)]}'
{
  "commit": "26cb9de8a6edfb352232742e5066bf371bf10546",
  "tree": "1a5cc46e476ca61a4356bfc74c1ec99cc90dd392",
  "parents": [
    "8e48d18e81f87e7fb1fe30c6bb14b67be92246a3"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Fri Oct 04 09:27:48 2024 +0000"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Fri Oct 04 09:27:48 2024 +0000"
  },
  "message": "Bump github/codeql-action from 3.26.10 to 3.26.11 (#903)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.11.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003cp\u003eNote that the only difference between \u003ccode\u003ev2\u003c/code\u003e and \u003ccode\u003ev3\u003c/code\u003e of the CodeQL Action is the node version they support, with \u003ccode\u003ev3\u003c/code\u003e running on node 20 while we continue to release \u003ccode\u003ev2\u003c/code\u003e to support running on node 16. For example \u003ccode\u003e3.22.11\u003c/code\u003e was the first \u003ccode\u003ev3\u003c/code\u003e release and is functionally identical to \u003ccode\u003e2.22.11\u003c/code\u003e. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.26.11 - 03 Oct 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add support for using \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e to programmatically consume CodeQL Action debug artifacts.\u003c/p\u003e\n\u003cp\u003eStarting November 30, 2024, GitHub.com customers will \u003ca href\u003d\"https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/\"\u003eno longer be able to use \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e\u003c/a\u003e. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the \u003ccode\u003eCODEQL_ACTION_ARTIFACT_V4_UPGRADE\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e and bump \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e to \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e to \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e will begin failing then.\u003c/p\u003e\n\u003cp\u003eThis change is currently unavailable for GitHub Enterprise Server customers, as \u003ccode\u003eactions/upload-artifact@v4\u003c/code\u003e and \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e are not yet compatible with GHES.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.10 - 30 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with \u003ca href\u003d\"http://facebook.github.io/zstd/\"\u003eZstandard\u003c/a\u003e. Our aim is to improve the performance of setting up CodeQL. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2502\"\u003e#2502\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.9 - 24 Sep 2024\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.26.8 - 19 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.19.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2483\"\u003e#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.7 - 13 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.18.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2471\"\u003e#2471\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.6 - 29 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.18.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2449\"\u003e#2449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.5 - 23 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the \u003ccode\u003ecsrutil\u003c/code\u003e system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2441\"\u003e#2441\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.4 - 21 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eDeprecation:\u003c/em\u003e The \u003ccode\u003eadd-snippets\u003c/code\u003e input on the \u003ccode\u003eanalyze\u003c/code\u003e Action is deprecated and will be removed in the first release in August 2025. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2436\"\u003e#2436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2434\"\u003e#2434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.3 - 19 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2430\"\u003e#2430\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea\"\u003e\u003ccode\u003e6db8d63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2522\"\u003e#2522\u003c/a\u003e from github/update-v3.26.11-8aba5f2c4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/389647f39867028dcbcca5506b676e29424c612d\"\u003e\u003ccode\u003e389647f\u003c/code\u003e\u003c/a\u003e Update changelog for v3.26.11\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8aba5f2c426ba0d5c3bb6b4b8fae38035772b3d3\"\u003e\u003ccode\u003e8aba5f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2516\"\u003e#2516\u003c/a\u003e from github/aeisenberg/dependabot-exclude\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ecac2c6d538a5c4520f636d89c01720ddc5c9d1b\"\u003e\u003ccode\u003eecac2c6\u003c/code\u003e\u003c/a\u003e Exclupde \u003ccode\u003eeslint-plugin-import\u003c/code\u003e updates from dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e85017e6745c22a328ab20475f48582ec2e1becd\"\u003e\u003ccode\u003ee85017e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2514\"\u003e#2514\u003c/a\u003e from github/henrymercer/zstd-better-failure-logging\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a60db1d7fffaf34bc97db28f4d16936306e52a7c\"\u003e\u003ccode\u003ea60db1d\u003c/code\u003e\u003c/a\u003e Add notice for dependency upgrade timeline (\u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2513\"\u003e#2513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/28db28fc03e5652558cfae2ebfcf112a524358e1\"\u003e\u003ccode\u003e28db28f\u003c/code\u003e\u003c/a\u003e Improve clean up if extraction fails\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3da852e107a8b010f01b468b4be62250eca45340\"\u003e\u003ccode\u003e3da852e\u003c/code\u003e\u003c/a\u003e Capture stderr from extracting \u003ccode\u003e.tar.zst\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c4d433c56218db63e3030b7eb311b4820c0aa24b\"\u003e\u003ccode\u003ec4d433c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2510\"\u003e#2510\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-13baf58ce8\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2f6cf481fd80327a14c2fccb1f6d2babc76cddc3\"\u003e\u003ccode\u003e2f6cf48\u003c/code\u003e\u003c/a\u003e Undo \u003ccode\u003eeslint-plugin-import\u003c/code\u003e bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/e2b3eafc8d227b0241d48be5f425d47c2d750a13...6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| github/codeql-action | [\u003c 2.3.5, \u003e 2.3.4] |\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.26.10\u0026new-version\u003d3.26.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\u003c/details\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "6b08135ea6f1e4b2e3e434b21d6471eef49111d8",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "d326c78fdbbe5a640c7269d25a68cb5bcb7b002f",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    }
  ]
}