Bumps the github-actions group with 4 updates:step-security/harden-runner,crate-ci/typos,tj-actions/changed-files andgithub/codeql-action.
Updatesstep-security/harden-runner from 2.10.2 to 2.10.4
Release notes
Sourced fromstep-security/harden-runner's releases.
v2.10.4
What's Changed
Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.
Full Changelog:step-security/harden-runner@v2...v2.10.4
v2.10.3
What's Changed
Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.
Full Changelog:step-security/harden-runner@v2...v2.10.3
Commits
Updatescrate-ci/typos from 1.28.3 to 1.29.4
Release notes
Sourced fromcrate-ci/typos's releases.
v1.29.4
[1.29.4] - 2025-01-03
v1.29.3
[1.29.3] - 2025-01-02
v1.29.1
[1.29.1] - 2025-01-02
Fixes
v1.29.0
[1.29.0] - 2024-12-31
Features
Performance
- Sped up dictionary lookups
v1.28.4
[1.28.4] - 2024-12-16
Features
Changelog
Sourced fromcrate-ci/typos's changelog.
Change Log
All notable changes to this project will be documented in this file.
The format is based onKeep a Changelogand this project adheres toSemantic Versioning.
[Unreleased] - ReleaseDate
[1.29.4] - 2025-01-03
[1.29.3] - 2025-01-02
[1.29.2] - 2025-01-02
[1.29.1] - 2025-01-02
Fixes
[1.29.0] - 2024-12-31
Features
Performance
- Sped up dictionary lookups
[1.28.4] - 2024-12-16
Features
[1.28.3] - 2024-12-12
Fixes
- Correct
imlementations,includs,qurorum,transatctions,trasnactions,validasted,vview
[1.28.2] - 2024-12-02
Fixes
- Don't correct
parametrize variants
[1.28.1] - 2024-11-26
... (truncated)
Commits
Updatestj-actions/changed-files from 45.0.5 to 45.0.6
Release notes
Sourced fromtj-actions/changed-files's releases.
v45.0.6
What's Changed
Full Changelog:tj-actions/changed-files@v45...v45.0.6
Changelog
Sourced fromtj-actions/changed-files's changelog.
Changelog
45.0.6 - (2025-01-03)
🐛 Bug Fixes
- deps: Update dependency yaml to v2.7.0 (#2383) (5f974c2) - (renovate[bot])
⚙️ Miscellaneous Tasks
- deps: Update dependency
@types/lodash to v4.17.14 (#2388) (d6e91a2) - (renovate[bot]) - deps: Update dependency
@types/node to v22.10.5 (#2387) (73401cd) - (renovate[bot]) - deps: Update dependency
@types/node to v22.10.4 (#2386) (7f28b2b) - (renovate[bot]) - deps: Update dependency
@types/node to v22.10.3 (#2385) (c1f82ce) - (renovate[bot]) - deps: Lock file maintenance (#2382) (bb364ec) - (renovate[bot])
- deps: Update peter-evans/create-pull-request action to v7.0.6 (#2380) (7ac5902) - (renovate[bot])
- deps: Lock file maintenance (#2379) (7c5097f) - (renovate[bot])
- deps: Update dependency eslint-plugin-jest to v28.10.0 (#2378) (37dc9a5) - (renovate[bot])
- deps: Lock file maintenance (#2377) (515a6b3) - (renovate[bot])
- deps: Update dependency
@types/node to v22.10.2 (#2376) (ac47125) - (renovate[bot]) - deps: Lock file maintenance (#2375) (ef3b6f1) - (renovate[bot])
⬆️ Upgrades
- Upgraded to v45.0.5 (#2374)
Co-authored-by: jackton117484350+jackton1@users.noreply.github.com (8082fbc) - (tj-actions[bot])
45.0.5 - (2024-12-05)
⚙️ Miscellaneous Tasks
- deps: Update dependency eslint-plugin-github to v5.1.4 (#2372) (bab30c2) - (renovate[bot])
- deps: Update dependency prettier to v3.4.2 (#2370) (657a3f9) - (renovate[bot])
- deps: Lock file maintenance (#2369) (05f0aba) - (renovate[bot])
- deps: Update dependency
@types/node to v22.10.1 (#2368) (4623961) - (renovate[bot]) - deps: Update dependency eslint-plugin-github to v5.1.3 (#2367) (c19a7eb) - (renovate[bot])
- deps: Update dependency prettier to v3.4.1 (#2366) (c288441) - (renovate[bot])
- deps: Update dependency prettier to v3.4.0 (#2365) (1d6ea46) - (renovate[bot])
- deps: Update dependency
@types/node to v22.10.0 (#2364) (02b41f5) - (renovate[bot]) - deps: Update dependency
@types/node to v22.9.4 (#2361) (b4a4dca) - (renovate[bot]) - deps: Lock file maintenance (#2360) (602aacf) - (renovate[bot])
- deps: Update dependency
@types/node to v22.9.3 (#2359) (51290e0) - (renovate[bot]) - deps: Update dependency
@types/node to v22.9.2 (#2358) (b4badd8) - (renovate[bot]) - deps: Update dependency typescript to v5.7.2 (#2357) (652b4c0) - (renovate[bot])
- deps-dev: Bump eslint-plugin-github from 5.0.2 to 5.1.1 (#2356) (0b7a421) - (dependabot[bot])
- deps: Bump yaml from 2.6.0 to 2.6.1 (#2353) (b26581a) - (dependabot[bot])
- deps: Update dependency
@types/node to v22.9.1 (#2352) (43e6b45) - (renovate[bot]) - deps: Lock file maintenance (#2349) (fe1bc0e) - (renovate[bot])
- deps: Update dependency
@vercel/ncc to v0.38.3 (#2348) (d7917c6) - (renovate[bot])
... (truncated)
Commits
d6e91a2 chore(deps): update dependency@types/lodash to v4.17.14 (#2388)73401cd chore(deps): update dependency@types/node to v22.10.5 (#2387)7f28b2b chore(deps): update dependency@types/node to v22.10.4 (#2386)c1f82ce chore(deps): update dependency@types/node to v22.10.3 (#2385)5f974c2 fix(deps): update dependency yaml to v2.7.0 (#2383)bb364ec chore(deps): lock file maintenance (#2382)7ac5902 chore(deps): update peter-evans/create-pull-request action to v7.0.6 (#2380)7c5097f chore(deps): lock file maintenance (#2379)37dc9a5 chore(deps): update dependency eslint-plugin-jest to v28.10.0 (#2378)515a6b3 chore(deps): lock file maintenance (#2377)- Additional commits viewable incompare view
Updatesgithub/codeql-action from 3.27.9 to 3.28.1
Release notes
Sourced fromgithub/codeql-action's releases.
v3.28.1
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
3.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, seethis changelog post.#2677
- Update default CodeQL bundle version to 2.20.1.#2678
See the fullCHANGELOG.md for more information.
v3.28.0
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference betweenv2 andv3 of the CodeQL Action is the node version they support, withv3 running on node 20 while we continue to releasev2 to support running on node 16. For example3.22.11 was the firstv3 release and is functionally identical to2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
3.28.0 - 20 Dec 2024
- Bump the minimum CodeQL bundle version to 2.15.5.#2655
- Don't fail in the unusual case that a file is on the search path.#2660.
See the fullCHANGELOG.md for more information.
Changelog
Sourced fromgithub/codeql-action's changelog.
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
3.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, seethis changelog post.#2677
- Update default CodeQL bundle version to 2.20.1.#2678
3.28.0 - 20 Dec 2024
- Bump the minimum CodeQL bundle version to 2.15.5.#2655
- Don't fail in the unusual case that a file is on the search path.#2660.
3.27.9 - 12 Dec 2024
No user facing changes.
3.27.8 - 12 Dec 2024
- Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings.#2624
3.27.7 - 10 Dec 2024
- We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance.#2631
- Update default CodeQL bundle version to 2.20.0.#2636
3.27.6 - 03 Dec 2024
- Update default CodeQL bundle version to 2.19.4.#2626
3.27.5 - 19 Nov 2024
No user facing changes.
3.27.4 - 14 Nov 2024
No user facing changes.
3.27.3 - 12 Nov 2024
No user facing changes.
3.27.2 - 12 Nov 2024
- Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'".#2590
... (truncated)
Commits
b6a472f Merge pull request#2681 from github/update-v3.28.1-ea6acbfeabb999b4 Update changelog for v3.28.1ea6acbf Merge pull request#2677 from github/angelapwen/deprecate-action-v24df151e Merge branch 'main' into angelapwen/deprecate-action-v2a05a7eb Fix PR number in changenote8d2753b Add public changelog blog post linke83e0a4 Merge pull request#2673 from github/dependabot/npm_and_yarn/npm-877f465710b7ff308 Merge pull request#2678 from github/update-bundle/codeql-bundle-v2.20.11aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1fb65b6c Merge pull request#2672 from github/mbg/start-proxy/include-type-in-urls-output- Additional commits viewable incompare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 4 updates:step-security/harden-runner,crate-ci/typos,tj-actions/changed-files andgithub/codeql-action.
Updates
step-security/harden-runnerfrom 2.10.2 to 2.10.4Release notes
Sourced fromstep-security/harden-runner's releases.
Commits
cb605e5Merge pull request#496 from step-security/fix-enobufs61144ddUpdate log statementb8be370Add try catch block6f6fa07Fix ENOBUFS issue18f6947Merge pull request#495 from AkhigbeEromo/Update-README81f844eEdit docs4c766deMerge branch 'Update-README' ofhttps://github.com/AkhigbeEromo/harden-runner...c9c5f32Handle Ashish reviews2877824Merge branch 'main' into Update-READMEbe87de0Clean upUpdates
crate-ci/typosfrom 1.28.3 to 1.29.4Release notes
Sourced fromcrate-ci/typos's releases.
Changelog
Sourced fromcrate-ci/typos's changelog.
... (truncated)
Commits
685eb3dchore: Release3691d7fMerge pull request#1211 from epage/unicase5271a5fchore: Update unicase199661aMerge pull request#1209 from epage/schema744820ffeat(config): Provide JSON Schema for config752bd03chore: Release3828d07chore: Release49e4688chore: Remove benches from .crates2272ce8Merge pull request#1208 from epage/updateb00d89bchore(deps): Update compatibleUpdates
tj-actions/changed-filesfrom 45.0.5 to 45.0.6Release notes
Sourced fromtj-actions/changed-files's releases.
Changelog
Sourced fromtj-actions/changed-files's changelog.
... (truncated)
Commits
d6e91a2chore(deps): update dependency@types/lodashto v4.17.14 (#2388)73401cdchore(deps): update dependency@types/nodeto v22.10.5 (#2387)7f28b2bchore(deps): update dependency@types/nodeto v22.10.4 (#2386)c1f82cechore(deps): update dependency@types/nodeto v22.10.3 (#2385)5f974c2fix(deps): update dependency yaml to v2.7.0 (#2383)bb364ecchore(deps): lock file maintenance (#2382)7ac5902chore(deps): update peter-evans/create-pull-request action to v7.0.6 (#2380)7c5097fchore(deps): lock file maintenance (#2379)37dc9a5chore(deps): update dependency eslint-plugin-jest to v28.10.0 (#2378)515a6b3chore(deps): lock file maintenance (#2377)Updates
github/codeql-actionfrom 3.27.9 to 3.28.1Release notes
Sourced fromgithub/codeql-action's releases.
Changelog
Sourced fromgithub/codeql-action's changelog.
... (truncated)
Commits
b6a472fMerge pull request#2681 from github/update-v3.28.1-ea6acbfeabb999b4Update changelog for v3.28.1ea6acbfMerge pull request#2677 from github/angelapwen/deprecate-action-v24df151eMerge branch 'main' into angelapwen/deprecate-action-v2a05a7ebFix PR number in changenote8d2753bAdd public changelog blog post linke83e0a4Merge pull request#2673 from github/dependabot/npm_and_yarn/npm-877f465710b7ff308Merge pull request#2678 from github/update-bundle/codeql-bundle-v2.20.11aa16c2Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1fb65b6cMerge pull request#2672 from github/mbg/start-proxy/include-type-in-urls-outputDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions