build(deps): bump the github-actions group with 3 updates#154
build(deps): bump the github-actions group with 3 updates#154dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the github-actions group with 3 updates: [github/codeql-action/init](https://github.com/github/codeql-action), [github/codeql-action/analyze](https://github.com/github/codeql-action) and [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog). Updates `github/codeql-action/init` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) Updates `trufflesecurity/trufflehog` from 3.95.6 to 3.95.8 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.6...v3.95.8) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 12:12 PM ET / 16:12 UTC. Summary Reproducibility: not applicable. this is a dependency maintenance PR, not a bug report. The relevant validation is that CI, CodeQL, and secret-scan check runs passed on the updated PR head. Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Next step before merge
Security Review detailsBest possible solution: Merge through the normal Dependabot and security-codeowner path once maintainers are satisfied with the successful workflow checks. Do we have a high-confidence way to reproduce the issue? Not applicable; this is a dependency maintenance PR, not a bug report. The relevant validation is that CI, CodeQL, and secret-scan check runs passed on the updated PR head. Is this the best way to solve the issue? Yes; for this Dependabot PR, changing only the existing action refs is the narrow maintainable solution, and no duplicate or already-implemented path was found on current main. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 140b0ac6ac19. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
Bumps the github-actions group with 3 updates: github/codeql-action/init, github/codeql-action/analyze and trufflesecurity/trufflehog.
Updates
github/codeql-action/initfrom 4.36.2 to 4.36.3Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsUpdates
github/codeql-action/analyzefrom 4.36.2 to 4.36.3Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsUpdates
trufflesecurity/trufflehogfrom 3.95.6 to 3.95.8Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
00155c9Include encoded resume info instead of clobbering it (#5110)4d3a66ffixed syntax error (#5109)797f02b[INS-334] Octopus Deploy detector (#4787)7f04a89[INS-465] Skip unverified JWT Detector results when feature flag is enabled (...459d5a7Add prometheus metrics for engine channels and workers (#5095)f38f8f7fix(azuresastoken): match SAS tokens regardless of parameter order (#5043)6261f5cremoved "unauthorized" as exception for rotated graphana secrets (#5068)f446421[INS-407] Fixed AWS detector producing non deterministic output (#4836)885fa2d[INS-197] Add redhatpyxis api key detector (#4995)c09d726[INS-497] Add Pganalyze Read Key Detector (#4993)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions