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 15 Dec 2024 22:32:51 -0800 Subject: [PATCH 080/176] Bump github/codeql-action from 3.27.6 to 3.27.9 in the dependencies group (#186) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.6 to 3.27.9
Release notes

Sourced from github/codeql-action's releases.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

  • Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
  • Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

... (truncated)

Commits
  • df409f7 Merge pull request #2649 from github/update-v3.27.9-7972a42f3
  • feca44d Update changelog for v3.27.9
  • 7972a42 Merge pull request #2648 from github/aeisenberg/add-environment
  • 44bf16d Merge pull request #2646 from github/mergeback/v3.27.8-to-main-8a93837a
  • f124ad0 Adds an environment for creating releases
  • 9275370 Update checked-in dependencies
  • a059a7a Update changelog and version after v3.27.8
  • 8a93837 Merge pull request #2645 from github/update-v3.27.8-9cfbef4bd
  • 90a2700 Update changelog for v3.27.8
  • 9cfbef4 Merge pull request #2644 from github/aeisenberg/use-app-token-for-release
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.27.6&new-version=3.27.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index fe89808..6f800be 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d475c3c..5df3f65 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif From 88b54d177b6ec25ce1d9b0a6cf681a3938002183 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 21:39:15 -0500 Subject: [PATCH 081/176] Upgrade trunk (#187) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - cfnlint 1.22.0 → 1.22.1 - renovate 39.62.6 → 39.64.0 - ruff 0.8.2 → 0.8.3 - semgrep 1.99.0 → 1.100.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 9952a49..b4d6987 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.22.0 + - cfnlint@1.22.1 - checkov@3.2.334 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,11 +38,11 @@ lint: - prettier@3.4.2 - prisma@6.0.1 - pylint@3.3.2 - - renovate@39.62.6 + - renovate@39.64.0 - rubocop@1.39.0 - - ruff@0.8.2 + - ruff@0.8.3 - rustfmt@1.68.2 - - semgrep@1.99.0 + - semgrep@1.100.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 From 26c60b0f4da259f032daa13f8eef2d393aecfdeb Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 10:50:07 -0500 Subject: [PATCH 082/176] Upgrade trunk (#188) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - cfnlint 1.22.1 → 1.22.2 - checkov 3.2.334 → 3.2.342 - osv-scanner 1.9.1 → 1.9.2 - prisma 6.0.1 → 6.1.0 - renovate 39.64.0 → 39.75.0 - semgrep 1.100.0 → 1.101.0 - stylelint 16.11.0 → 16.12.0 - trufflehog 3.86.1 → 3.87.2 2 tools were upgraded: - gt 1.4.8 → 1.4.11 - trunk-analytics-cli 0.6.8 → 0.6.10 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b4d6987..9b688bb 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.22.1 - - checkov@3.2.334 + - cfnlint@1.22.2 + - checkov@3.2.342 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,22 +32,22 @@ lint: - markdown-link-check@3.13.6 - mypy@1.13.0 - nancy@1.0.46 - - osv-scanner@1.9.1 + - osv-scanner@1.9.2 - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - - prisma@6.0.1 + - prisma@6.1.0 - pylint@3.3.2 - - renovate@39.64.0 + - renovate@39.75.0 - rubocop@1.39.0 - ruff@0.8.3 - rustfmt@1.68.2 - - semgrep@1.100.0 + - semgrep@1.101.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 - sql-formatter@15.4.6 - - stylelint@16.11.0: + - stylelint@16.12.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@6.1.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.86.1 + - trufflehog@3.87.2 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.63.2 - grpcui@1.4.2 - - gt@1.4.8 - - trunk-analytics-cli@0.6.8 + - gt@1.4.11 + - trunk-analytics-cli@0.6.10 From 8e1f0558a6633867192739447890e210767eb9fa Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 12:21:46 -0500 Subject: [PATCH 083/176] Upgrade trunk (#190) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - checkov 3.2.342 → 3.2.344 - mypy 1.13.0 → 1.14.0 - pylint 3.3.2 → 3.3.3 - renovate 39.75.0 → 39.83.3 - ruff 0.8.3 → 0.8.4 - sql-formatter 15.4.6 → 15.4.8 - trufflehog 3.87.2 → 3.88.0 1 tool was upgraded: - gh 2.63.2 → 2.64.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 9b688bb..c004dc9 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.22.2 - - checkov@3.2.342 + - checkov@3.2.344 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,23 +30,23 @@ lint: - isort@5.13.2 - markdownlint@0.43.0 - markdown-link-check@3.13.6 - - mypy@1.13.0 + - mypy@1.14.0 - nancy@1.0.46 - osv-scanner@1.9.2 - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - prisma@6.1.0 - - pylint@3.3.2 - - renovate@39.75.0 + - pylint@3.3.3 + - renovate@39.83.3 - rubocop@1.39.0 - - ruff@0.8.3 + - ruff@0.8.4 - rustfmt@1.68.2 - semgrep@1.101.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 - - sql-formatter@15.4.6 + - sql-formatter@15.4.8 - stylelint@16.12.0: packages: - stylelint-config-standard-scss@14.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.87.2 + - trufflehog@3.88.0 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.63.2 + - gh@2.64.0 - grpcui@1.4.2 - gt@1.4.11 - trunk-analytics-cli@0.6.10 From fee5a5f57c9006ce3092fe6c81717dd9b669cc6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 10:30:16 -0800 Subject: [PATCH 084/176] Bump the dependencies group with 2 updates (#189) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.27.9 to 3.28.0
Release notes

Sourced from github/codeql-action's releases.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

  • Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

... (truncated)

Commits
  • 48ab28a Merge pull request #2662 from github/update-v3.28.0-d01b25e64
  • 4946b76 Update changelog for v3.28.0
  • d01b25e Merge pull request #2660 from github/henrymercer/fix-error-file-on-path
  • 7d6d36c Add changelog note
  • b58f447 Use @actions/io to locate binaries
  • 64cc90b Merge pull request #2653 from github/dependabot/npm_and_yarn/npm-61c837125e
  • d8f8eca Merge branch 'main' into dependabot/npm_and_yarn/npm-61c837125e
  • 562042d Merge pull request #2655 from github/aeisenberg/deprecate-2.14
  • beed6ff Change codeql version used in test
  • 5f0a4d3 Bump the minimum supported version of CodeQL to 2.15.5
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.4.3 to 4.5.0
Release notes

Sourced from actions/upload-artifact's releases.

v4.5.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0

Commits
  • 6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
  • c40c16d add new artifact-digest output
  • 735efb4 bump @​actions/artifact from 2.1.11 to 2.2.0
  • 184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
  • b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 6f800be..3f86fbb 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5df3f65..6740dbd 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From 4d2028e6c4a4c413b3ac197274cf62b776446a31 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 10:57:21 -0800 Subject: [PATCH 085/176] Upgrade trunk (#191) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - actionlint 1.7.4 → 1.7.5 - cfnlint 1.22.2 → 1.22.3 - checkov 3.2.344 → 3.2.346 - mypy 1.14.0 → 1.14.1 - renovate 39.83.3 → 39.90.2 - ruff 0.8.4 → 0.8.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index c004dc9..2c674a1 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.4 + - actionlint@1.7.5 - bandit@1.8.0 - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - - cfnlint@1.22.2 - - checkov@3.2.344 + - cfnlint@1.22.3 + - checkov@3.2.346 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,7 +30,7 @@ lint: - isort@5.13.2 - markdownlint@0.43.0 - markdown-link-check@3.13.6 - - mypy@1.14.0 + - mypy@1.14.1 - nancy@1.0.46 - osv-scanner@1.9.2 - oxipng@9.1.3 @@ -38,9 +38,9 @@ lint: - prettier@3.4.2 - prisma@6.1.0 - pylint@3.3.3 - - renovate@39.83.3 + - renovate@39.90.2 - rubocop@1.39.0 - - ruff@0.8.4 + - ruff@0.8.5 - rustfmt@1.68.2 - semgrep@1.101.0 - shellcheck@0.10.0 From e6d455fecda50fba04ef10d12c61d6892cc0fe4a Mon Sep 17 00:00:00 2001 From: Andrei Liviu Georgescu <146103342+andreilgeorgescu@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:49:41 -0500 Subject: [PATCH 086/176] Update default SVGO configuration file to an ESM Module (#192) Updating the default SVGO configuration to an ES Module helps future-proof it and prevent issues with NPM projects set to `"type": "module"`. --------- Co-authored-by: Tyler Jang --- configs/{svgo.config.js => svgo.config.mjs} | 2 +- plugin.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename configs/{svgo.config.js => svgo.config.mjs} (93%) diff --git a/configs/svgo.config.js b/configs/svgo.config.mjs similarity index 93% rename from configs/svgo.config.js rename to configs/svgo.config.mjs index b257d13..55b4a7a 100644 --- a/configs/svgo.config.js +++ b/configs/svgo.config.mjs @@ -1,4 +1,4 @@ -module.exports = { +export default { plugins: [ { name: "preset-default", diff --git a/plugin.yaml b/plugin.yaml index 2c674a1..4ffa33e 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -75,7 +75,7 @@ lint: - configs/.shellcheckrc - configs/.sqlfluff - configs/.stylelintrc.js - - configs/svgo.config.js + - configs/svgo.config.mjs - configs/.yamllint.yaml # By sourcing this plugin, repos will enable these actions From 738f19eb88ab6b4698925683336ffddc7c8e6e4a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:43:26 -0800 Subject: [PATCH 087/176] Upgrade trunk (#193) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - actionlint 1.7.5 → 1.7.6 - checkov 3.2.346 → 3.2.351 - golangci-lint 1.62.2 → 1.63.4 - prisma 6.1.0 → 6.2.1 - renovate 39.90.2 → 39.92.0 - ruff 0.8.5 → 0.8.6 - semgrep 1.101.0 → 1.102.0 - sql-formatter 15.4.8 → 15.4.9 - stylelint 16.12.0 → 16.12.0 - stylelint-config-clean-order 6.1.0 → 7.0.0 - trufflehog 3.88.0 → 3.88.1 1 tool was upgraded: - gh 2.64.0 → 2.65.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4ffa33e..22353b5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,20 +12,20 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.5 + - actionlint@1.7.6 - bandit@1.8.0 - black@24.10.0 - buf-lint@1.31.0! - buildifier@7.3.1 - cfnlint@1.22.3 - - checkov@3.2.346 + - checkov@3.2.351 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.62.2 + - golangci-lint@1.63.4 - hadolint@2.12.1-beta - isort@5.13.2 - markdownlint@0.43.0 @@ -36,27 +36,27 @@ lint: - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - - prisma@6.1.0 + - prisma@6.2.1 - pylint@3.3.3 - - renovate@39.90.2 + - renovate@39.92.0 - rubocop@1.39.0 - - ruff@0.8.5 + - ruff@0.8.6 - rustfmt@1.68.2 - - semgrep@1.101.0 + - semgrep@1.102.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.12.0 - - sql-formatter@15.4.8 + - sql-formatter@15.4.9 - stylelint@16.12.0: packages: - stylelint-config-standard-scss@14.0.0 - - stylelint-config-clean-order@6.1.0 + - stylelint-config-clean-order@7.0.0 - svgo@3.3.2 - taplo@0.9.3 - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.0 + - trufflehog@3.88.1 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.64.0 + - gh@2.65.0 - grpcui@1.4.2 - gt@1.4.11 - trunk-analytics-cli@0.6.10 From 920f68031ccb469cfdb0f214452367d98feeb894 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 09:28:44 -0800 Subject: [PATCH 088/176] Bump the dependencies group with 2 updates (#194) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.28.0 to 3.28.1
Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

  • Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits
  • b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
  • bb999b4 Update changelog for v3.28.1
  • ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
  • 4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
  • a05a7eb Fix PR number in changenote
  • 8d2753b Add public changelog blog post link
  • e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
  • b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
  • 1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
  • fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.5.0 to 4.6.0
Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.0

Commits
  • 65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
  • 0207619 move files back to satisfy licensed ci
  • 1ecca81 licensed cache updates
  • 9742269 Expose env vars to controll concurrency and timeout
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 3f86fbb..45dff0c 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6740dbd..31c9768 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif From 3cc491abb02e522c737fba412dac07ee17a7918f Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:23:36 -0800 Subject: [PATCH 089/176] Upgrade trunk (#195) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - buildifier 7.3.1 → 8.0.0 - cfnlint 1.22.3 → 1.22.4 - checkov 3.2.351 → 3.2.352 - renovate 39.92.0 → 39.100.2 - ruff 0.8.6 → 0.9.0 - trufflehog 3.88.1 → 3.88.2 1 tool was upgraded: - trunk-analytics-cli 0.6.10 → 0.6.11 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 22353b5..4b40fc3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -16,9 +16,9 @@ lint: - bandit@1.8.0 - black@24.10.0 - buf-lint@1.31.0! - - buildifier@7.3.1 - - cfnlint@1.22.3 - - checkov@3.2.351 + - buildifier@8.0.0 + - cfnlint@1.22.4 + - checkov@3.2.352 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,9 +38,9 @@ lint: - prettier@3.4.2 - prisma@6.2.1 - pylint@3.3.3 - - renovate@39.92.0 + - renovate@39.100.2 - rubocop@1.39.0 - - ruff@0.8.6 + - ruff@0.9.0 - rustfmt@1.68.2 - semgrep@1.102.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.1 + - trufflehog@3.88.2 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.65.0 - grpcui@1.4.2 - gt@1.4.11 - - trunk-analytics-cli@0.6.10 + - trunk-analytics-cli@0.6.11 From c084c3b81c13071c3957a3db9340dc353bf27e88 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 17 Jan 2025 00:37:36 -0800 Subject: [PATCH 090/176] Upgrade trunk (#196) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - bandit 1.8.0 → 1.8.2 - buildifier 8.0.0 → 8.0.1 - cfnlint 1.22.4 → 1.22.5 - checkov 3.2.352 → 3.2.353 - renovate 39.100.2 → 39.109.0 - ruff 0.9.0 → 0.9.1 - semgrep 1.102.0 → 1.103.0 - sort-package-json 2.12.0 → 2.14.0 - stylelint 16.12.0 → 16.13.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4b40fc3..b7f5451 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,12 +13,12 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.6 - - bandit@1.8.0 + - bandit@1.8.2 - black@24.10.0 - buf-lint@1.31.0! - - buildifier@8.0.0 - - cfnlint@1.22.4 - - checkov@3.2.352 + - buildifier@8.0.1 + - cfnlint@1.22.5 + - checkov@3.2.353 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,16 +38,16 @@ lint: - prettier@3.4.2 - prisma@6.2.1 - pylint@3.3.3 - - renovate@39.100.2 + - renovate@39.109.0 - rubocop@1.39.0 - - ruff@0.9.0 + - ruff@0.9.1 - rustfmt@1.68.2 - - semgrep@1.102.0 + - semgrep@1.103.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@2.12.0 + - sort-package-json@2.14.0 - sql-formatter@15.4.9 - - stylelint@16.12.0: + - stylelint@16.13.2: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 From 7df34ab7c04a94c22fb0808e8f6a7d79d70367b5 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 11:05:13 -0800 Subject: [PATCH 091/176] Upgrade trunk (#197) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 1 linter was upgraded: - ruff 0.9.1 → 0.9.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.yaml b/plugin.yaml index b7f5451..46a214c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -40,7 +40,7 @@ lint: - pylint@3.3.3 - renovate@39.109.0 - rubocop@1.39.0 - - ruff@0.9.1 + - ruff@0.9.2 - rustfmt@1.68.2 - semgrep@1.103.0 - shellcheck@0.10.0 From 5d5479fb4fae2932a68cb9377fb50dc9ced7620d Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:27:42 -0800 Subject: [PATCH 092/176] Upgrade trunk (#198) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - actionlint 1.7.6 → 1.7.7 - cfnlint 1.22.5 → 1.22.6 - checkov 3.2.353 → 3.2.356 - renovate 39.109.0 → 39.125.0 - semgrep 1.103.0 → 1.104.0 1 tool was upgraded: - gt 1.4.11 → 1.5.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 46a214c..3b76000 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.6 + - actionlint@1.7.7 - bandit@1.8.2 - black@24.10.0 - buf-lint@1.31.0! - buildifier@8.0.1 - - cfnlint@1.22.5 - - checkov@3.2.353 + - cfnlint@1.22.6 + - checkov@3.2.356 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,11 +38,11 @@ lint: - prettier@3.4.2 - prisma@6.2.1 - pylint@3.3.3 - - renovate@39.109.0 + - renovate@39.125.0 - rubocop@1.39.0 - ruff@0.9.2 - rustfmt@1.68.2 - - semgrep@1.103.0 + - semgrep@1.104.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.14.0 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.65.0 - grpcui@1.4.2 - - gt@1.4.11 + - gt@1.5.2 - trunk-analytics-cli@0.6.11 From 7e59d1ae22e88bf6f9a49f424b1e16f0bb52a642 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 23:40:14 -0800 Subject: [PATCH 093/176] Bump github/codeql-action from 3.28.1 to 3.28.5 in the dependencies group (#199) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.1 to 3.28.5
Release notes

Sourced from github/codeql-action's releases.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

See the full CHANGELOG.md for more information.

v3.28.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

  • Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

... (truncated)

Commits
  • f6091c0 Merge pull request #2721 from github/update-v3.28.5-01f001931
  • 064af10 Update changelog for v3.28.5
  • 01f0019 Merge pull request #2717 from github/update-bundle/codeql-bundle-v2.20.3
  • 573ad88 Merge pull request #2718 from github/kaeluka/4779-1
  • d7f3976 permissions block in query-filters.yml
  • 428975c Add changelog note
  • 208091d Update default bundle to codeql-bundle-v2.20.3
  • 7e3036b Merge pull request #2716 from github/mergeback/v3.28.4-to-main-ee117c90
  • e32a0d6 Update checked-in dependencies
  • 67c21e4 Update changelog and version after v3.28.4
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.1&new-version=3.28.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 45dff0c..cbf08ba 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/autobuild@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 31c9768..011b686 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif From 3d030a651399b9d8c6d359f2d137bedec88a17e6 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:21:33 -0800 Subject: [PATCH 094/176] Upgrade trunk (#200) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - cfnlint 1.22.6 → 1.22.7 - checkov 3.2.356 → 3.2.357 - renovate 39.125.0 → 39.128.0 - ruff 0.9.2 → 0.9.3 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3b76000..16ebf3c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@24.10.0 - buf-lint@1.31.0! - buildifier@8.0.1 - - cfnlint@1.22.6 - - checkov@3.2.356 + - cfnlint@1.22.7 + - checkov@3.2.357 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,9 +38,9 @@ lint: - prettier@3.4.2 - prisma@6.2.1 - pylint@3.3.3 - - renovate@39.125.0 + - renovate@39.128.0 - rubocop@1.39.0 - - ruff@0.9.2 + - ruff@0.9.3 - rustfmt@1.68.2 - semgrep@1.104.0 - shellcheck@0.10.0 From 24478d2e0603d2369cb60e336da65aad0d2d288d Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 10:46:41 -0800 Subject: [PATCH 095/176] Upgrade trunk (#201) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 12 linters were upgraded: - black 24.10.0 → 25.1.0 - cfnlint 1.22.7 → 1.23.0 - checkov 3.2.357 → 3.2.358 - isort 5.13.2 → 6.0.0 - markdownlint 0.43.0 → 0.44.0 - prisma 6.2.1 → 6.3.0 - pylint 3.3.3 → 3.3.4 - renovate 39.128.0 → 39.141.0 - semgrep 1.104.0 → 1.106.0 - sql-formatter 15.4.9 → 15.4.10 - stylelint 16.13.2 → 16.14.1 - trufflehog 3.88.2 → 3.88.3 3 tools were upgraded: - gh 2.65.0 → 2.66.0 - gt 1.5.2 → 1.5.3 - trunk-analytics-cli 0.6.11 → 0.6.12 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 16ebf3c..86913bb 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -14,11 +14,11 @@ lint: enabled: - actionlint@1.7.7 - bandit@1.8.2 - - black@24.10.0 + - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.1 - - cfnlint@1.22.7 - - checkov@3.2.357 + - cfnlint@1.23.0 + - checkov@3.2.358 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -27,8 +27,8 @@ lint: - gofmt@1.20.4 - golangci-lint@1.63.4 - hadolint@2.12.1-beta - - isort@5.13.2 - - markdownlint@0.43.0 + - isort@6.0.0 + - markdownlint@0.44.0 - markdown-link-check@3.13.6 - mypy@1.14.1 - nancy@1.0.46 @@ -36,18 +36,18 @@ lint: - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - - prisma@6.2.1 - - pylint@3.3.3 - - renovate@39.128.0 + - prisma@6.3.0 + - pylint@3.3.4 + - renovate@39.141.0 - rubocop@1.39.0 - ruff@0.9.3 - rustfmt@1.68.2 - - semgrep@1.104.0 + - semgrep@1.106.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.14.0 - - sql-formatter@15.4.9 - - stylelint@16.13.2: + - sql-formatter@15.4.10 + - stylelint@16.14.1: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.2 + - trufflehog@3.88.3 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.65.0 + - gh@2.66.0 - grpcui@1.4.2 - - gt@1.5.2 - - trunk-analytics-cli@0.6.11 + - gt@1.5.3 + - trunk-analytics-cli@0.6.12 From 0ec2baca513696e4bef7a6e558644995cf148451 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 00:05:27 -0800 Subject: [PATCH 096/176] Bump github/codeql-action from 3.28.5 to 3.28.8 in the dependencies group (#202) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.5 to 3.28.8
Release notes

Sourced from github/codeql-action's releases.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

... (truncated)

Commits
  • dd74661 Merge pull request #2746 from github/update-v3.28.8-a91a3f767
  • 3210a3c Fix Kotlin version in changelog
  • 72f9d02 Update changelog for v3.28.8
  • a91a3f7 Merge pull request #2744 from github/igfoo/kot2.1.10
  • c520fb5 Merge pull request #2745 from github/mergeback/v3.28.7-to-main-6e545590
  • 3879c57 Add changelog entry
  • 0c21937 Run "npm run build"
  • 5a61bf0 Kotlin: The 2.20.3 release supports Kotlin 2.1.10.
  • 163d119 Update checked-in dependencies
  • bcf5cec Update changelog and version after v3.28.7
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.5&new-version=3.28.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index cbf08ba..02ad558 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 011b686..d953de6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif From 225b5852f5d8e88c0868c0d03ec00b381ccad8d1 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 10:15:42 -0800 Subject: [PATCH 097/176] Upgrade trunk (#203) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - cfnlint 1.23.0 → 1.24.0 - checkov 3.2.358 → 3.2.367 - mypy 1.14.1 → 1.15.0 - prisma 6.3.0 → 6.3.1 - renovate 39.141.0 → 39.162.0 - ruff 0.9.3 → 0.9.4 - semgrep 1.106.0 → 1.107.0 - trufflehog 3.88.3 → 3.88.5 2 tools were upgraded: - gh 2.66.0 → 2.66.1 - trunk-analytics-cli 0.6.12 → 0.6.13 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 86913bb..d383dd4 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.1 - - cfnlint@1.23.0 - - checkov@3.2.358 + - cfnlint@1.24.0 + - checkov@3.2.367 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,19 +30,19 @@ lint: - isort@6.0.0 - markdownlint@0.44.0 - markdown-link-check@3.13.6 - - mypy@1.14.1 + - mypy@1.15.0 - nancy@1.0.46 - osv-scanner@1.9.2 - oxipng@9.1.3 - pragma-once - prettier@3.4.2 - - prisma@6.3.0 + - prisma@6.3.1 - pylint@3.3.4 - - renovate@39.141.0 + - renovate@39.162.0 - rubocop@1.39.0 - - ruff@0.9.3 + - ruff@0.9.4 - rustfmt@1.68.2 - - semgrep@1.106.0 + - semgrep@1.107.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.14.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.3 + - trufflehog@3.88.5 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.66.0 + - gh@2.66.1 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.6.12 + - trunk-analytics-cli@0.6.13 From 431fbde38cefcd99914179be1ad6eebc9ef26d5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Feb 2025 15:14:25 -0800 Subject: [PATCH 098/176] Bump github/codeql-action from 3.28.8 to 3.28.9 in the dependencies group (#204) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.8 to 3.28.9
Release notes

Sourced from github/codeql-action's releases.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655

... (truncated)

Commits
  • 9e8d078 Merge pull request #2757 from github/update-v3.28.9-24e1c2d33
  • 43d9be6 Update changelog for v3.28.9
  • 24e1c2d Merge pull request #2753 from github/update-bundle/codeql-bundle-v2.20.4
  • 57a08c0 Add changelog note
  • 52189d2 Update default bundle to codeql-bundle-v2.20.4
  • 08bc0cf Merge pull request #2751 from github/henrymercer/fix-init-post-without-config
  • cf7c687 Send init-post status report in absence of config
  • ad42dbd Merge pull request #2750 from github/dependabot/npm_and_yarn/npm-768bd9b555
  • a8f5935 Merge pull request #2749 from github/dependabot/github_actions/actions-29d379...
  • 9660df3 Update checked-in dependencies
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.8&new-version=3.28.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 02ad558..44cd393 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d953de6..5e0479e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: sarif_file: results.sarif From 669192ff2d6c06e3a05b41aae8f7309897207f8b Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 10:54:02 -0800 Subject: [PATCH 099/176] Upgrade trunk (#205) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - buildifier 8.0.1 → 8.0.3 - checkov 3.2.367 → 3.2.368 - renovate 39.162.0 → 39.163.0 - ruff 0.9.4 → 0.9.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index d383dd4..158f156 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -16,9 +16,9 @@ lint: - bandit@1.8.2 - black@25.1.0 - buf-lint@1.31.0! - - buildifier@8.0.1 + - buildifier@8.0.3 - cfnlint@1.24.0 - - checkov@3.2.367 + - checkov@3.2.368 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,9 +38,9 @@ lint: - prettier@3.4.2 - prisma@6.3.1 - pylint@3.3.4 - - renovate@39.162.0 + - renovate@39.163.0 - rubocop@1.39.0 - - ruff@0.9.4 + - ruff@0.9.5 - rustfmt@1.68.2 - semgrep@1.107.0 - shellcheck@0.10.0 From b97bea1a6c56bb21dcac8201189118b3fa9c2aa3 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 09:35:33 -0800 Subject: [PATCH 100/176] Upgrade trunk (#206) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - checkov 3.2.368 → 3.2.369 - prettier 3.4.2 → 3.5.0 - renovate 39.163.0 → 39.169.3 - ruff 0.9.5 → 0.9.6 - semgrep 1.107.0 → 1.108.0 - trufflehog 3.88.5 → 3.88.7 2 tools were upgraded: - gh 2.66.1 → 2.67.0 - trunk-analytics-cli 0.6.13 → 0.6.16 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 158f156..263cc02 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.0.3 - cfnlint@1.24.0 - - checkov@3.2.368 + - checkov@3.2.369 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -35,14 +35,14 @@ lint: - osv-scanner@1.9.2 - oxipng@9.1.3 - pragma-once - - prettier@3.4.2 + - prettier@3.5.0 - prisma@6.3.1 - pylint@3.3.4 - - renovate@39.163.0 + - renovate@39.169.3 - rubocop@1.39.0 - - ruff@0.9.5 + - ruff@0.9.6 - rustfmt@1.68.2 - - semgrep@1.107.0 + - semgrep@1.108.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.14.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.5 + - trufflehog@3.88.7 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.66.1 + - gh@2.67.0 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.6.13 + - trunk-analytics-cli@0.6.16 From b26063b448f100ad54f9100d57a8c665cf213003 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 15:05:28 -0800 Subject: [PATCH 101/176] Upgrade trunk (#207) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.24.0 → 1.25.1 - checkov 3.2.369 → 3.2.370 - golangci-lint 1.63.4 → 1.64.5 - prettier 3.5.0 → 3.5.1 - renovate 39.169.3 → 39.170.1 - trufflehog 3.88.7 → 3.88.8 1 tool was upgraded: - trunk-analytics-cli 0.6.16 → 0.6.18 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 263cc02..3770314 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,15 +17,15 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.24.0 - - checkov@3.2.369 + - cfnlint@1.25.1 + - checkov@3.2.370 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.63.4 + - golangci-lint@1.64.5 - hadolint@2.12.1-beta - isort@6.0.0 - markdownlint@0.44.0 @@ -35,10 +35,10 @@ lint: - osv-scanner@1.9.2 - oxipng@9.1.3 - pragma-once - - prettier@3.5.0 + - prettier@3.5.1 - prisma@6.3.1 - pylint@3.3.4 - - renovate@39.169.3 + - renovate@39.170.1 - rubocop@1.39.0 - ruff@0.9.6 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.7 + - trufflehog@3.88.8 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.67.0 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.6.16 + - trunk-analytics-cli@0.6.18 From 5e7b946ec0cf9649cc2e7807b2471e9c770b1a2d Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 21 Feb 2025 09:43:08 -0800 Subject: [PATCH 102/176] Upgrade trunk (#208) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - bandit 1.8.2 → 1.8.3 - checkov 3.2.370 → 3.2.372 - oxipng 9.1.3 → 9.1.4 - prisma 6.3.1 → 6.4.0 - renovate 39.170.1 → 39.176.4 - semgrep 1.108.0 → 1.109.0 - trufflehog 3.88.8 → 3.88.11 1 tool was upgraded: - trunk-analytics-cli 0.6.18 → 0.6.19 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3770314..7ee9ce3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,12 +13,12 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.7 - - bandit@1.8.2 + - bandit@1.8.3 - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - cfnlint@1.25.1 - - checkov@3.2.370 + - checkov@3.2.372 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -33,16 +33,16 @@ lint: - mypy@1.15.0 - nancy@1.0.46 - osv-scanner@1.9.2 - - oxipng@9.1.3 + - oxipng@9.1.4 - pragma-once - prettier@3.5.1 - - prisma@6.3.1 + - prisma@6.4.0 - pylint@3.3.4 - - renovate@39.170.1 + - renovate@39.176.4 - rubocop@1.39.0 - ruff@0.9.6 - rustfmt@1.68.2 - - semgrep@1.108.0 + - semgrep@1.109.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@2.14.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.8 + - trufflehog@3.88.11 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.67.0 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.6.18 + - trunk-analytics-cli@0.6.19 From 1638bcff88a93d1ce7ea6175b9692376dddec1e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Feb 2025 19:32:00 -0800 Subject: [PATCH 103/176] Bump the dependencies group with 3 updates (#209) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.28.9 to 3.28.10
Release notes

Sourced from github/codeql-action's releases.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

... (truncated)

Commits
  • b56ba49 Merge pull request #2778 from github/update-v3.28.10-9856c48b1
  • 60c9c77 Update changelog for v3.28.10
  • 9856c48 Merge pull request #2773 from github/redsun82/rust
  • 9572e09 Rust: fix log string
  • 1a52936 Rust: special case default setup
  • cf7e909 Merge pull request #2772 from github/update-bundle/codeql-bundle-v2.20.5
  • b7006aa Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5
  • cfedae7 Rust: throw configuration errors if requested and not correctly enabled
  • 3971ed2 Merge branch 'main' into redsun82/rust
  • d38c6e6 Merge pull request #2775 from github/angelapwen/bump-octokit
  • Additional commits viewable in compare view

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1
Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.1

What's Changed

  • This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
  • Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • Some errors were made into annotations to make them more visible
  • There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

Docs

New Contributors

Commits
  • f49aabe bump docker to ghcr v2.4.1 (#1478)
  • 30a595b :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (#1515)
  • 69ae593 omit vcs info from build (#1514)
  • 6a62a1c add input for specifying --file-mode (#1509)
  • 2722664 :seedling: Bump the github-actions group with 2 updates (#1510)
  • ae0ef31 :seedling: Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1512)
  • 3676bbc :seedling: Bump golang from 1.23.6 to 1.24.0 in the docker-images group (#1513)
  • ae7548a Limit codeQL push trigger to main branch (#1507)
  • 9165624 upgrade scorecard to v5.1.0 (#1508)
  • 620fd28 :seedling: Bump the github-actions group with 2 updates (#1505)
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.1

Commits
  • 4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
  • e9fad96 license cache update for artifact
  • b26fd06 Update to use artifact 2.2.2 package
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 44cd393..80b1de9 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5e0479e..d039dbb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: sarif_file: results.sarif From e77c347295567d1a227180340778c8ce1f33cd2a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 09:26:55 -0800 Subject: [PATCH 104/176] Upgrade trunk (#210) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - prisma 6.4.0 → 6.4.1 - ruff 0.9.6 → 0.9.7 - trufflehog 3.88.11 → 3.88.12 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 7ee9ce3..872c6a3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -36,11 +36,11 @@ lint: - oxipng@9.1.4 - pragma-once - prettier@3.5.1 - - prisma@6.4.0 + - prisma@6.4.1 - pylint@3.3.4 - renovate@39.176.4 - rubocop@1.39.0 - - ruff@0.9.6 + - ruff@0.9.7 - rustfmt@1.68.2 - semgrep@1.109.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.11 + - trufflehog@3.88.12 - trunk-toolbox@0.5.4 - yamllint@1.35.1 From 8eb9f387c74ade7945c62708f4855d1cb6565b40 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Sun, 2 Mar 2025 15:47:52 -0800 Subject: [PATCH 105/176] Upgrade trunk (#211) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.25.1 → 1.26.1 - checkov 3.2.372 → 3.2.377 - isort 6.0.0 → 6.0.1 - prettier 3.5.1 → 3.5.2 - renovate 39.176.4 → 39.182.3 - semgrep 1.109.0 → 1.110.0 - sort-package-json 2.14.0 → 2.15.0 - sql-formatter 15.4.10 → 15.4.11 - trufflehog 3.88.12 → 3.88.13 1 tool was upgraded: - trunk-analytics-cli 0.6.19 → 0.7.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 872c6a3..d3da296 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.25.1 - - checkov@3.2.372 + - cfnlint@1.26.1 + - checkov@3.2.377 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -27,7 +27,7 @@ lint: - gofmt@1.20.4 - golangci-lint@1.64.5 - hadolint@2.12.1-beta - - isort@6.0.0 + - isort@6.0.1 - markdownlint@0.44.0 - markdown-link-check@3.13.6 - mypy@1.15.0 @@ -35,18 +35,18 @@ lint: - osv-scanner@1.9.2 - oxipng@9.1.4 - pragma-once - - prettier@3.5.1 + - prettier@3.5.2 - prisma@6.4.1 - pylint@3.3.4 - - renovate@39.176.4 + - renovate@39.182.3 - rubocop@1.39.0 - ruff@0.9.7 - rustfmt@1.68.2 - - semgrep@1.109.0 + - semgrep@1.110.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@2.14.0 - - sql-formatter@15.4.10 + - sort-package-json@2.15.0 + - sql-formatter@15.4.11 - stylelint@16.14.1: packages: - stylelint-config-standard-scss@14.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.12 + - trufflehog@3.88.13 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -110,4 +110,4 @@ tools: - gh@2.67.0 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.6.19 + - trunk-analytics-cli@0.7.0 From 70ed93e2d48f9bcd614b7532567bc54a36e70022 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 7 Mar 2025 00:21:54 -0800 Subject: [PATCH 106/176] Upgrade trunk (#212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - cfnlint 1.26.1 → 1.28.0 - checkov 3.2.377 → 3.2.382 - golangci-lint 1.64.5 → 1.64.6 - prettier 3.5.2 → 3.5.3 - renovate 39.182.3 → 39.188.3 - ruff 0.9.7 → 0.9.9 - semgrep 1.110.0 → 1.111.0 - sort-package-json 2.15.0 → 3.0.0 - stylelint 16.14.1 → 16.15.0 - trufflehog 3.88.13 → 3.88.15 2 tools were upgraded: - gh 2.67.0 → 2.68.1 - trunk-analytics-cli 0.7.0 → 0.7.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index d3da296..2c00062 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,15 +17,15 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.26.1 - - checkov@3.2.377 + - cfnlint@1.28.0 + - checkov@3.2.382 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.64.5 + - golangci-lint@1.64.6 - hadolint@2.12.1-beta - isort@6.0.1 - markdownlint@0.44.0 @@ -35,19 +35,19 @@ lint: - osv-scanner@1.9.2 - oxipng@9.1.4 - pragma-once - - prettier@3.5.2 + - prettier@3.5.3 - prisma@6.4.1 - pylint@3.3.4 - - renovate@39.182.3 + - renovate@39.188.3 - rubocop@1.39.0 - - ruff@0.9.7 + - ruff@0.9.9 - rustfmt@1.68.2 - - semgrep@1.110.0 + - semgrep@1.111.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@2.15.0 + - sort-package-json@3.0.0 - sql-formatter@15.4.11 - - stylelint@16.14.1: + - stylelint@16.15.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.13 + - trufflehog@3.88.15 - trunk-toolbox@0.5.4 - yamllint@1.35.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.67.0 + - gh@2.68.1 - grpcui@1.4.2 - gt@1.5.3 - - trunk-analytics-cli@0.7.0 + - trunk-analytics-cli@0.7.1 From 8b31fbf724266a4a943170b52da4d4b93afc2b3f Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 08:54:31 -0700 Subject: [PATCH 107/176] Upgrade trunk (#214) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 1 linter was upgraded: - renovate 39.188.3 → 39.190.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.yaml b/plugin.yaml index 2c00062..baa9eca 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,7 +38,7 @@ lint: - prettier@3.5.3 - prisma@6.4.1 - pylint@3.3.4 - - renovate@39.188.3 + - renovate@39.190.1 - rubocop@1.39.0 - ruff@0.9.9 - rustfmt@1.68.2 From 13a5937773d6e70ba4c099d05b960f50ecdd8d27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 08:59:44 -0700 Subject: [PATCH 108/176] Bump github/codeql-action from 3.28.10 to 3.28.11 in the dependencies group (#213) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.10 to 3.28.11
Release notes

Sourced from github/codeql-action's releases.

v3.28.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

... (truncated)

Commits
  • 6bb031a Merge pull request #2798 from github/update-v3.28.11-56b25d5d5
  • 6bca7dd Update changelog for v3.28.11
  • 56b25d5 Merge pull request #2793 from github/update-bundle/codeql-bundle-v2.20.6
  • 256aa16 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.6
  • 911d845 Merge pull request #2796 from github/nickfyson/adjust-rate-error-string
  • 7b7ed63 adjust string for handling rate limit error
  • 608ccd6 Merge pull request #2794 from github/update-supported-enterprise-server-versions
  • 35d04d3 Update supported GitHub Enterprise Server versions
  • ec3b221 Update supported GitHub Enterprise Server versions
  • 8dc01f6 Add changelog note
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.10&new-version=3.28.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 80b1de9..78894ac 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 + uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 + uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 + uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d039dbb..2cacc48 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 + uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 with: sarif_file: results.sarif From b4bed1d9a701eec2e2c486c896118f500e91b8e6 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 01:11:32 -0700 Subject: [PATCH 109/176] Upgrade trunk (#215) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - cfnlint 1.28.0 → 1.29.1 - checkov 3.2.382 → 3.2.384 - golangci-lint 1.64.6 → 1.64.7 - markdown-link-check 3.13.6 → 3.13.7 - prisma 6.4.1 → 6.5.0 - pylint 3.3.4 → 3.3.5 - renovate 39.190.1 → 39.197.0 - ruff 0.9.9 → 0.9.10 - trufflehog 3.88.15 → 3.88.16 - yamllint 1.35.1 → 1.36.0 2 tools were upgraded: - grpcui 1.4.2 → 1.4.3 - trunk-analytics-cli 0.7.1 → 0.7.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index baa9eca..5da30d3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,30 +17,30 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.28.0 - - checkov@3.2.382 + - cfnlint@1.29.1 + - checkov@3.2.384 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.64.6 + - golangci-lint@1.64.7 - hadolint@2.12.1-beta - isort@6.0.1 - markdownlint@0.44.0 - - markdown-link-check@3.13.6 + - markdown-link-check@3.13.7 - mypy@1.15.0 - nancy@1.0.46 - osv-scanner@1.9.2 - oxipng@9.1.4 - pragma-once - prettier@3.5.3 - - prisma@6.4.1 - - pylint@3.3.4 - - renovate@39.190.1 + - prisma@6.5.0 + - pylint@3.3.5 + - renovate@39.197.0 - rubocop@1.39.0 - - ruff@0.9.9 + - ruff@0.9.10 - rustfmt@1.68.2 - semgrep@1.111.0 - shellcheck@0.10.0 @@ -56,9 +56,9 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.15 + - trufflehog@3.88.16 - trunk-toolbox@0.5.4 - - yamllint@1.35.1 + - yamllint@1.36.0 # Sourcing repos will have these configs available to applicable linters exported_configs: @@ -108,6 +108,6 @@ tools: parse_regex: trunk-analytics-cli ${semver} enabled: - gh@2.68.1 - - grpcui@1.4.2 + - grpcui@1.4.3 - gt@1.5.3 - - trunk-analytics-cli@0.7.1 + - trunk-analytics-cli@0.7.2 From 60e41cff858bb5898d866d0ae5744a74b8e267f9 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 10:28:55 -0700 Subject: [PATCH 110/176] Upgrade trunk (#216) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.29.1 → 1.30.0 - checkov 3.2.384 → 3.2.386 - nancy 1.0.46 → 1.0.48 - renovate 39.197.0 → 39.200.3 - ruff 0.9.10 → 0.10.0 - semgrep 1.111.0 → 1.112.0 - trufflehog 3.88.16 → 3.88.17 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 5da30d3..1f788b3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.29.1 - - checkov@3.2.384 + - cfnlint@1.30.0 + - checkov@3.2.386 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -31,18 +31,18 @@ lint: - markdownlint@0.44.0 - markdown-link-check@3.13.7 - mypy@1.15.0 - - nancy@1.0.46 + - nancy@1.0.48 - osv-scanner@1.9.2 - oxipng@9.1.4 - pragma-once - prettier@3.5.3 - prisma@6.5.0 - pylint@3.3.5 - - renovate@39.197.0 + - renovate@39.200.3 - rubocop@1.39.0 - - ruff@0.9.10 + - ruff@0.10.0 - rustfmt@1.68.2 - - semgrep@1.111.0 + - semgrep@1.112.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.16 + - trufflehog@3.88.17 - trunk-toolbox@0.5.4 - yamllint@1.36.0 From 524c9b55bb6a08a1d63f5acb3b380eab1156e88e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 09:49:28 -0700 Subject: [PATCH 111/176] Upgrade trunk (#217) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 10 linters were upgraded: - cfnlint 1.30.0 → 1.31.2 - checkov 3.2.386 → 3.2.388 - golangci-lint 1.64.7 → 1.64.8 - osv-scanner 1.9.2 → 2.0.0 - renovate 39.200.3 → 39.207.3 - ruff 0.10.0 → 0.11.0 - semgrep 1.112.0 → 1.113.0 - stylelint 16.15.0 → 16.16.0 - trufflehog 3.88.17 → 3.88.18 - yamllint 1.36.0 → 1.36.2 1 tool was upgraded: - gh 2.68.1 → 2.69.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1f788b3..a1a3bf0 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,37 +17,37 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.30.0 - - checkov@3.2.386 + - cfnlint@1.31.2 + - checkov@3.2.388 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.64.7 + - golangci-lint@1.64.8 - hadolint@2.12.1-beta - isort@6.0.1 - markdownlint@0.44.0 - markdown-link-check@3.13.7 - mypy@1.15.0 - nancy@1.0.48 - - osv-scanner@1.9.2 + - osv-scanner@2.0.0 - oxipng@9.1.4 - pragma-once - prettier@3.5.3 - prisma@6.5.0 - pylint@3.3.5 - - renovate@39.200.3 + - renovate@39.207.3 - rubocop@1.39.0 - - ruff@0.10.0 + - ruff@0.11.0 - rustfmt@1.68.2 - - semgrep@1.112.0 + - semgrep@1.113.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - sql-formatter@15.4.11 - - stylelint@16.15.0: + - stylelint@16.16.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,9 +56,9 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.17 + - trufflehog@3.88.18 - trunk-toolbox@0.5.4 - - yamllint@1.36.0 + - yamllint@1.36.2 # Sourcing repos will have these configs available to applicable linters exported_configs: @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.68.1 + - gh@2.69.0 - grpcui@1.4.3 - gt@1.5.3 - trunk-analytics-cli@0.7.2 From a0db26d7547285429eb4a2b1cbefb1f00c62d8a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Mar 2025 18:32:07 -0700 Subject: [PATCH 112/176] Bump the dependencies group with 2 updates (#218) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.28.11 to 3.28.12
Release notes

Sourced from github/codeql-action's releases.

v3.28.12

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

... (truncated)

Commits
  • 5f8171a Merge pull request #2814 from github/update-v3.28.12-6349095d1
  • bb59f77 Update changelog for v3.28.12
  • 6349095 Merge pull request #2810 from github/update-bundle/codeql-bundle-v2.20.7
  • d7d03fd Add changelog note
  • 4e3a534 Update default bundle to codeql-bundle-v2.20.7
  • 55f0237 Merge pull request #2802 from github/mbg/dependency-caching/java-buildless
  • 6a151cd Merge pull request #2811 from github/dependabot/github_actions/actions-c2c311...
  • 7866bcd Manually bump workflow to match autogenerated file
  • 611289e build(deps): bump ruby/setup-ruby in the actions group
  • 4c409a5 Remove temporary dependency directory in analyze post action
  • Additional commits viewable in compare view

Updates `actions/upload-artifact` from 4.6.1 to 4.6.2
Release notes

Sourced from actions/upload-artifact's releases.

v4.6.2

What's Changed

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.2

Commits
  • ea165f8 Merge pull request #685 from salmanmkc/salmanmkc/3-new-upload-artifacts-release
  • 0839620 Prepare for new release of actions/upload-artifact with new toolkit cache ver...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 78894ac..da7ab5d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 + uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 + uses: github/codeql-action/autobuild@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 + uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2cacc48..1f37ddb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 with: sarif_file: results.sarif From 36c9831d268d677ce6cd0651d1e3d84fb5ee6d7b Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 24 Mar 2025 10:03:11 -0700 Subject: [PATCH 113/176] Upgrade trunk (#219) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.31.2 → 1.32.0 - checkov 3.2.388 → 3.2.390 - pylint 3.3.5 → 3.3.6 - renovate 39.207.3 → 39.210.1 - ruff 0.11.0 → 0.11.1 - semgrep 1.113.0 → 1.114.0 - sql-formatter 15.4.11 → 15.5.1 1 tool was upgraded: - trunk-analytics-cli 0.7.2 → 0.7.3 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index a1a3bf0..02206c9 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.31.2 - - checkov@3.2.388 + - cfnlint@1.32.0 + - checkov@3.2.390 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -37,16 +37,16 @@ lint: - pragma-once - prettier@3.5.3 - prisma@6.5.0 - - pylint@3.3.5 - - renovate@39.207.3 + - pylint@3.3.6 + - renovate@39.210.1 - rubocop@1.39.0 - - ruff@0.11.0 + - ruff@0.11.1 - rustfmt@1.68.2 - - semgrep@1.113.0 + - semgrep@1.114.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - - sql-formatter@15.4.11 + - sql-formatter@15.5.1 - stylelint@16.16.0: packages: - stylelint-config-standard-scss@14.0.0 @@ -110,4 +110,4 @@ tools: - gh@2.69.0 - grpcui@1.4.3 - gt@1.5.3 - - trunk-analytics-cli@0.7.2 + - trunk-analytics-cli@0.7.3 From 8299c122835aeb78d1ae81236e33128635ceb152 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 13:43:50 -0700 Subject: [PATCH 114/176] Upgrade trunk (#220) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - cfnlint 1.32.0 → 1.32.1 - checkov 3.2.390 → 3.2.394 - renovate 39.210.1 → 39.219.3 - ruff 0.11.1 → 0.11.2 - sql-formatter 15.5.1 → 15.5.2 - stylelint 16.16.0 → 16.17.0 - trufflehog 3.88.18 → 3.88.20 - yamllint 1.36.2 → 1.37.0 2 tools were upgraded: - gt 1.5.3 → 1.6.1 - trunk-analytics-cli 0.7.3 → 0.7.4 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 02206c9..dcaf001 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.32.0 - - checkov@3.2.390 + - cfnlint@1.32.1 + - checkov@3.2.394 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,16 +38,16 @@ lint: - prettier@3.5.3 - prisma@6.5.0 - pylint@3.3.6 - - renovate@39.210.1 + - renovate@39.219.3 - rubocop@1.39.0 - - ruff@0.11.1 + - ruff@0.11.2 - rustfmt@1.68.2 - semgrep@1.114.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - - sql-formatter@15.5.1 - - stylelint@16.16.0: + - sql-formatter@15.5.2 + - stylelint@16.17.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,9 +56,9 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.18 + - trufflehog@3.88.20 - trunk-toolbox@0.5.4 - - yamllint@1.36.2 + - yamllint@1.37.0 # Sourcing repos will have these configs available to applicable linters exported_configs: @@ -109,5 +109,5 @@ tools: enabled: - gh@2.69.0 - grpcui@1.4.3 - - gt@1.5.3 - - trunk-analytics-cli@0.7.3 + - gt@1.6.1 + - trunk-analytics-cli@0.7.4 From 75ee725fb0f82425e7ba41a82a54fe113a2523b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 13:45:14 -0700 Subject: [PATCH 115/176] Bump github/codeql-action from 3.28.12 to 3.28.13 in the dependencies group (#221) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.12 to 3.28.13
Release notes

Sourced from github/codeql-action's releases.

v3.28.13

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.13 - 24 Mar 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

... (truncated)

Commits
  • 1b549b9 Merge pull request #2819 from github/update-v3.28.13-e0ea14102
  • 82630c8 Update changelog for v3.28.13
  • e0ea141 Merge pull request #2818 from github/cklin/empty-pr-diff-range
  • b361a91 Diff-informed analysis: fix empty PR handling
  • bd1d9ab Merge pull request #2816 from github/cklin/overlay-file-list
  • b98ae6c Add overlay-database-utils tests
  • 9825184 Add getFileOidsUnderPath() tests
  • ac67cff Merge pull request #2817 from github/cklin/default-setup-diff-informed
  • 9c674ba build: refresh js files
  • d109dd5 Detect PR branches for Default Setup
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.12&new-version=3.28.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index da7ab5d..d093a2f 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1f37ddb..3c5333b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: results.sarif From 50cdb25aa4601a7e989f5c89e2d8eeace0245051 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 7 Apr 2025 01:17:29 -0700 Subject: [PATCH 116/176] Upgrade trunk (#222) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.32.1 → 1.32.3 - checkov 3.2.394 → 3.2.396 - osv-scanner 2.0.0 → 2.0.1 - renovate 39.219.3 → 39.233.2 - ruff 0.11.2 → 0.11.3 - semgrep 1.114.0 → 1.116.0 - trufflehog 3.88.20 → 3.88.22 1 tool was upgraded: - trunk-analytics-cli 0.7.4 → 0.7.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index dcaf001..5727d56 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.32.1 - - checkov@3.2.394 + - cfnlint@1.32.3 + - checkov@3.2.396 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,17 +32,17 @@ lint: - markdown-link-check@3.13.7 - mypy@1.15.0 - nancy@1.0.48 - - osv-scanner@2.0.0 + - osv-scanner@2.0.1 - oxipng@9.1.4 - pragma-once - prettier@3.5.3 - prisma@6.5.0 - pylint@3.3.6 - - renovate@39.219.3 + - renovate@39.233.2 - rubocop@1.39.0 - - ruff@0.11.2 + - ruff@0.11.3 - rustfmt@1.68.2 - - semgrep@1.114.0 + - semgrep@1.116.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.20 + - trufflehog@3.88.22 - trunk-toolbox@0.5.4 - yamllint@1.37.0 @@ -110,4 +110,4 @@ tools: - gh@2.69.0 - grpcui@1.4.3 - gt@1.6.1 - - trunk-analytics-cli@0.7.4 + - trunk-analytics-cli@0.7.6 From 256f31eac5eb36cb51c35abd2adc0f0ceac2cd44 Mon Sep 17 00:00:00 2001 From: Eli Schleifer <1265982+EliSchleifer@users.noreply.github.com> Date: Thu, 10 Apr 2025 09:02:24 -0700 Subject: [PATCH 117/176] Update tooling / analytics cli and renovate (#223) Update renovate to 39.238.1 Update trunk analytics cli definition and version --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 5727d56..b3b6acc 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,7 +38,7 @@ lint: - prettier@3.5.3 - prisma@6.5.0 - pylint@3.3.6 - - renovate@39.233.2 + - renovate@39.238.1 - rubocop@1.39.0 - ruff@0.11.3 - rustfmt@1.68.2 @@ -101,11 +101,11 @@ tools: definitions: - name: trunk-analytics-cli download: trunk-analytics-cli - known_good_version: 0.5.32 + known_good_version: 0.7.6 shims: [trunk-analytics-cli] health_checks: - command: trunk-analytics-cli --version - parse_regex: trunk-analytics-cli ${semver} + parse_regex: trunk flakytests ${semver} enabled: - gh@2.69.0 - grpcui@1.4.3 From f4394bc4bf5054d09751747a8070ec4083c18212 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 11 Apr 2025 11:14:10 -0700 Subject: [PATCH 118/176] Upgrade trunk (#224) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.32.3 → 1.33.1 - checkov 3.2.396 → 3.2.403 - prisma 6.5.0 → 6.6.0 - ruff 0.11.3 → 0.11.4 - stylelint 16.17.0 → 16.18.0 - trufflehog 3.88.22 → 3.88.23 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b3b6acc..e650532 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.32.3 - - checkov@3.2.396 + - cfnlint@1.33.1 + - checkov@3.2.403 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,18 +36,18 @@ lint: - oxipng@9.1.4 - pragma-once - prettier@3.5.3 - - prisma@6.5.0 + - prisma@6.6.0 - pylint@3.3.6 - renovate@39.238.1 - rubocop@1.39.0 - - ruff@0.11.3 + - ruff@0.11.4 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - sql-formatter@15.5.2 - - stylelint@16.17.0: + - stylelint@16.18.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.22 + - trufflehog@3.88.23 - trunk-toolbox@0.5.4 - yamllint@1.37.0 From 8e111574d81bcb3b09ad77b0a03539e1e51647f8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:55:45 -0700 Subject: [PATCH 119/176] Upgrade trunk (#226) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 1 linter was upgraded: - ruff 0.11.4 → 0.11.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.yaml b/plugin.yaml index e650532..8d80144 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -40,7 +40,7 @@ lint: - pylint@3.3.6 - renovate@39.238.1 - rubocop@1.39.0 - - ruff@0.11.4 + - ruff@0.11.5 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 From 76c8b5969f2c2c1004bd4f14c3e75014f18a7463 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:57:45 -0700 Subject: [PATCH 120/176] Bump github/codeql-action from 3.28.13 to 3.28.15 in the dependencies group (#225) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.13 to 3.28.15
Release notes

Sourced from github/codeql-action's releases.

v3.28.15

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

See the full CHANGELOG.md for more information.

v3.28.14

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #2838

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

... (truncated)

Commits
  • 45775bd Merge pull request #2854 from github/update-v3.28.15-a35ae8c38
  • dd78aab Update CHANGELOG.md with bug fix details
  • e40af59 Update changelog for v3.28.15
  • a35ae8c Merge pull request #2843 from github/cklin/diff-informed-compat
  • bb59df6 Merge pull request #2842 from github/henrymercer/zip64
  • 4b508f5 Merge pull request #2845 from github/mergeback/v3.28.14-to-main-fc7e4a0f
  • ca00afb Update checked-in dependencies
  • 2969c78 Update changelog and version after v3.28.14
  • fc7e4a0 Merge pull request #2844 from github/update-v3.28.14-362ef4ce2
  • be0175c Update changelog for v3.28.14
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.13&new-version=3.28.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d093a2f..34587bb 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3c5333b..c8e23af 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: results.sarif From 91c79ea1528c5110a206ff90deb7b808740ba2dd Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 18 Apr 2025 01:13:11 -0700 Subject: [PATCH 121/176] Upgrade trunk (#227) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - cfnlint 1.33.1 → 1.34.0 - checkov 3.2.403 → 3.2.405 - renovate 39.238.1 → 39.248.2 - trufflehog 3.88.23 → 3.88.24 2 tools were upgraded: - gh 2.69.0 → 2.70.0 - trunk-analytics-cli 0.7.6 → 0.7.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 8d80144..45ab159 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.33.1 - - checkov@3.2.403 + - cfnlint@1.34.0 + - checkov@3.2.405 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.5.3 - prisma@6.6.0 - pylint@3.3.6 - - renovate@39.238.1 + - renovate@39.248.2 - rubocop@1.39.0 - ruff@0.11.5 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.23 + - trufflehog@3.88.24 - trunk-toolbox@0.5.4 - yamllint@1.37.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.69.0 + - gh@2.70.0 - grpcui@1.4.3 - gt@1.6.1 - - trunk-analytics-cli@0.7.6 + - trunk-analytics-cli@0.7.7 From 81b42a7b4fd795ba2923a14581f11a614b8d9686 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 25 Apr 2025 01:24:36 -0700 Subject: [PATCH 122/176] Upgrade trunk (#228) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.34.0 → 1.34.1 - checkov 3.2.405 → 3.2.408 - renovate 39.248.2 → 39.257.5 - ruff 0.11.5 → 0.11.6 - sql-formatter 15.5.2 → 15.6.1 - stylelint 16.18.0 → 16.19.0 - trufflehog 3.88.24 → 3.88.25 2 tools were upgraded: - gh 2.70.0 → 2.71.2 - trunk-analytics-cli 0.7.7 → 0.7.9 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 45ab159..a7a268c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.34.0 - - checkov@3.2.405 + - cfnlint@1.34.1 + - checkov@3.2.408 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,16 +38,16 @@ lint: - prettier@3.5.3 - prisma@6.6.0 - pylint@3.3.6 - - renovate@39.248.2 + - renovate@39.257.5 - rubocop@1.39.0 - - ruff@0.11.5 + - ruff@0.11.6 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - - sql-formatter@15.5.2 - - stylelint@16.18.0: + - sql-formatter@15.6.1 + - stylelint@16.19.0: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.24 + - trufflehog@3.88.25 - trunk-toolbox@0.5.4 - yamllint@1.37.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.70.0 + - gh@2.71.2 - grpcui@1.4.3 - gt@1.6.1 - - trunk-analytics-cli@0.7.7 + - trunk-analytics-cli@0.7.9 From 4684165469e6beeb85781cfe71d4c01da32651fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 May 2025 11:06:35 -0700 Subject: [PATCH 123/176] Bump github/codeql-action from 3.28.15 to 3.28.16 in the dependencies group (#229) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.15 to 3.28.16
Release notes

Sourced from github/codeql-action's releases.

v3.28.16

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.16 - 23 Apr 2025

  • Update default CodeQL bundle version to 2.21.1. #2863

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.16 - 23 Apr 2025

  • Update default CodeQL bundle version to 2.21.1. #2863

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

... (truncated)

Commits
  • 28deaed Merge pull request #2865 from github/update-v3.28.16-2a8cbadc0
  • 03c5d71 Update changelog for v3.28.16
  • 2a8cbad Merge pull request #2863 from github/update-bundle/codeql-bundle-v2.21.1
  • f76eaf5 Add changelog note
  • e63b3f5 Update default bundle to codeql-bundle-v2.21.1
  • 4c3e536 Merge pull request #2853 from github/dependabot/npm_and_yarn/npm-7d84c66b66
  • 56dd02f Merge pull request #2852 from github/dependabot/github_actions/actions-457587...
  • 192406d Merge branch 'main' into dependabot/github_actions/actions-4575878e06
  • c7dbb20 Merge pull request #2857 from github/nickfyson/address-vulns
  • 9a45cd8 move use of input variables into env vars
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.15&new-version=3.28.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 34587bb..46dabd0 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c8e23af..ee74853 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: results.sarif From d11cb177ccd698d8fa86dc582ac7e52f6820d01f Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Thu, 1 May 2025 11:07:58 -0700 Subject: [PATCH 124/176] Upgrade trunk (#230) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - cfnlint 1.34.1 → 1.34.2 - renovate 39.257.5 → 39.257.8 - ruff 0.11.6 → 0.11.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index a7a268c..1955def 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,7 +17,7 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.0.3 - - cfnlint@1.34.1 + - cfnlint@1.34.2 - checkov@3.2.408 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -38,9 +38,9 @@ lint: - prettier@3.5.3 - prisma@6.6.0 - pylint@3.3.6 - - renovate@39.257.5 + - renovate@39.257.8 - rubocop@1.39.0 - - ruff@0.11.6 + - ruff@0.11.7 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 From 6f8f101fc9b23813fb35a93232cc55e4188566e0 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 2 May 2025 02:39:57 -0700 Subject: [PATCH 125/176] Upgrade trunk (#231) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - buildifier 8.0.3 → 8.2.0 - checkov 3.2.408 → 3.2.413 - osv-scanner 2.0.1 → 2.0.2 - oxipng 9.1.4 → 9.1.5 - prisma 6.6.0 → 6.7.0 - renovate 39.257.8 → 40.0.6 - stylelint 16.19.0 → 16.19.1 - trufflehog 3.88.25 → 3.88.26 1 tool was upgraded: - gh 2.71.2 → 2.72.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1955def..45b9b1c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -16,9 +16,9 @@ lint: - bandit@1.8.3 - black@25.1.0 - buf-lint@1.31.0! - - buildifier@8.0.3 + - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.408 + - checkov@3.2.413 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,13 +32,13 @@ lint: - markdown-link-check@3.13.7 - mypy@1.15.0 - nancy@1.0.48 - - osv-scanner@2.0.1 - - oxipng@9.1.4 + - osv-scanner@2.0.2 + - oxipng@9.1.5 - pragma-once - prettier@3.5.3 - - prisma@6.6.0 + - prisma@6.7.0 - pylint@3.3.6 - - renovate@39.257.8 + - renovate@40.0.6 - rubocop@1.39.0 - ruff@0.11.7 - rustfmt@1.68.2 @@ -47,7 +47,7 @@ lint: - shfmt@3.6.0 - sort-package-json@3.0.0 - sql-formatter@15.6.1 - - stylelint@16.19.0: + - stylelint@16.19.1: packages: - stylelint-config-standard-scss@14.0.0 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.25 + - trufflehog@3.88.26 - trunk-toolbox@0.5.4 - yamllint@1.37.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.71.2 + - gh@2.72.0 - grpcui@1.4.3 - gt@1.6.1 - trunk-analytics-cli@0.7.9 From 00ecd0588f8f7926bbc1a7982a4dd9b1720c4c1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 10:15:37 -0700 Subject: [PATCH 126/176] Bump github/codeql-action from 3.28.16 to 3.28.17 in the dependencies group (#232) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.16 to 3.28.17
Release notes

Sourced from github/codeql-action's releases.

v3.28.17

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.17 - 02 May 2025

  • Update default CodeQL bundle version to 2.21.2. #2872

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.17 - 02 May 2025

  • Update default CodeQL bundle version to 2.21.2. #2872

3.28.16 - 23 Apr 2025

  • Update default CodeQL bundle version to 2.21.1. #2863

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

  • Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

... (truncated)

Commits
  • 60168ef Merge pull request #2886 from github/update-v3.28.17-97a2bfd2a
  • 0d5a311 Update changelog for v3.28.17
  • 97a2bfd Merge pull request #2872 from github/update-bundle/codeql-bundle-v2.21.2
  • 9aba20e Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2
  • 81a9508 Merge pull request #2876 from github/henrymercer/fix-diff-informed-multiple-a...
  • 1569f4c Disable diff-informed queries in code scanning config tests
  • 62fbeb6 Merge branch 'main' into henrymercer/fix-diff-informed-multiple-analyze
  • f122d1d Address test failures from computing temporary directory too early
  • 083772a Do not fail diff informed analyses when analyze is run twice in the same job
  • 5db14d0 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.16&new-version=3.28.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 46dabd0..6d379ca 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 + uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 + uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 + uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ee74853..0148b9b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 with: sarif_file: results.sarif From 6a2ce43e548b272a1a962df3f6f8da83fe563217 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 10:17:38 -0700 Subject: [PATCH 127/176] Upgrade trunk (#233) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - checkov 3.2.413 → 3.2.414 - ruff 0.11.7 → 0.11.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 45b9b1c..bab5df0 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.413 + - checkov@3.2.414 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -40,7 +40,7 @@ lint: - pylint@3.3.6 - renovate@40.0.6 - rubocop@1.39.0 - - ruff@0.11.7 + - ruff@0.11.8 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 From 01660067bf490cec164ed5d2bf54132413ba4004 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 9 May 2025 11:35:56 -0700 Subject: [PATCH 128/176] Upgrade trunk (#234) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - checkov 3.2.414 → 3.2.416 - pylint 3.3.6 → 3.3.7 - trufflehog 3.88.26 → 3.88.28 - yamllint 1.37.0 → 1.37.1 1 tool was upgraded: - trunk-analytics-cli 0.7.9 → 0.7.10 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index bab5df0..dde2cef 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.414 + - checkov@3.2.416 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -37,7 +37,7 @@ lint: - pragma-once - prettier@3.5.3 - prisma@6.7.0 - - pylint@3.3.6 + - pylint@3.3.7 - renovate@40.0.6 - rubocop@1.39.0 - ruff@0.11.8 @@ -56,9 +56,9 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.26 + - trufflehog@3.88.28 - trunk-toolbox@0.5.4 - - yamllint@1.37.0 + - yamllint@1.37.1 # Sourcing repos will have these configs available to applicable linters exported_configs: @@ -110,4 +110,4 @@ tools: - gh@2.72.0 - grpcui@1.4.3 - gt@1.6.1 - - trunk-analytics-cli@0.7.9 + - trunk-analytics-cli@0.7.10 From 96993c814e5aeff7eb130dc231fca39bb6cb03ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 11 May 2025 19:11:56 -0700 Subject: [PATCH 129/176] Bump trunk-io/trunk-action from 1.1.19 to 1.2.1 in the dependencies group (#235) Bumps the dependencies group with 1 update: [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `trunk-io/trunk-action` from 1.1.19 to 1.2.1
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.2.1

What's Changed

  • Fixes token issue when posting deprecation comment (#278)

For more information, see the migration guide.

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.2.0...v1.2.1

v1.2.0

What's Changed

  • Add deprecation notice for check uploads (#276)
  • Add deprecation notice for check on PRs (#277)

For more information, see the migration guide.

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.1.19...v1.2.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=trunk-io/trunk-action&package-manager=github_actions&previous-version=1.1.19&new-version=1.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/upgrade_trunk.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index 48a4219..bed8368 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@4d5ecc89b2691705fd08c747c78652d2fc806a94 + uses: trunk-io/trunk-action/upgrade@12243abae10c54b42a32cb25a465023c66e40e5b with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From 9452f3a0ff6060841d8e4370525cdcc789d67972 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 10:52:54 -0700 Subject: [PATCH 130/176] Upgrade trunk (#236) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - stylelint 16.19.1 → 16.19.1 - stylelint-config-standard-scss 14.0.0 → 15.0.0 - trufflehog 3.88.28 → 3.88.29 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index dde2cef..0e6c453 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -49,14 +49,14 @@ lint: - sql-formatter@15.6.1 - stylelint@16.19.1: packages: - - stylelint-config-standard-scss@14.0.0 + - stylelint-config-standard-scss@15.0.0 - stylelint-config-clean-order@7.0.0 - svgo@3.3.2 - taplo@0.9.3 - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.28 + - trufflehog@3.88.29 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From 7a32d74fa67d175a42346702daa296afae186f4c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 16 May 2025 06:30:13 -0700 Subject: [PATCH 131/176] Upgrade trunk (#237) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - checkov 3.2.416 → 3.2.423 - ruff 0.11.8 → 0.11.9 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 0e6c453..41310a4 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.416 + - checkov@3.2.423 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -40,7 +40,7 @@ lint: - pylint@3.3.7 - renovate@40.0.6 - rubocop@1.39.0 - - ruff@0.11.8 + - ruff@0.11.9 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 From 4fd9577aee1cc98d2922eb0daaf8c4160ebba94b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 10:04:12 -0700 Subject: [PATCH 132/176] Bump the dependencies group with 2 updates (#238) Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action). Updates `github/codeql-action` from 3.28.17 to 3.28.18
Release notes

Sourced from github/codeql-action's releases.

v3.28.18

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.18 - 16 May 2025

  • Update default CodeQL bundle version to 2.21.3. #2893
  • Skip validating SARIF produced by CodeQL for improved performance. #2894
  • The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.18 - 16 May 2025

  • Update default CodeQL bundle version to 2.21.3. #2893
  • Skip validating SARIF produced by CodeQL for improved performance. #2894
  • The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

3.28.17 - 02 May 2025

  • Update default CodeQL bundle version to 2.21.2. #2872

3.28.16 - 23 Apr 2025

  • Update default CodeQL bundle version to 2.21.1. #2863

3.28.15 - 07 Apr 2025

  • Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

  • Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

  • Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
  • Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

  • Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

  • Update default CodeQL bundle version to 2.20.5. #2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

... (truncated)

Commits
  • ff0a06e Merge pull request #2896 from github/update-v3.28.18-b86edfc27
  • a41e084 Update changelog for v3.28.18
  • b86edfc Merge pull request #2893 from github/update-bundle/codeql-bundle-v2.21.3
  • e93b900 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.3
  • 510dfa3 Merge pull request #2894 from github/henrymercer/skip-validating-codeql-sarif
  • 492d783 Merge branch 'main' into henrymercer/skip-validating-codeql-sarif
  • 83bdf3b Merge pull request #2859 from github/update-supported-enterprise-server-versions
  • cffc916 Merge pull request #2891 from austinpray-mixpanel/patch-1
  • 4420887 Add deprecation warning for CodeQL 2.16.5 and earlier
  • 4e178c5 Update supported versions table in README
  • Additional commits viewable in compare view

Updates `trunk-io/trunk-action` from 1.2.1 to 1.2.3
Release notes

Sourced from trunk-io/trunk-action's releases.

v1.2.3

What's Changed

  • Update deprecation comment copy (#280)

For more information, see the migration guide.

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.2.2...v1.2.3

v1.2.2

What's Changed

  • Only posts deprecation comment when checking PRs (#279)

For more information, see the migration guide.

Full Changelog: https://github.com/trunk-io/trunk-action/compare/v1.2.1...v1.2.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- .github/workflows/upgrade_trunk.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 6d379ca..3fe1615 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0148b9b..4b189dc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index bed8368..b83bc06 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@12243abae10c54b42a32cb25a465023c66e40e5b + uses: trunk-io/trunk-action/upgrade@b8812b3da2f527db878ef7541c4177f8d280cd89 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n From 2c6f9d5fa8888e61662268300a6ca890042647a9 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 11:46:22 -0700 Subject: [PATCH 133/176] Upgrade trunk (#239) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - checkov 3.2.423 → 3.2.424 - prisma 6.7.0 → 6.8.1 - ruff 0.11.9 → 0.11.10 - stylelint 16.19.1 → 16.19.1 - stylelint-config-standard-scss 15.0.0 → 15.0.1 1 tool was upgraded: - gt 1.6.1 → 1.6.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 41310a4..3e71c15 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.423 + - checkov@3.2.424 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,11 +36,11 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.5.3 - - prisma@6.7.0 + - prisma@6.8.1 - pylint@3.3.7 - renovate@40.0.6 - rubocop@1.39.0 - - ruff@0.11.9 + - ruff@0.11.10 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 @@ -49,7 +49,7 @@ lint: - sql-formatter@15.6.1 - stylelint@16.19.1: packages: - - stylelint-config-standard-scss@15.0.0 + - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 - svgo@3.3.2 - taplo@0.9.3 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.72.0 - grpcui@1.4.3 - - gt@1.6.1 + - gt@1.6.2 - trunk-analytics-cli@0.7.10 From 0fbd2d6ddd6d78c48c49dcac219489b7022e3a31 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 23 May 2025 01:44:30 -0700 Subject: [PATCH 134/176] Upgrade trunk (#240) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - checkov 3.2.424 → 3.2.427 - markdownlint 0.44.0 → 0.45.0 - prisma 6.8.1 → 6.8.2 - sql-formatter 15.6.1 → 15.6.2 - trufflehog 3.88.29 → 3.88.32 2 tools were upgraded: - gh 2.72.0 → 2.73.0 - trunk-analytics-cli 0.7.10 → 0.8.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3e71c15..e7c2ff5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.424 + - checkov@3.2.427 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -28,7 +28,7 @@ lint: - golangci-lint@1.64.8 - hadolint@2.12.1-beta - isort@6.0.1 - - markdownlint@0.44.0 + - markdownlint@0.45.0 - markdown-link-check@3.13.7 - mypy@1.15.0 - nancy@1.0.48 @@ -36,7 +36,7 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.5.3 - - prisma@6.8.1 + - prisma@6.8.2 - pylint@3.3.7 - renovate@40.0.6 - rubocop@1.39.0 @@ -46,7 +46,7 @@ lint: - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.0.0 - - sql-formatter@15.6.1 + - sql-formatter@15.6.2 - stylelint@16.19.1: packages: - stylelint-config-standard-scss@15.0.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.29 + - trufflehog@3.88.32 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.72.0 + - gh@2.73.0 - grpcui@1.4.3 - gt@1.6.2 - - trunk-analytics-cli@0.7.10 + - trunk-analytics-cli@0.8.1 From efd3ddad85602ab9b136ebb0af91d0380bcd325e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 26 May 2025 21:19:16 -0700 Subject: [PATCH 135/176] Upgrade trunk (#241) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - checkov 3.2.427 → 3.2.432 - ruff 0.11.10 → 0.11.11 - trufflehog 3.88.32 → 3.88.33 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index e7c2ff5..afa183c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.0 - cfnlint@1.34.2 - - checkov@3.2.427 + - checkov@3.2.432 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -40,7 +40,7 @@ lint: - pylint@3.3.7 - renovate@40.0.6 - rubocop@1.39.0 - - ruff@0.11.10 + - ruff@0.11.11 - rustfmt@1.68.2 - semgrep@1.116.0 - shellcheck@0.10.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.32 + - trufflehog@3.88.33 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From 35e2de5b25bf6ee4033c0e707dcade06b1efe3f7 Mon Sep 17 00:00:00 2001 From: Eli Schleifer <1265982+EliSchleifer@users.noreply.github.com> Date: Tue, 27 May 2025 13:27:50 -0700 Subject: [PATCH 136/176] Update config to latest trunk releases (#242) --- .trunk/trunk.yaml | 4 ++-- plugin.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 90ec77f..a69f4b7 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,11 +1,11 @@ version: 0.1 cli: - version: 1.22.6 + version: 1.22.15 plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.6.4 + ref: v1.7.0 - id: configs local: . diff --git a/plugin.yaml b/plugin.yaml index afa183c..b272977 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -4,8 +4,8 @@ required_trunk_version: ">=1.7.1-beta.9" # Applicable linters and actions will run with these runtime versions runtimes: enabled: - - go@1.21.0 - - node@20.11.0 + - go@1.24.3 + - node@22.16.0 - python@3.10.8 - ruby@3.1.4 @@ -101,7 +101,7 @@ tools: definitions: - name: trunk-analytics-cli download: trunk-analytics-cli - known_good_version: 0.7.6 + known_good_version: 0.8.1 shims: [trunk-analytics-cli] health_checks: - command: trunk-analytics-cli --version From 974194556f463cd9fd4d8dd6f821f800b3b2ba70 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 09:43:45 -0700 Subject: [PATCH 137/176] Upgrade trunk (#243) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.34.2 → 1.35.3 - checkov 3.2.432 → 3.2.435 - mypy 1.15.0 → 1.16.0 - renovate 40.0.6 → 40.36.2 - ruff 0.11.11 → 0.11.12 - semgrep 1.116.0 → 1.123.0 - sort-package-json 3.0.0 → 3.2.1 - stylelint 16.19.1 → 16.20.0 - trufflehog 3.88.33 → 3.88.35 1 runtime was upgraded: - ruby 3.1.4 → 3.4.2 2 tools were upgraded: - gh 2.73.0 → 2.74.0 - trunk-analytics-cli 0.8.1 → 0.9.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b272977..ede48f1 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -7,7 +7,7 @@ runtimes: - go@1.24.3 - node@22.16.0 - python@3.10.8 - - ruby@3.1.4 + - ruby@3.4.2 lint: # By sourcing this plugin, repos will enable these linters @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.0 - - cfnlint@1.34.2 - - checkov@3.2.432 + - cfnlint@1.35.3 + - checkov@3.2.435 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,7 +30,7 @@ lint: - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - - mypy@1.15.0 + - mypy@1.16.0 - nancy@1.0.48 - osv-scanner@2.0.2 - oxipng@9.1.5 @@ -38,16 +38,16 @@ lint: - prettier@3.5.3 - prisma@6.8.2 - pylint@3.3.7 - - renovate@40.0.6 + - renovate@40.36.2 - rubocop@1.39.0 - - ruff@0.11.11 + - ruff@0.11.12 - rustfmt@1.68.2 - - semgrep@1.116.0 + - semgrep@1.123.0 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@3.0.0 + - sort-package-json@3.2.1 - sql-formatter@15.6.2 - - stylelint@16.19.1: + - stylelint@16.20.0: packages: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.33 + - trufflehog@3.88.35 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.73.0 + - gh@2.74.0 - grpcui@1.4.3 - gt@1.6.2 - - trunk-analytics-cli@0.8.1 + - trunk-analytics-cli@0.9.1 From c15ef2cc4cb4f701244617fa70a22a7b2de768ba Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 22 Jul 2025 09:55:48 -0700 Subject: [PATCH 138/176] Upgrade trunk (#245) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 16 linters were upgraded: - bandit 1.8.3 → 1.8.6 - buildifier 8.2.0 → 8.2.1 - cfnlint 1.35.3 → 1.38.0 - checkov 3.2.435 → 3.2.451 - mypy 1.16.0 → 1.17.0 - osv-scanner 2.0.2 → 2.0.3 - prettier 3.5.3 → 3.6.2 - prisma 6.8.2 → 6.12.0 - renovate 40.36.2 → 41.38.1 - ruff 0.11.12 → 0.12.4 - semgrep 1.123.0 → 1.128.1 - sort-package-json 3.2.1 → 3.4.0 - sql-formatter 15.6.2 → 15.6.6 - stylelint 16.20.0 → 16.21.1 - svgo 3.3.2 → 4.0.0 - trufflehog 3.88.35 → 3.90.0 3 tools were upgraded: - gh 2.74.0 → 2.76.0 - gt 1.6.2 → 1.6.6 - trunk-analytics-cli 0.9.1 → 0.10.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index ede48f1..19cefe8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,12 +13,12 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.7 - - bandit@1.8.3 + - bandit@1.8.6 - black@25.1.0 - buf-lint@1.31.0! - - buildifier@8.2.0 - - cfnlint@1.35.3 - - checkov@3.2.435 + - buildifier@8.2.1 + - cfnlint@1.38.0 + - checkov@3.2.451 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,33 +30,33 @@ lint: - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - - mypy@1.16.0 + - mypy@1.17.0 - nancy@1.0.48 - - osv-scanner@2.0.2 + - osv-scanner@2.0.3 - oxipng@9.1.5 - pragma-once - - prettier@3.5.3 - - prisma@6.8.2 + - prettier@3.6.2 + - prisma@6.12.0 - pylint@3.3.7 - - renovate@40.36.2 + - renovate@41.38.1 - rubocop@1.39.0 - - ruff@0.11.12 + - ruff@0.12.4 - rustfmt@1.68.2 - - semgrep@1.123.0 + - semgrep@1.128.1 - shellcheck@0.10.0 - shfmt@3.6.0 - - sort-package-json@3.2.1 - - sql-formatter@15.6.2 - - stylelint@16.20.0: + - sort-package-json@3.4.0 + - sql-formatter@15.6.6 + - stylelint@16.21.1: packages: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 - - svgo@3.3.2 + - svgo@4.0.0 - taplo@0.9.3 - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.88.35 + - trufflehog@3.90.0 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.74.0 + - gh@2.76.0 - grpcui@1.4.3 - - gt@1.6.2 - - trunk-analytics-cli@0.9.1 + - gt@1.6.6 + - trunk-analytics-cli@0.10.5 From cd68ba971f3bdc3c663741b419a444b26cdce8ea Mon Sep 17 00:00:00 2001 From: Tyler Jang Date: Wed, 23 Jul 2025 12:00:19 -0700 Subject: [PATCH 139/176] (Chore): Switch to GH Action for Code Quality (#247) --- .github/workflows/code_quality.yaml | 20 ++++++++++++++++++++ .trunk/trunk.yaml | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/code_quality.yaml diff --git a/.github/workflows/code_quality.yaml b/.github/workflows/code_quality.yaml new file mode 100644 index 0000000..b55524d --- /dev/null +++ b/.github/workflows/code_quality.yaml @@ -0,0 +1,20 @@ +name: Trunk Code Quality +on: + pull_request: {} + +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Trunk Code Quality + uses: trunk-io/trunk-action@v1 diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index a69f4b7..b1e5af6 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,11 +1,11 @@ version: 0.1 cli: - version: 1.22.15 + version: 1.24.0 plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.7.0 + ref: v1.7.1 - id: configs local: . From 3d4b92746fe202a640d00ad779bc5a03f6ab4094 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 25 Jul 2025 02:25:05 -0700 Subject: [PATCH 140/176] Upgrade trunk (#248) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 5 linters were upgraded: - checkov 3.2.451 → 3.2.454 - renovate 41.38.1 → 41.43.0 - semgrep 1.128.1 → 1.130.0 - stylelint 16.21.1 → 16.22.0 - trufflehog 3.90.0 → 3.90.2 2 tools were upgraded: - gh 2.76.0 → 2.76.1 - gt 1.6.6 → 1.6.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 19cefe8..c128012 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.1 - cfnlint@1.38.0 - - checkov@3.2.451 + - checkov@3.2.454 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,16 +38,16 @@ lint: - prettier@3.6.2 - prisma@6.12.0 - pylint@3.3.7 - - renovate@41.38.1 + - renovate@41.43.0 - rubocop@1.39.0 - ruff@0.12.4 - rustfmt@1.68.2 - - semgrep@1.128.1 + - semgrep@1.130.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - sql-formatter@15.6.6 - - stylelint@16.21.1: + - stylelint@16.22.0: packages: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.0 + - trufflehog@3.90.2 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.76.0 + - gh@2.76.1 - grpcui@1.4.3 - - gt@1.6.6 + - gt@1.6.7 - trunk-analytics-cli@0.10.5 From d25e7e34eb86da07fba6015ed36e733344e0df8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Jul 2025 22:03:50 -0700 Subject: [PATCH 141/176] Bump the dependencies group across 1 directory with 2 updates (#249) Bumps the dependencies group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `github/codeql-action` from 3.28.18 to 3.29.4
Release notes

Sourced from github/codeql-action's releases.

v3.29.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

See the full CHANGELOG.md for more information.

v3.29.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

See the full CHANGELOG.md for more information.

v3.29.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #2925
  • Bump minimum CodeQL bundle version to 2.16.6. #2912

3.28.20 - 21 July 2025

3.28.19 - 03 Jun 2025

  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview. The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #2910

3.28.18 - 16 May 2025

  • Update default CodeQL bundle version to 2.21.3. #2893
  • Skip validating SARIF produced by CodeQL for improved performance. #2894
  • The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

3.28.17 - 02 May 2025

... (truncated)

Commits
  • 4e828ff Merge pull request #2989 from github/update-v3.29.4-37264dc0b
  • b3114b8 Update changelog for v3.29.4
  • 37264dc Merge pull request #2988 from github/koesie10/disable-combine-single-file
  • 5a29823 Merge remote-tracking branch 'origin/main' into koesie10/disable-combine-sing...
  • 5a2327a Merge pull request #2987 from github/mbg/combine-sarif-error
  • 287d421 Disable combining runs within a single file
  • 43afe6e Treat processing error for multiple runs with the same category as configurat...
  • 8f2e636 Merge pull request #2981 from github/dependabot/npm_and_yarn/npm-fe13dfda46
  • 76bf77d Merge pull request #2980 from github/dependabot/github_actions/actions-504b6c...
  • 9e7d13d Merge pull request #2983 from github/koesie10/update-changelog-link
  • Additional commits viewable in compare view

Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2

Commits
  • 05b42c6 :seedling: bump docker to ghcr v2.4.2 (#1548)
  • b225da6 Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (#1550)
  • 9399f6f :seedling: Bump the docker-images group across 1 directory with 2 updates (#1...
  • e1daa8c :seedling: Bump the github-actions group across 1 directory with 5 updates (#...
  • 9fe6511 :seedling: Bump golang.org/x/net from 0.39.0 to 0.40.0 (#1542)
  • 25b9cd9 :seedling: Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (#1547)
  • 18cc9b8 :seedling: Bump golang.org/x/net from 0.38.0 to 0.39.0 (#1536)
  • db78142 :seedling: Bump the github-actions group with 2 updates (#1538)
  • de386ed :seedling: Bump golang from 1.24.1 to 1.24.2 in the docker-images group (#1534)
  • 5b7cedb :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#1537)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 3fe1615..de3cf3b 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/init@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/autobuild@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/analyze@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4b189dc..e2b3866 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 with: sarif_file: results.sarif From c0f11c7b95a3b81f59d07e1c277f9202a64707f6 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Tue, 29 Jul 2025 09:48:45 -0700 Subject: [PATCH 142/176] Upgrade trunk (#250) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - renovate 41.43.0 → 41.43.2 - ruff 0.12.4 → 0.12.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index c128012..16e8b07 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,9 +38,9 @@ lint: - prettier@3.6.2 - prisma@6.12.0 - pylint@3.3.7 - - renovate@41.43.0 + - renovate@41.43.2 - rubocop@1.39.0 - - ruff@0.12.4 + - ruff@0.12.5 - rustfmt@1.68.2 - semgrep@1.130.0 - shellcheck@0.10.0 From c97f2d36571ddefac688defba07bcacb95fc00b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 12:52:13 -0400 Subject: [PATCH 143/176] Bump github/codeql-action from 3.29.4 to 3.29.5 in the dependencies group (#252) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.4 to 3.29.5
Release notes

Sourced from github/codeql-action's releases.

v3.29.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #2925
  • Bump minimum CodeQL bundle version to 2.16.6. #2912

3.28.21 - 28 July 2025

No user facing changes.

3.28.20 - 21 July 2025

3.28.19 - 03 Jun 2025

  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview. The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #2910

... (truncated)

Commits
  • 51f7732 Merge pull request #2997 from github/update-v3.29.5-80a09d7b0
  • 8e90243 Update changelog for v3.29.5
  • 80a09d7 Merge pull request #2996 from github/dependabot/npm_and_yarn/npm-240ab9fad0
  • 8388115 Merge pull request #2994 from github/mergeback/changelog/v3.28.21
  • 401ecaf Merge branch 'main' into mergeback/changelog/v3.28.21
  • ab5c0c5 Merge branch 'main' into dependabot/npm_and_yarn/npm-240ab9fad0
  • cd264d4 Merge pull request #2986 from github/update-bundle/codeql-bundle-v2.22.2
  • 4599055 Merge branch 'main' into update-bundle/codeql-bundle-v2.22.2
  • fd7ad51 Merge pull request #2971 from github/update-supported-enterprise-server-versions
  • ac0c9bf Merge branch 'main' into update-supported-enterprise-server-versions
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.4&new-version=3.29.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index de3cf3b..2409653 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e2b3866..dc4bae9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: results.sarif From 6c02d3cc0dd2a746a9412ae9d2915d9056b493a7 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 13:03:20 -0400 Subject: [PATCH 144/176] Upgrade trunk (#251) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - cfnlint 1.38.0 → 1.38.1 - checkov 3.2.454 → 3.2.457 - mypy 1.17.0 → 1.17.1 - prisma 6.12.0 → 6.13.0 - renovate 41.43.2 → 41.46.8 - ruff 0.12.5 → 0.12.7 - semgrep 1.130.0 → 1.131.0 - stylelint 16.22.0 → 16.23.0 1 tool was upgraded: - gh 2.76.1 → 2.76.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 16e8b07..196cca9 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.38.0 - - checkov@3.2.454 + - cfnlint@1.38.1 + - checkov@3.2.457 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -30,24 +30,24 @@ lint: - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - - mypy@1.17.0 + - mypy@1.17.1 - nancy@1.0.48 - osv-scanner@2.0.3 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.12.0 + - prisma@6.13.0 - pylint@3.3.7 - - renovate@41.43.2 + - renovate@41.46.8 - rubocop@1.39.0 - - ruff@0.12.5 + - ruff@0.12.7 - rustfmt@1.68.2 - - semgrep@1.130.0 + - semgrep@1.131.0 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - sql-formatter@15.6.6 - - stylelint@16.22.0: + - stylelint@16.23.0: packages: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.76.1 + - gh@2.76.2 - grpcui@1.4.3 - gt@1.6.7 - trunk-analytics-cli@0.10.5 From ce1b20b8b4a9970d0b092446fa086b46c9a44309 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 11:25:16 -0400 Subject: [PATCH 145/176] Upgrade trunk (#253) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - cfnlint 1.38.1 → 1.38.2 - checkov 3.2.457 → 3.2.458 - renovate 41.46.8 → 41.56.0 - trufflehog 3.90.2 → 3.90.3 1 tool was upgraded: - trunk-analytics-cli 0.10.5 → 0.10.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 196cca9..dcae828 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.38.1 - - checkov@3.2.457 + - cfnlint@1.38.2 + - checkov@3.2.458 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.6.2 - prisma@6.13.0 - pylint@3.3.7 - - renovate@41.46.8 + - renovate@41.56.0 - rubocop@1.39.0 - ruff@0.12.7 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.2 + - trufflehog@3.90.3 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -110,4 +110,4 @@ tools: - gh@2.76.2 - grpcui@1.4.3 - gt@1.6.7 - - trunk-analytics-cli@0.10.5 + - trunk-analytics-cli@0.10.6 From 8b1192e4345acf8e8677eb9383c00ab70cef03f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Aug 2025 21:57:41 -0400 Subject: [PATCH 146/176] Bump github/codeql-action from 3.29.7 to 3.29.8 in the dependencies group (#254) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.7 to 3.29.8
Release notes

Sourced from github/codeql-action's releases.

v3.29.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999
  • Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #2925
  • Bump minimum CodeQL bundle version to 2.16.6. #2912

3.28.21 - 28 July 2025

No user facing changes.

... (truncated)

Commits
  • 76621b6 Merge pull request #3019 from github/update-v3.29.8-679a40d33
  • 29ac3ce Add release notes for 3.29.7
  • 737cfde Update changelog for v3.29.8
  • 679a40d Merge pull request #3014 from github/henrymercer/rebuild-dispatch
  • 6fe50b2 Merge pull request #3015 from github/henrymercer/language-autodetection-worka...
  • 6bc91d6 Add changelog note
  • 6b4fedc Bump Action patch version
  • 5794ffc Fix auto-detection of extractors that aren't languages
  • bd62bf4 Finish in-progress merges
  • 2afb4e6 Avoid specifying branch unnecessarily
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.7&new-version=3.29.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 2409653..c73957d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index dc4bae9..bdb0fe7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: results.sarif From c6ca5b3f812238d35600de356700d0993480ed65 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 10:44:57 -0400 Subject: [PATCH 147/176] Upgrade trunk (#255) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - renovate 41.56.0 → 41.59.0 - stylelint 16.23.0 → 16.23.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index dcae828..6a9ec41 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,7 +38,7 @@ lint: - prettier@3.6.2 - prisma@6.13.0 - pylint@3.3.7 - - renovate@41.56.0 + - renovate@41.59.0 - rubocop@1.39.0 - ruff@0.12.7 - rustfmt@1.68.2 @@ -47,7 +47,7 @@ lint: - shfmt@3.6.0 - sort-package-json@3.4.0 - sql-formatter@15.6.6 - - stylelint@16.23.0: + - stylelint@16.23.1: packages: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 From 9f8ab8d11db3815171ce03d9a9b512adc1e24a9e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 10:14:49 -0400 Subject: [PATCH 148/176] Upgrade trunk (#256) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - cfnlint 1.38.2 → 1.38.3 - checkov 3.2.458 → 3.2.461 - prisma 6.13.0 → 6.14.0 - pylint 3.3.7 → 3.3.8 - renovate 41.59.0 → 41.71.1 - trufflehog 3.90.3 → 3.90.4 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 6a9ec41..cb19458 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.38.2 - - checkov@3.2.458 + - cfnlint@1.38.3 + - checkov@3.2.461 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,9 +36,9 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.13.0 - - pylint@3.3.7 - - renovate@41.59.0 + - prisma@6.14.0 + - pylint@3.3.8 + - renovate@41.71.1 - rubocop@1.39.0 - ruff@0.12.7 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.3 + - trufflehog@3.90.4 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From bd321be12640f0d442b233524ca8972acddf2bf3 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 10:13:14 -0400 Subject: [PATCH 149/176] Upgrade trunk (#258) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - renovate 41.71.1 → 41.74.0 - semgrep 1.131.0 → 1.132.1 - trufflehog 3.90.4 → 3.90.5 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index cb19458..7862f67 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,11 +38,11 @@ lint: - prettier@3.6.2 - prisma@6.14.0 - pylint@3.3.8 - - renovate@41.71.1 + - renovate@41.74.0 - rubocop@1.39.0 - ruff@0.12.7 - rustfmt@1.68.2 - - semgrep@1.131.0 + - semgrep@1.132.1 - shellcheck@0.10.0 - shfmt@3.6.0 - sort-package-json@3.4.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.4 + - trufflehog@3.90.5 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From 8b62643a9188af74910a9a91585d33bc4dbb1443 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 10:16:06 -0400 Subject: [PATCH 150/176] Bump the dependencies group with 2 updates (#257) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4 to 5
Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Commits

Updates `github/codeql-action` from 3.29.8 to 3.29.9
Release notes

Sourced from github/codeql-action's releases.

v3.29.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999
  • Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #2925
  • Bump minimum CodeQL bundle version to 2.16.6. #2912

... (truncated)

Commits
  • df55935 Merge pull request #3026 from github/update-v3.29.9-cc722e476
  • 53f255b Update changelog for v3.29.9
  • cc722e4 Merge pull request #3023 from github/redsun82/rust-test
  • a4cd8fd Merge pull request #3024 from github/dependabot/npm_and_yarn/npm-3a4f9bf414
  • 542b274 Update checked-in dependencies
  • 1a376ca Bump the npm group with 6 updates
  • 9f966bb Merge branch 'main' into redsun82/rust-test
  • c6dcdfa Merge pull request #2993 from github/cklin/overlay-pack-check
  • 821d3bd Merge branch 'main' into cklin/overlay-pack-check
  • bf1dd69 Move comments up in rust.yml
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/code_quality.yaml | 2 +- .github/workflows/codeql.yaml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/upgrade_trunk.yaml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/code_quality.yaml b/.github/workflows/code_quality.yaml index b55524d..9b43605 100644 --- a/.github/workflows/code_quality.yaml +++ b/.github/workflows/code_quality.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Trunk Code Quality uses: trunk-io/trunk-action@v1 diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index c73957d..e47aaf7 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -34,11 +34,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bdb0fe7..278d2e3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 with: persist-credentials: false @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index b83bc06..a166234 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -16,7 +16,7 @@ jobs: pull-requests: write # For trunk to create PRs steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Create App Token for TrunkBuild App (Internal) uses: tibdex/github-app-token@v2 From 5f941e2cf88b7a3bf29bf30617490d8310c83767 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 10:18:05 -0400 Subject: [PATCH 151/176] Upgrade trunk (#259) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 8 linters were upgraded: - cfnlint 1.38.3 → 1.39.0 - checkov 3.2.461 → 3.2.464 - nancy 1.0.48 → 1.0.51 - osv-scanner 2.0.3 → 2.2.1 - renovate 41.74.0 → 41.82.1 - ruff 0.12.7 → 0.12.9 - shellcheck 0.10.0 → 0.11.0 - taplo 0.9.3 → 0.10.0 2 tools were upgraded: - gh 2.76.2 → 2.78.0 - gt 1.6.7 → 1.6.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 7862f67..b8930fd 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.38.3 - - checkov@3.2.461 + - cfnlint@1.39.0 + - checkov@3.2.464 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -31,19 +31,19 @@ lint: - markdownlint@0.45.0 - markdown-link-check@3.13.7 - mypy@1.17.1 - - nancy@1.0.48 - - osv-scanner@2.0.3 + - nancy@1.0.51 + - osv-scanner@2.2.1 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - prisma@6.14.0 - pylint@3.3.8 - - renovate@41.74.0 + - renovate@41.82.1 - rubocop@1.39.0 - - ruff@0.12.7 + - ruff@0.12.9 - rustfmt@1.68.2 - semgrep@1.132.1 - - shellcheck@0.10.0 + - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - sql-formatter@15.6.6 @@ -52,7 +52,7 @@ lint: - stylelint-config-standard-scss@15.0.1 - stylelint-config-clean-order@7.0.0 - svgo@4.0.0 - - taplo@0.9.3 + - taplo@0.10.0 - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.76.2 + - gh@2.78.0 - grpcui@1.4.3 - - gt@1.6.7 + - gt@1.6.8 - trunk-analytics-cli@0.10.6 From 03e25c2509d6e018d25906abf9bf58c1ceb1d5a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 24 Aug 2025 16:10:26 -0400 Subject: [PATCH 152/176] Bump github/codeql-action from 3.29.9 to 3.29.11 in the dependencies group (#260) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.9 to 3.29.11
Release notes

Sourced from github/codeql-action's releases.

v3.29.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

See the full CHANGELOG.md for more information.

v3.29.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999
  • Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

... (truncated)

Commits
  • 3c3833e Merge pull request #3052 from github/update-v3.29.11-14148a433
  • 8c4bfbd Update changelog for v3.29.11
  • 14148a4 Merge pull request #3044 from github/update-bundle/codeql-bundle-v2.22.4
  • 71b2cb3 Add changelog note
  • 2bf7825 Update default bundle to codeql-bundle-v2.22.4
  • db69a51 Merge pull request #3049 from github/update-supported-enterprise-server-versions
  • a68d47b Merge pull request #3050 from github/henrymercer/init-not-called-config-error
  • e496ff9 Make "init not called" a configuration error
  • fd2ea72 Update supported GitHub Enterprise Server versions
  • 6dee5bc Merge pull request #3045 from github/dependabot/npm_and_yarn/npm-5b4171dd16
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.9&new-version=3.29.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e47aaf7..f0a4ab2 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/autobuild@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 278d2e3..73d0a22 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: sarif_file: results.sarif From 5dea4db96300c57083267dc12f4837bdd0813e47 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 10:40:30 -0400 Subject: [PATCH 153/176] Upgrade trunk (#261) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 2 linters were upgraded: - renovate 41.82.1 → 41.82.4 - ruff 0.12.9 → 0.12.10 1 tool was upgraded: - trunk-analytics-cli 0.10.6 → 0.10.7 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b8930fd..c07e5d2 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,9 +38,9 @@ lint: - prettier@3.6.2 - prisma@6.14.0 - pylint@3.3.8 - - renovate@41.82.1 + - renovate@41.82.4 - rubocop@1.39.0 - - ruff@0.12.9 + - ruff@0.12.10 - rustfmt@1.68.2 - semgrep@1.132.1 - shellcheck@0.11.0 @@ -110,4 +110,4 @@ tools: - gh@2.78.0 - grpcui@1.4.3 - gt@1.6.8 - - trunk-analytics-cli@0.10.6 + - trunk-analytics-cli@0.10.7 From 1d9dcd936eb3111bb3dfaa4cfe12c490c7c58f0c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 23:00:49 -0400 Subject: [PATCH 154/176] Upgrade trunk (#262) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.39.0 → 1.39.1 - checkov 3.2.464 → 3.2.469 - hadolint 2.12.1-beta → 2.13.1 - osv-scanner 2.2.1 → 2.2.2 - prisma 6.14.0 → 6.15.0 - renovate 41.82.4 → 41.96.1 - ruff 0.12.10 → 0.12.11 - semgrep 1.132.1 → 1.135.0 - sql-formatter 15.6.6 → 15.6.7 1 tool was upgraded: - trunk-analytics-cli 0.10.7 → 0.10.9 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index c07e5d2..bc9fb3c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.1.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.39.0 - - checkov@3.2.464 + - cfnlint@1.39.1 + - checkov@3.2.469 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -26,27 +26,27 @@ lint: - git-diff-check - gofmt@1.20.4 - golangci-lint@1.64.8 - - hadolint@2.12.1-beta + - hadolint@2.13.1 - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - mypy@1.17.1 - nancy@1.0.51 - - osv-scanner@2.2.1 + - osv-scanner@2.2.2 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.14.0 + - prisma@6.15.0 - pylint@3.3.8 - - renovate@41.82.4 + - renovate@41.96.1 - rubocop@1.39.0 - - ruff@0.12.10 + - ruff@0.12.11 - rustfmt@1.68.2 - - semgrep@1.132.1 + - semgrep@1.135.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - - sql-formatter@15.6.6 + - sql-formatter@15.6.7 - stylelint@16.23.1: packages: - stylelint-config-standard-scss@15.0.1 @@ -110,4 +110,4 @@ tools: - gh@2.78.0 - grpcui@1.4.3 - gt@1.6.8 - - trunk-analytics-cli@0.10.7 + - trunk-analytics-cli@0.10.9 From f8e0c69ea2918800dfdfd9767299205cd69f230a Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 09:06:59 -0400 Subject: [PATCH 155/176] Upgrade trunk (#264) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - renovate 41.96.1 → 41.97.5 - ruff 0.12.11 → 0.12.12 - sql-formatter 15.6.7 → 15.6.8 - trufflehog 3.90.5 → 3.90.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index bc9fb3c..437782d 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,15 +38,15 @@ lint: - prettier@3.6.2 - prisma@6.15.0 - pylint@3.3.8 - - renovate@41.96.1 + - renovate@41.97.5 - rubocop@1.39.0 - - ruff@0.12.11 + - ruff@0.12.12 - rustfmt@1.68.2 - semgrep@1.135.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - - sql-formatter@15.6.7 + - sql-formatter@15.6.8 - stylelint@16.23.1: packages: - stylelint-config-standard-scss@15.0.1 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.5 + - trufflehog@3.90.6 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From 5f11c2513d4ae045e091f32c78de57026d3a4ee8 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 12:57:13 -0400 Subject: [PATCH 156/176] Upgrade trunk (#265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - checkov 3.2.469 → 3.2.470 - prisma 6.15.0 → 6.16.0 - renovate 41.97.5 → 41.99.11 - ruff 0.12.12 → 0.13.0 - semgrep 1.135.0 → 1.136.0 - sql-formatter 15.6.8 → 15.6.9 - stylelint 16.23.1 → 16.24.0 - stylelint-config-standard-scss 15.0.1 → 16.0.0 2 tools were upgraded: - gh 2.78.0 → 2.79.0 - trunk-analytics-cli 0.10.9 → 0.10.10 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 437782d..3e5abe5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.1 - cfnlint@1.39.1 - - checkov@3.2.469 + - checkov@3.2.470 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,20 +36,20 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.15.0 + - prisma@6.16.0 - pylint@3.3.8 - - renovate@41.97.5 + - renovate@41.99.11 - rubocop@1.39.0 - - ruff@0.12.12 + - ruff@0.13.0 - rustfmt@1.68.2 - - semgrep@1.135.0 + - semgrep@1.136.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - - sql-formatter@15.6.8 - - stylelint@16.23.1: + - sql-formatter@15.6.9 + - stylelint@16.24.0: packages: - - stylelint-config-standard-scss@15.0.1 + - stylelint-config-standard-scss@16.0.0 - stylelint-config-clean-order@7.0.0 - svgo@4.0.0 - taplo@0.10.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.78.0 + - gh@2.79.0 - grpcui@1.4.3 - gt@1.6.8 - - trunk-analytics-cli@0.10.9 + - trunk-analytics-cli@0.10.10 From 5ac8e5c64c21a97390404a14f05445e96d45697b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 16:14:33 -0400 Subject: [PATCH 157/176] Bump github/codeql-action from 3.29.11 to 3.30.1 in the dependencies group (#263) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.11 to 3.30.1
Release notes

Sourced from github/codeql-action's releases.

v3.30.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #3077

See the full CHANGELOG.md for more information.

v3.30.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999
  • Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

... (truncated)

Commits
  • f1f6e5f Merge pull request #3081 from github/update-v3.30.1-2d2f57ed3
  • 5dd2164 Update changelog for v3.30.1
  • 2d2f57e Merge pull request #3079 from github/mbg/proxy/accept-git-source
  • b364f99 Merge pull request #3077 from github/update-bundle/codeql-bundle-v2.23.0
  • 5b8860a Merge branch 'main' into update-bundle/codeql-bundle-v2.23.0
  • 8fe8b24 Add git_source as supported registry type for Go
  • 6242bcb Allow multiple registry types in LANGUAGE_TO_REGISTRY_TYPE
  • dfb741d Merge pull request #3075 from github/mbg/remove-augmentation-properties
  • 920bba1 Add unit tests for createInitWithConfigStatusReport
  • 37ddb03 Add createInitWithConfigStatusReport function
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.11&new-version=3.30.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f0a4ab2..706f0f8 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 + uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 + uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 + uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 73d0a22..b71cf2e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 with: sarif_file: results.sarif From b9cbe8e5b60884f1959ffe2d5ff6545872ffb687 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 10:04:34 -0400 Subject: [PATCH 158/176] Upgrade trunk (#266) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - mypy 1.17.1 → 1.18.1 - prisma 6.16.0 → 6.16.1 - renovate 41.99.11 → 41.107.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 3e5abe5..03538bf 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -30,15 +30,15 @@ lint: - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - - mypy@1.17.1 + - mypy@1.18.1 - nancy@1.0.51 - osv-scanner@2.2.2 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.16.0 + - prisma@6.16.1 - pylint@3.3.8 - - renovate@41.99.11 + - renovate@41.107.0 - rubocop@1.39.0 - ruff@0.13.0 - rustfmt@1.68.2 From 7d84bfcd18bb6c7af2d5c99075501b080e3b21ec Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:18:18 -0400 Subject: [PATCH 159/176] Upgrade trunk (#267) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - checkov 3.2.470 → 3.2.471 - prisma 6.16.1 → 6.16.2 - renovate 41.107.0 → 41.116.7 2 tools were upgraded: - gt 1.6.8 → 1.7.0 - trunk-analytics-cli 0.10.10 → 0.10.11 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 03538bf..aaf015a 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -18,7 +18,7 @@ lint: - buf-lint@1.31.0! - buildifier@8.2.1 - cfnlint@1.39.1 - - checkov@3.2.470 + - checkov@3.2.471 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,9 +36,9 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.16.1 + - prisma@6.16.2 - pylint@3.3.8 - - renovate@41.107.0 + - renovate@41.116.7 - rubocop@1.39.0 - ruff@0.13.0 - rustfmt@1.68.2 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.79.0 - grpcui@1.4.3 - - gt@1.6.8 - - trunk-analytics-cli@0.10.10 + - gt@1.7.0 + - trunk-analytics-cli@0.10.11 From 5353d2e7e507b8718cca88fd42b18910e0791c3e Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 10:04:34 -0400 Subject: [PATCH 160/176] Upgrade trunk (#268) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 6 linters were upgraded: - black 25.1.0 → 25.9.0 - mypy 1.18.1 → 1.18.2 - renovate 41.116.7 → 41.118.1 - ruff 0.13.0 → 0.13.1 - semgrep 1.136.0 → 1.137.0 - trufflehog 3.90.6 → 3.90.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index aaf015a..973ef77 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -14,7 +14,7 @@ lint: enabled: - actionlint@1.7.7 - bandit@1.8.6 - - black@25.1.0 + - black@25.9.0 - buf-lint@1.31.0! - buildifier@8.2.1 - cfnlint@1.39.1 @@ -30,7 +30,7 @@ lint: - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - - mypy@1.18.1 + - mypy@1.18.2 - nancy@1.0.51 - osv-scanner@2.2.2 - oxipng@9.1.5 @@ -38,11 +38,11 @@ lint: - prettier@3.6.2 - prisma@6.16.2 - pylint@3.3.8 - - renovate@41.116.7 + - renovate@41.118.1 - rubocop@1.39.0 - - ruff@0.13.0 + - ruff@0.13.1 - rustfmt@1.68.2 - - semgrep@1.136.0 + - semgrep@1.137.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.6 + - trufflehog@3.90.8 - trunk-toolbox@0.5.4 - yamllint@1.37.1 From c20828fe2a316327e7fba31204df79704fbc96b3 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 10:12:23 -0400 Subject: [PATCH 161/176] Upgrade trunk (#269) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - hadolint 2.13.1 → 2.14.0 - nancy 1.0.51 → 1.0.52 - renovate 41.118.1 → 41.130.1 - semgrep 1.137.0 → 1.137.1 1 tool was upgraded: - gh 2.79.0 → 2.80.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 973ef77..e80d73d 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -26,23 +26,23 @@ lint: - git-diff-check - gofmt@1.20.4 - golangci-lint@1.64.8 - - hadolint@2.13.1 + - hadolint@2.14.0 - isort@6.0.1 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - mypy@1.18.2 - - nancy@1.0.51 + - nancy@1.0.52 - osv-scanner@2.2.2 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - prisma@6.16.2 - pylint@3.3.8 - - renovate@41.118.1 + - renovate@41.130.1 - rubocop@1.39.0 - ruff@0.13.1 - rustfmt@1.68.2 - - semgrep@1.137.0 + - semgrep@1.137.1 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.79.0 + - gh@2.80.0 - grpcui@1.4.3 - gt@1.7.0 - trunk-analytics-cli@0.10.11 From 78dc07fc791d8e6882d22587ecf4bab3d6b7ad66 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 11:19:05 -0400 Subject: [PATCH 162/176] Bump github/codeql-action from 3.30.3 to 3.30.5 in the dependencies group (#270) Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.30.3 to 3.30.5
Release notes

Sourced from github/codeql-action's releases.

v3.30.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

v3.30.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

... (truncated)

Commits
  • 3599b3b Merge pull request #3161 from github/update-v3.30.5-0a67bd46a
  • 2ca0085 Update changelog for v3.30.5
  • 0a67bd4 Merge pull request #3160 from github/mbg/fix/upload-sarif
  • 8e34f2f Add changelog
  • 0b7fc56 Fix upload-sarif not uploading non-.sarif files
  • 94a9b7a Merge pull request #3155 from github/mbg/node/no-install-in-actions
  • a0ae9ba Log what the script is doing
  • b27a8ef Exit if running in an Actions workflow
  • 6592567 Merge pull request #3139 from github/henrymercer/fix-log-message
  • fa64a7d Merge pull request #3154 from github/mbg/node/check-up-to-date-deps
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.3&new-version=3.30.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 706f0f8..fe49e0d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 + uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b71cf2e..a70cf5f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 + uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 with: sarif_file: results.sarif From fabc6c3bc615c2edc549042f73c0b3fa86b44008 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 11:19:56 -0400 Subject: [PATCH 163/176] Upgrade trunk (#271) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - renovate 41.130.1 → 41.131.4 - ruff 0.13.1 → 0.13.2 - semgrep 1.137.1 → 1.138.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index e80d73d..fb3691c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,11 +38,11 @@ lint: - prettier@3.6.2 - prisma@6.16.2 - pylint@3.3.8 - - renovate@41.130.1 + - renovate@41.131.4 - rubocop@1.39.0 - - ruff@0.13.1 + - ruff@0.13.2 - rustfmt@1.68.2 - - semgrep@1.137.1 + - semgrep@1.138.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 From f99f9465518cfb00ecca226b10996cccc88ed12c Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 09:33:06 -0400 Subject: [PATCH 164/176] Upgrade trunk (#272) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.39.1 → 1.40.0 - checkov 3.2.471 → 3.2.473 - isort 6.0.1 → 6.1.0 - osv-scanner 2.2.2 → 2.2.3 - prisma 6.16.2 → 6.16.3 - renovate 41.131.4 → 41.132.5 - ruff 0.13.2 → 0.13.3 - semgrep 1.138.0 → 1.139.0 - sql-formatter 15.6.9 → 15.6.10 2 tools were upgraded: - gh 2.80.0 → 2.81.0 - trunk-analytics-cli 0.10.11 → 0.11.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index fb3691c..b6bc7b8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.9.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.39.1 - - checkov@3.2.471 + - cfnlint@1.40.0 + - checkov@3.2.473 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -27,26 +27,26 @@ lint: - gofmt@1.20.4 - golangci-lint@1.64.8 - hadolint@2.14.0 - - isort@6.0.1 + - isort@6.1.0 - markdownlint@0.45.0 - markdown-link-check@3.13.7 - mypy@1.18.2 - nancy@1.0.52 - - osv-scanner@2.2.2 + - osv-scanner@2.2.3 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.16.2 + - prisma@6.16.3 - pylint@3.3.8 - - renovate@41.131.4 + - renovate@41.132.5 - rubocop@1.39.0 - - ruff@0.13.2 + - ruff@0.13.3 - rustfmt@1.68.2 - - semgrep@1.138.0 + - semgrep@1.139.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - - sql-formatter@15.6.9 + - sql-formatter@15.6.10 - stylelint@16.24.0: packages: - stylelint-config-standard-scss@16.0.0 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.80.0 + - gh@2.81.0 - grpcui@1.4.3 - gt@1.7.0 - - trunk-analytics-cli@0.10.11 + - trunk-analytics-cli@0.11.1 From 91a9d89667230ed31da364ad6208895a5cab3995 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 10:22:22 -0400 Subject: [PATCH 165/176] Upgrade trunk (#274) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 7 linters were upgraded: - cfnlint 1.40.0 → 1.40.1 - checkov 3.2.473 → 3.2.477 - prisma 6.16.3 → 6.17.0 - pylint 3.3.8 → 3.3.9 - renovate 41.132.5 → 41.143.2 - ruff 0.13.3 → 0.14.0 - stylelint 16.24.0 → 16.25.0 1 tool was upgraded: - trunk-analytics-cli 0.11.1 → 0.11.2 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index b6bc7b8..e6cb9ef 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.9.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.40.0 - - checkov@3.2.473 + - cfnlint@1.40.1 + - checkov@3.2.477 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -36,18 +36,18 @@ lint: - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.16.3 - - pylint@3.3.8 - - renovate@41.132.5 + - prisma@6.17.0 + - pylint@3.3.9 + - renovate@41.143.2 - rubocop@1.39.0 - - ruff@0.13.3 + - ruff@0.14.0 - rustfmt@1.68.2 - semgrep@1.139.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 - sql-formatter@15.6.10 - - stylelint@16.24.0: + - stylelint@16.25.0: packages: - stylelint-config-standard-scss@16.0.0 - stylelint-config-clean-order@7.0.0 @@ -110,4 +110,4 @@ tools: - gh@2.81.0 - grpcui@1.4.3 - gt@1.7.0 - - trunk-analytics-cli@0.11.1 + - trunk-analytics-cli@0.11.2 From 2d8712ed4828346e2e4b914db214daeef43886aa Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 19:12:22 -0400 Subject: [PATCH 166/176] Upgrade trunk (#275) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 1 linter was upgraded: - renovate 41.143.2 → 41.144.1 1 tool was upgraded: - gt 1.7.0 → 1.7.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index e6cb9ef..93f0202 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,7 +38,7 @@ lint: - prettier@3.6.2 - prisma@6.17.0 - pylint@3.3.9 - - renovate@41.143.2 + - renovate@41.144.1 - rubocop@1.39.0 - ruff@0.14.0 - rustfmt@1.68.2 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.81.0 - grpcui@1.4.3 - - gt@1.7.0 + - gt@1.7.1 - trunk-analytics-cli@0.11.2 From 02495bc2f4d1b29e105eb5e6c052fc6f3cf5a154 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 17 Oct 2025 09:34:42 -0400 Subject: [PATCH 167/176] Upgrade trunk (#276) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - actionlint 1.7.7 → 1.7.8 - cfnlint 1.40.1 → 1.40.2 - checkov 3.2.477 → 3.2.484 - isort 6.1.0 → 7.0.0 - markdown-link-check 3.13.7 → 3.14.1 - prisma 6.17.0 → 6.17.1 - pylint 3.3.9 → 4.0.1 - renovate 41.144.1 → 41.149.2 - trufflehog 3.90.8 → 3.90.11 3 tools were upgraded: - gh 2.81.0 → 2.82.0 - gt 1.7.1 → 1.7.2 - trunk-analytics-cli 0.11.2 → 0.11.4 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 93f0202..205bf52 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.7 + - actionlint@1.7.8 - bandit@1.8.6 - black@25.9.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.40.1 - - checkov@3.2.477 + - cfnlint@1.40.2 + - checkov@3.2.484 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -27,18 +27,18 @@ lint: - gofmt@1.20.4 - golangci-lint@1.64.8 - hadolint@2.14.0 - - isort@6.1.0 + - isort@7.0.0 - markdownlint@0.45.0 - - markdown-link-check@3.13.7 + - markdown-link-check@3.14.1 - mypy@1.18.2 - nancy@1.0.52 - osv-scanner@2.2.3 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.17.0 - - pylint@3.3.9 - - renovate@41.144.1 + - prisma@6.17.1 + - pylint@4.0.1 + - renovate@41.149.2 - rubocop@1.39.0 - ruff@0.14.0 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.8 + - trufflehog@3.90.11 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.81.0 + - gh@2.82.0 - grpcui@1.4.3 - - gt@1.7.1 - - trunk-analytics-cli@0.11.2 + - gt@1.7.2 + - trunk-analytics-cli@0.11.4 From e2334ecdb0523ba2387ea7abdd2920bc2160f5b2 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 10:19:32 -0400 Subject: [PATCH 168/176] Upgrade trunk (#277) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 3 linters were upgraded: - renovate 41.149.2 → 41.151.1 - ruff 0.14.0 → 0.14.1 - semgrep 1.139.0 → 1.140.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 205bf52..2e78dcf 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -38,11 +38,11 @@ lint: - prettier@3.6.2 - prisma@6.17.1 - pylint@4.0.1 - - renovate@41.149.2 + - renovate@41.151.1 - rubocop@1.39.0 - - ruff@0.14.0 + - ruff@0.14.1 - rustfmt@1.68.2 - - semgrep@1.139.0 + - semgrep@1.140.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 From 93c2fb96dff6767bfacfff1edd953b6b7832a298 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 08:54:50 -0500 Subject: [PATCH 169/176] Upgrade trunk (#278) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 9 linters were upgraded: - cfnlint 1.40.2 → 1.40.3 - checkov 3.2.484 → 3.2.489 - osv-scanner 2.2.3 → 2.2.4 - prisma 6.17.1 → 6.18.0 - pylint 4.0.1 → 4.0.2 - renovate 41.151.1 → 41.167.2 - ruff 0.14.1 → 0.14.3 - semgrep 1.140.0 → 1.142.0 - trufflehog 3.90.11 → 3.90.12 3 tools were upgraded: - gh 2.82.0 → 2.82.1 - gt 1.7.2 → 1.7.5 - trunk-analytics-cli 0.11.4 → 0.11.6 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 2e78dcf..a148708 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -17,8 +17,8 @@ lint: - black@25.9.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.40.2 - - checkov@3.2.484 + - cfnlint@1.40.3 + - checkov@3.2.489 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -32,17 +32,17 @@ lint: - markdown-link-check@3.14.1 - mypy@1.18.2 - nancy@1.0.52 - - osv-scanner@2.2.3 + - osv-scanner@2.2.4 - oxipng@9.1.5 - pragma-once - prettier@3.6.2 - - prisma@6.17.1 - - pylint@4.0.1 - - renovate@41.151.1 + - prisma@6.18.0 + - pylint@4.0.2 + - renovate@41.167.2 - rubocop@1.39.0 - - ruff@0.14.1 + - ruff@0.14.3 - rustfmt@1.68.2 - - semgrep@1.140.0 + - semgrep@1.142.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.4.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.1 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.11 + - trufflehog@3.90.12 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.82.0 + - gh@2.82.1 - grpcui@1.4.3 - - gt@1.7.2 - - trunk-analytics-cli@0.11.4 + - gt@1.7.5 + - trunk-analytics-cli@0.11.6 From fdca3ba880a0545a81004349fc4d7e972e3bbc89 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 10:14:50 -0500 Subject: [PATCH 170/176] Upgrade trunk (#280) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 20 linters were upgraded: - actionlint 1.7.8 → 1.7.9 - bandit 1.8.6 → 1.9.2 - black 25.9.0 → 25.11.0 - cfnlint 1.40.3 → 1.42.0 - checkov 3.2.489 → 3.2.495 - golangci-lint 1.64.8 → 2.7.1 - markdown-link-check 3.14.1 → 3.14.2 - markdownlint 0.45.0 → 0.46.0 - mypy 1.18.2 → 1.19.0 - osv-scanner 2.2.4 → 2.3.0 - prettier 3.6.2 → 3.7.4 - prisma 6.18.0 → 7.1.0 - pylint 4.0.2 → 4.0.4 - renovate 41.167.2 → 42.37.1 - ruff 0.14.3 → 0.14.8 - semgrep 1.142.0 → 1.144.1 - sort-package-json 3.4.0 → 3.5.0 - stylelint 16.25.0 → 16.26.1 - stylelint-config-clean-order 7.0.0 → 8.0.0 - terrascan 1.19.1 → 1.19.9 - trufflehog 3.90.12 → 3.91.2 3 tools were upgraded: - gh 2.82.1 → 2.83.1 - gt 1.7.5 → 1.7.10 - trunk-analytics-cli 0.11.6 → 0.11.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index a148708..c2560ea 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,51 +12,51 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.8 - - bandit@1.8.6 - - black@25.9.0 + - actionlint@1.7.9 + - bandit@1.9.2 + - black@25.11.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.40.3 - - checkov@3.2.489 + - cfnlint@1.42.0 + - checkov@3.2.495 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.64.8 + - golangci-lint@2.7.1 - hadolint@2.14.0 - isort@7.0.0 - - markdownlint@0.45.0 - - markdown-link-check@3.14.1 - - mypy@1.18.2 + - markdownlint@0.46.0 + - markdown-link-check@3.14.2 + - mypy@1.19.0 - nancy@1.0.52 - - osv-scanner@2.2.4 + - osv-scanner@2.3.0 - oxipng@9.1.5 - pragma-once - - prettier@3.6.2 - - prisma@6.18.0 - - pylint@4.0.2 - - renovate@41.167.2 + - prettier@3.7.4 + - prisma@7.1.0 + - pylint@4.0.4 + - renovate@42.37.1 - rubocop@1.39.0 - - ruff@0.14.3 + - ruff@0.14.8 - rustfmt@1.68.2 - - semgrep@1.142.0 + - semgrep@1.144.1 - shellcheck@0.11.0 - shfmt@3.6.0 - - sort-package-json@3.4.0 + - sort-package-json@3.5.0 - sql-formatter@15.6.10 - - stylelint@16.25.0: + - stylelint@16.26.1: packages: - stylelint-config-standard-scss@16.0.0 - - stylelint-config-clean-order@7.0.0 + - stylelint-config-clean-order@8.0.0 - svgo@4.0.0 - taplo@0.10.0 - - terrascan@1.19.1 + - terrascan@1.19.9 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.90.12 + - trufflehog@3.91.2 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.82.1 + - gh@2.83.1 - grpcui@1.4.3 - - gt@1.7.5 - - trunk-analytics-cli@0.11.6 + - gt@1.7.10 + - trunk-analytics-cli@0.11.8 From f8543b1636734c1cbbf56de2cb72493f39b1b0cb Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 10:30:52 -0500 Subject: [PATCH 171/176] Upgrade trunk (#282) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 14 linters were upgraded: - black 25.11.0 → 25.12.0 - cfnlint 1.42.0 → 1.43.1 - golangci-lint 2.7.1 → 2.7.2 - markdownlint 0.46.0 → 0.47.0 - mypy 1.19.0 → 1.19.1 - osv-scanner 2.3.0 → 2.3.1 - oxipng 9.1.5 → 10.0.0 - prisma 7.1.0 → 7.2.0 - renovate 42.37.1 → 42.64.1 - ruff 0.14.8 → 0.14.10 - semgrep 1.144.1 → 1.146.0 - sort-package-json 3.5.0 → 3.6.0 - sql-formatter 15.6.10 → 15.6.12 - trufflehog 3.91.2 → 3.92.3 3 tools were upgraded: - gh 2.83.1 → 2.83.2 - gt 1.7.10 → 1.7.13 - trunk-analytics-cli 0.11.8 → 0.12.0 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index c2560ea..c9a9a4f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -14,10 +14,10 @@ lint: enabled: - actionlint@1.7.9 - bandit@1.9.2 - - black@25.11.0 + - black@25.12.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.42.0 + - cfnlint@1.43.1 - checkov@3.2.495 - clang-format@17.0.1 - clang-tidy@17.0.1 @@ -25,28 +25,28 @@ lint: - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@2.7.1 + - golangci-lint@2.7.2 - hadolint@2.14.0 - isort@7.0.0 - - markdownlint@0.46.0 + - markdownlint@0.47.0 - markdown-link-check@3.14.2 - - mypy@1.19.0 + - mypy@1.19.1 - nancy@1.0.52 - - osv-scanner@2.3.0 - - oxipng@9.1.5 + - osv-scanner@2.3.1 + - oxipng@10.0.0 - pragma-once - prettier@3.7.4 - - prisma@7.1.0 + - prisma@7.2.0 - pylint@4.0.4 - - renovate@42.37.1 + - renovate@42.64.1 - rubocop@1.39.0 - - ruff@0.14.8 + - ruff@0.14.10 - rustfmt@1.68.2 - - semgrep@1.144.1 + - semgrep@1.146.0 - shellcheck@0.11.0 - shfmt@3.6.0 - - sort-package-json@3.5.0 - - sql-formatter@15.6.10 + - sort-package-json@3.6.0 + - sql-formatter@15.6.12 - stylelint@16.26.1: packages: - stylelint-config-standard-scss@16.0.0 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.9 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.91.2 + - trufflehog@3.92.3 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk flakytests ${semver} enabled: - - gh@2.83.1 + - gh@2.83.2 - grpcui@1.4.3 - - gt@1.7.10 - - trunk-analytics-cli@0.11.8 + - gt@1.7.13 + - trunk-analytics-cli@0.12.0 From 637369f1ab233f72f09ae61b094551596d078e48 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Sun, 4 Jan 2026 22:13:18 -0500 Subject: [PATCH 172/176] Upgrade trunk (#283) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 4 linters were upgraded: - actionlint 1.7.9 → 1.7.10 - checkov 3.2.495 → 3.2.497 - renovate 42.64.1 → 42.69.2 - trufflehog 3.92.3 → 3.92.4 2 tools were upgraded: - gt 1.7.13 → 1.7.14 - trunk-analytics-cli 0.12.0 → 0.12.1 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index c9a9a4f..01633c8 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,13 +12,13 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.9 + - actionlint@1.7.10 - bandit@1.9.2 - black@25.12.0 - buf-lint@1.31.0! - buildifier@8.2.1 - cfnlint@1.43.1 - - checkov@3.2.495 + - checkov@3.2.497 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -38,7 +38,7 @@ lint: - prettier@3.7.4 - prisma@7.2.0 - pylint@4.0.4 - - renovate@42.64.1 + - renovate@42.69.2 - rubocop@1.39.0 - ruff@0.14.10 - rustfmt@1.68.2 @@ -56,7 +56,7 @@ lint: - terrascan@1.19.9 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.92.3 + - trufflehog@3.92.4 - trunk-toolbox@0.5.4 - yamllint@1.37.1 @@ -109,5 +109,5 @@ tools: enabled: - gh@2.83.2 - grpcui@1.4.3 - - gt@1.7.13 - - trunk-analytics-cli@0.12.0 + - gt@1.7.14 + - trunk-analytics-cli@0.12.1 From 52c55b2574b3496e074ccb88528a97cd3865d458 Mon Sep 17 00:00:00 2001 From: Eli Schleifer <1265982+EliSchleifer@users.noreply.github.com> Date: Sat, 7 Mar 2026 12:29:13 -0800 Subject: [PATCH 173/176] Rev major versions of tools (#285) --- .trunk/trunk.yaml | 2 +- plugin.yaml | 38 +++++++++++++++++++------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index b1e5af6..da500b4 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,6 +1,6 @@ version: 0.1 cli: - version: 1.24.0 + version: 1.25.0 plugins: sources: - id: trunk diff --git a/plugin.yaml b/plugin.yaml index 01633c8..1d2e5d2 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -13,12 +13,12 @@ lint: # By sourcing this plugin, repos will enable these linters enabled: - actionlint@1.7.10 - - bandit@1.9.2 - - black@25.12.0 + - bandit@1.9.4 + - black@26.3.0 - buf-lint@1.31.0! - buildifier@8.2.1 - - cfnlint@1.43.1 - - checkov@3.2.497 + - cfnlint@1.46.0 + - checkov@3.2.507 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 @@ -27,38 +27,38 @@ lint: - gofmt@1.20.4 - golangci-lint@2.7.2 - hadolint@2.14.0 - - isort@7.0.0 - - markdownlint@0.47.0 + - isort@8.0.1 + - markdownlint@0.48.0 - markdown-link-check@3.14.2 - mypy@1.19.1 - nancy@1.0.52 - osv-scanner@2.3.1 - oxipng@10.0.0 - pragma-once - - prettier@3.7.4 - - prisma@7.2.0 - - pylint@4.0.4 - - renovate@42.69.2 + - prettier@3.8.1 + - prisma@7.4.2 + - pylint@4.0.5 + - renovate@43.59.2 - rubocop@1.39.0 - - ruff@0.14.10 + - ruff@0.15.5 - rustfmt@1.68.2 - - semgrep@1.146.0 + - semgrep@1.154.0 - shellcheck@0.11.0 - shfmt@3.6.0 - - sort-package-json@3.6.0 - - sql-formatter@15.6.12 - - stylelint@16.26.1: + - sort-package-json@3.6.1 + - sql-formatter@15.7.2 + - stylelint@17.4.0: packages: - - stylelint-config-standard-scss@16.0.0 - - stylelint-config-clean-order@8.0.0 - - svgo@4.0.0 + - stylelint-config-standard-scss@17.0.0 + - stylelint-config-clean-order@8.0.1 + - svgo@4.0.1 - taplo@0.10.0 - terrascan@1.19.9 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - trufflehog@3.92.4 - trunk-toolbox@0.5.4 - - yamllint@1.37.1 + - yamllint@1.38.0 # Sourcing repos will have these configs available to applicable linters exported_configs: From b1d1e46f23f9e00c31eb3a31793664364a5191c0 Mon Sep 17 00:00:00 2001 From: Eli Schleifer <1265982+EliSchleifer@users.noreply.github.com> Date: Sat, 7 Mar 2026 13:02:11 -0800 Subject: [PATCH 174/176] Update plugin.yaml --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1d2e5d2..00b03f5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -101,7 +101,7 @@ tools: definitions: - name: trunk-analytics-cli download: trunk-analytics-cli - known_good_version: 0.8.1 + known_good_version: 0.12.5 shims: [trunk-analytics-cli] health_checks: - command: trunk-analytics-cli --version @@ -110,4 +110,4 @@ tools: - gh@2.83.2 - grpcui@1.4.3 - gt@1.7.14 - - trunk-analytics-cli@0.12.1 + - trunk-analytics-cli@0.12.5 From e9cf897887c3e72e76db2df12a1f3144c394b295 Mon Sep 17 00:00:00 2001 From: Eli Schleifer <1265982+EliSchleifer@users.noreply.github.com> Date: Sat, 7 Mar 2026 13:20:23 -0800 Subject: [PATCH 175/176] Fix broken trunk-analytics-cli (#286) - Fix broken trunk-analytics-cli definition - upgrade to latest golangci-lint2 --- plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 00b03f5..eafbe8f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -25,7 +25,7 @@ lint: - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@2.7.2 + - golangci-lint2@2.0.0 - hadolint@2.14.0 - isort@8.0.1 - markdownlint@0.48.0 @@ -105,7 +105,7 @@ tools: shims: [trunk-analytics-cli] health_checks: - command: trunk-analytics-cli --version - parse_regex: trunk flakytests ${semver} + parse_regex: trunk-analytics-cli ${semver} enabled: - gh@2.83.2 - grpcui@1.4.3 From bd631b9ab3ce012bad2c2d57cb8813691d27d110 Mon Sep 17 00:00:00 2001 From: "trunk-open-pr-bot[bot]" <131314627+trunk-open-pr-bot[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:08:22 -0400 Subject: [PATCH 176/176] Upgrade trunk (#284) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Trunk](https://static.trunk.io/assets/trunk_action_upgrade_banner.png)](https://trunk.io) 19 linters were upgraded: - actionlint 1.7.10 → 1.7.12 - black 26.3.0 → 26.3.1 - buildifier 8.2.1 → 8.5.1 - cfnlint 1.46.0 → 1.49.3 - checkov 3.2.507 → 3.2.525 - golangci-lint2 2.0.0 → 2.11.4 - mypy 1.19.1 → 1.20.2 - nancy 1.0.52 → 1.2.0 - osv-scanner 2.3.1 → 2.3.5 - oxipng 10.0.0 → 10.1.1 - prettier 3.8.1 → 3.8.3 - prisma 7.4.2 → 7.8.0 - renovate 43.59.2 → 43.142.0 - ruff 0.15.5 → 0.15.12 - semgrep 1.154.0 → 1.161.0 - sql-formatter 15.7.2 → 15.7.3 - stylelint 17.4.0 → 17.9.0 - trufflehog 3.92.4 → 3.95.2 - trunk-toolbox 0.5.4 → 0.7.0 3 tools were upgraded: - gh 2.83.2 → 2.91.0 - gt 1.7.14 → 1.8.5 - trunk-analytics-cli 0.12.5 → 0.12.8 This PR was generated by the [Trunk Action]. For more info, see our [docs] or reach out on [Slack]. [Trunk Action]: https://github.com/trunk-io/trunk-action [docs]: https://docs.trunk.io [Slack]: https://slack.trunk.io/ Co-authored-by: TylerJang27 <42743566+TylerJang27@users.noreply.github.com> --- plugin.yaml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index eafbe8f..2b2f9ce 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -12,42 +12,42 @@ runtimes: lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.10 + - actionlint@1.7.12 - bandit@1.9.4 - - black@26.3.0 + - black@26.3.1 - buf-lint@1.31.0! - - buildifier@8.2.1 - - cfnlint@1.46.0 - - checkov@3.2.507 + - buildifier@8.5.1 + - cfnlint@1.49.3 + - checkov@3.2.525 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint2@2.0.0 + - golangci-lint2@2.11.4 - hadolint@2.14.0 - isort@8.0.1 - markdownlint@0.48.0 - markdown-link-check@3.14.2 - - mypy@1.19.1 - - nancy@1.0.52 - - osv-scanner@2.3.1 - - oxipng@10.0.0 + - mypy@1.20.2 + - nancy@1.2.0 + - osv-scanner@2.3.5 + - oxipng@10.1.1 - pragma-once - - prettier@3.8.1 - - prisma@7.4.2 + - prettier@3.8.3 + - prisma@7.8.0 - pylint@4.0.5 - - renovate@43.59.2 + - renovate@43.142.0 - rubocop@1.39.0 - - ruff@0.15.5 + - ruff@0.15.12 - rustfmt@1.68.2 - - semgrep@1.154.0 + - semgrep@1.161.0 - shellcheck@0.11.0 - shfmt@3.6.0 - sort-package-json@3.6.1 - - sql-formatter@15.7.2 - - stylelint@17.4.0: + - sql-formatter@15.7.3 + - stylelint@17.9.0: packages: - stylelint-config-standard-scss@17.0.0 - stylelint-config-clean-order@8.0.1 @@ -56,8 +56,8 @@ lint: - terrascan@1.19.9 # Disabled until filesystem scanner initialize error resolved. # - trivy@0.54.1 - - trufflehog@3.92.4 - - trunk-toolbox@0.5.4 + - trufflehog@3.95.2 + - trunk-toolbox@0.7.0 - yamllint@1.38.0 # Sourcing repos will have these configs available to applicable linters @@ -107,7 +107,7 @@ tools: - command: trunk-analytics-cli --version parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.83.2 + - gh@2.91.0 - grpcui@1.4.3 - - gt@1.7.14 - - trunk-analytics-cli@0.12.5 + - gt@1.8.5 + - trunk-analytics-cli@0.12.8