Bumps the actions group with 3 updates:actions/checkout,github/codeql-action andreviewdog/action-setup.
Updatesactions/checkout from 5.0.0 to 6.0.0
Release notes
Sourced fromactions/checkout's releases.
v6.0.0
What's Changed
Full Changelog:actions/checkout@v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under$RUNNER_TEMP instead of directly in the local git config.
This requires a minimum Actions Runner version ofv2.329.0 to access the persisted credentials forDocker container action scenarios.
v5.0.1
What's Changed
Full Changelog:actions/checkout@v5...v5.0.1
Changelog
Sourced fromactions/checkout's changelog.
Changelog
V6.0.0
V5.0.1
V5.0.0
V4.3.1
V4.3.0
v4.2.2
v4.2.1
v4.2.0
v4.1.7
v4.1.6
v4.1.5
... (truncated)
Commits
Updatesgithub/codeql-action from 4.31.2 to 4.31.4
Release notes
Sourced fromgithub/codeql-action's releases.
v4.31.4
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the fullCHANGELOG.md for more information.
v4.31.3
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, seeUpcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5.#3288
See the fullCHANGELOG.md for more information.
Changelog
Sourced fromgithub/codeql-action's changelog.
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, seeUpcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5.#3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippets input has been removed from theanalyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.
4.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6.#3223
- When SARIF files are uploaded by the
analyze orupload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarif action. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalways for theupload input.#3222
4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3.#3205
- Experimental: A new
setup-codeql action has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time.#3204
4.30.8 - 10 Oct 2025
No user facing changes.
4.30.7 - 06 Oct 2025
- [v4+ only] The CodeQL Action now runs on Node.js v24.#3169
3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2.#3168
3.30.5 - 26 Sep 2025
- We fixed a bug that was introduced in
3.30.4 withupload-sarif which resulted in files without a.sarif extension not getting uploaded.#3160
... (truncated)
Commits
e12f017 Merge pull request#3312 from github/update-v4.31.4-70434f6ddc9cb6f9 Update changelog for v4.31.470434f6 Merge pull request#3311 from github/mbg/deps/bump-glob528362a Bumpglob to at least11.1.0de12435 Merge pull request#3308 from github/mbg/pr-template/nov25ffa63f0 Merge pull request#3307 from github/dependabot/github_actions/dot-github/wor...7bcdb4b Add additional options to PR template and clarify some07eae64 Merge pull request#3303 from github/mario-campos/v3-core-warninge546fff Rebuildc418a0f Bump ruby/setup-ruby- Additional commits viewable incompare view
Updatesreviewdog/action-setup from 1.4.0 to 1.5.0
Release notes
Sourced fromreviewdog/action-setup's releases.
Release v1.5.0
What's Changed
Full Changelog:reviewdog/action-setup@v1.4.0...v1.5.0
Commits
d8a7baa Merge pull request#74 from reviewdog/depup/reviewdogb041f0d Merge pull request#75 from reviewdog/renovate/reviewdog-action-misspell-1.x05dc1a3 Merge pull request#73 from reviewdog/renovate/chainguard-dev-actions-digestf2ffb34 Merge pull request#68 from reviewdog/renovate/reviewdog-action-shellcheck-1.x28695c5 Merge pull request#67 from reviewdog/renovate/reviewdog-action-actionlint-1.x65d14e0 chore(deps): update reviewdog/action-misspell action to v1.27.0f3a4e22 Merge pull request#64 from reviewdog/renovate/haya14busa-action-bumpr-1.xf257542 chore(deps): update reviewdog/action-actionlint action to v1.68.078083cb chore(deps): update chainguard-dev/actions digest to 4aa34020eb086b Merge pull request#76 from reviewdog/renovate/actions-checkout-5.x- Additional commits viewable incompare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Uh oh!
There was an error while loading.Please reload this page.
Bumps the actions group with 3 updates:actions/checkout,github/codeql-action andreviewdog/action-setup.
Updates
actions/checkoutfrom 5.0.0 to 6.0.0Release notes
Sourced fromactions/checkout's releases.
Changelog
Sourced fromactions/checkout's changelog.
... (truncated)
Commits
1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)Updates
github/codeql-actionfrom 4.31.2 to 4.31.4Release notes
Sourced fromgithub/codeql-action's releases.
Changelog
Sourced fromgithub/codeql-action's changelog.
... (truncated)
Commits
e12f017Merge pull request#3312 from github/update-v4.31.4-70434f6ddc9cb6f9Update changelog for v4.31.470434f6Merge pull request#3311 from github/mbg/deps/bump-glob528362aBumpglobto at least11.1.0de12435Merge pull request#3308 from github/mbg/pr-template/nov25ffa63f0Merge pull request#3307 from github/dependabot/github_actions/dot-github/wor...7bcdb4bAdd additional options to PR template and clarify some07eae64Merge pull request#3303 from github/mario-campos/v3-core-warninge546fffRebuildc418a0fBump ruby/setup-rubyUpdates
reviewdog/action-setupfrom 1.4.0 to 1.5.0Release notes
Sourced fromreviewdog/action-setup's releases.
Commits
d8a7baaMerge pull request#74 from reviewdog/depup/reviewdogb041f0dMerge pull request#75 from reviewdog/renovate/reviewdog-action-misspell-1.x05dc1a3Merge pull request#73 from reviewdog/renovate/chainguard-dev-actions-digestf2ffb34Merge pull request#68 from reviewdog/renovate/reviewdog-action-shellcheck-1.x28695c5Merge pull request#67 from reviewdog/renovate/reviewdog-action-actionlint-1.x65d14e0chore(deps): update reviewdog/action-misspell action to v1.27.0f3a4e22Merge pull request#64 from reviewdog/renovate/haya14busa-action-bumpr-1.xf257542chore(deps): update reviewdog/action-actionlint action to v1.68.078083cbchore(deps): update chainguard-dev/actions digest to 4aa34020eb086bMerge pull request#76 from reviewdog/renovate/actions-checkout-5.xDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions