)]}'
{
  "commit": "4e0f2d91d0895d82c0fb4ee22f82222db2ec6d0e",
  "tree": "17e2e818666bb6de8cf094b1f4c493157ab73b70",
  "parents": [
    "59b8ee5f46dee3d2f3a7cb685d1b4624ee20346c"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Tue May 21 09:30:06 2024 +0000"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Tue May 21 09:30:06 2024 +0000"
  },
  "message": "Bump github/codeql-action from 3.25.5 to 3.25.6 (#862)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003cp\u003eNote that the only difference between \u003ccode\u003ev2\u003c/code\u003e and \u003ccode\u003ev3\u003c/code\u003e of the CodeQL Action is the node version they support, with \u003ccode\u003ev3\u003c/code\u003e running on node 20 while we continue to release \u003ccode\u003ev2\u003c/code\u003e to support running on node 16. For example \u003ccode\u003e3.22.11\u003c/code\u003e was the first \u003ccode\u003ev3\u003c/code\u003e release and is functionally identical to \u003ccode\u003e2.22.11\u003c/code\u003e. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.25.6 - 20 May 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.17.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2295\"\u003e#2295\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.25.5 - 13 May 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/README.md\"\u003ehttps://github.com/github/codeql-action/blob/main/README.md\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2273\"\u003e#2273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid printing out a warning for a missing \u003ccode\u003eon.push\u003c/code\u003e trigger when the CodeQL Action is triggered via a \u003ccode\u003eworkflow_call\u003c/code\u003e event. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2274\"\u003e#2274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003etools: latest\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action has been renamed to \u003ccode\u003etools: linked\u003c/code\u003e. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2281\"\u003e#2281\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.25.4 - 08 May 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.17.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2270\"\u003e#2270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.25.3 - 25 Apr 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.17.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2247\"\u003e#2247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkflows running on \u003ccode\u003emacos-latest\u003c/code\u003e using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as \u003ccode\u003emacos-12\u003c/code\u003e. ARM machines with SIP disabled, including the newest \u003ccode\u003emacos-latest\u003c/code\u003e image, are unsupported for CLI versions before 2.15.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2261\"\u003e#2261\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.25.2 - 22 Apr 2024\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.25.1 - 17 Apr 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the \u003ccode\u003eautobuild\u003c/code\u003e \u003ca href\u003d\"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes\"\u003ebuild mode\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2235\"\u003e#2235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a bug where the \u003ccode\u003einit\u003c/code\u003e Action would fail if \u003ccode\u003e--overwrite\u003c/code\u003e was specified in \u003ccode\u003eCODEQL_ACTION_EXTRA_OPTIONS\u003c/code\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2245\"\u003e#2245\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.25.0 - 15 Apr 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe deprecated feature for extracting dependencies for a Python analysis has been removed. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2224\"\u003e#2224\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAs a result, the following inputs and environment variables are now ignored:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003esetup-python-dependencies\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION\u003c/code\u003e environment variable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWe recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomatically overwrite an existing database if found on the filesystem. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump the minimum CodeQL bundle version to 2.12.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2232\"\u003e#2232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9fdb3e49720b44c48891d036bb502feb25684276\"\u003e\u003ccode\u003e9fdb3e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2300\"\u003e#2300\u003c/a\u003e from github/update-v3.25.6-63d519c0a\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/00792ab1e0a5e45d2ff0c2426424bf7044bb27d0\"\u003e\u003ccode\u003e00792ab\u003c/code\u003e\u003c/a\u003e Update changelog for v3.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/63d519c0ae6a4b739e3377a517400c352a7d829b\"\u003e\u003ccode\u003e63d519c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2295\"\u003e#2295\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.17.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0d9161ca1ca47cada43d1520c3ee53b96d4c31b3\"\u003e\u003ccode\u003e0d9161c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2293\"\u003e#2293\u003c/a\u003e from github/henrymercer/update-build-mode-autobuild-...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e9e27290e9f6fb2125c88320c1c8cfde73daa118\"\u003e\u003ccode\u003ee9e2729\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/de1ac31508c6bbe87b7dda97b8eeb62817061fc4\"\u003e\u003ccode\u003ede1ac31\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.17.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a57c67b89589d2d13d5ac85a9fc4679c7539f94c\"\u003e\u003ccode\u003ea57c67b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2286\"\u003e#2286\u003c/a\u003e from github/koesie10/ghec-dr-db-upload\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b7ef64ecb1a32c28cb40d1d748bafd2141ad3f7a\"\u003e\u003ccode\u003eb7ef64e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2294\"\u003e#2294\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-d3285d5234\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e54dea297aa0b91cffca529f0b38a8d62d27e867\"\u003e\u003ccode\u003ee54dea2\u003c/code\u003e\u003c/a\u003e Update checked-in dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3b42294f03049609faa22c47773030fff8acc188\"\u003e\u003ccode\u003e3b42294\u003c/code\u003e\u003c/a\u003e Bump the npm group across 1 directory with 4 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/b7cec7526559c32f1616476ff32d17ba4c59b2d6...9fdb3e49720b44c48891d036bb502feb25684276\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| github/codeql-action | [\u003c 2.3.5, \u003e 2.3.4] |\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.25.5\u0026new-version\u003d3.25.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\u003c/details\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "298550bc6c6357fdb99af59221e5cf7498326903",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "e5085f4c50ec8923d8802500eeb45ebe7085b79b",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    }
  ]
}