)]}'
{
  "commit": "e1c9ba82a2c1aba43ea344ca619fa2a7904e966c",
  "tree": "54b2b852309f40244b9e5d1aa677e2c6c0f84b8d",
  "parents": [
    "5ed4f6607fe72fa94a23b27975ddfdf4f9b1befb"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Tue Oct 08 09:09:55 2024 +0000"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Tue Oct 08 09:09:55 2024 +0000"
  },
  "message": "Bump github/codeql-action from 3.26.11 to 3.26.12 (#906)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.11 to 3.26.12.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003cp\u003eNote that the only difference between \u003ccode\u003ev2\u003c/code\u003e and \u003ccode\u003ev3\u003c/code\u003e of the CodeQL Action is the node version they support, with \u003ccode\u003ev3\u003c/code\u003e running on node 20 while we continue to release \u003ccode\u003ev2\u003c/code\u003e to support running on node 16. For example \u003ccode\u003e3.22.11\u003c/code\u003e was the first \u003ccode\u003ev3\u003c/code\u003e release and is functionally identical to \u003ccode\u003e2.22.11\u003c/code\u003e. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.26.12 - 07 Oct 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2520\"\u003e#2520\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eIf you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the \u0027tools\u0027 input to the \u0027init\u0027 Action, you can remove this input to use the default version.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAlternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace \u003ccode\u003egithub/codeql-action/*@v3\u003c/code\u003e by \u003ccode\u003egithub/codeql-action/*@v3.26.11\u003c/code\u003e and \u003ccode\u003egithub/codeql-action/*@v2\u003c/code\u003e by \u003ccode\u003egithub/codeql-action/*@v2.26.11\u003c/code\u003e in your code scanning workflow to ensure you continue using this version of the CodeQL Action.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.11 - 03 Oct 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add support for using \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e to programmatically consume CodeQL Action debug artifacts.\u003c/p\u003e\n\u003cp\u003eStarting November 30, 2024, GitHub.com customers will \u003ca href\u003d\"https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/\"\u003eno longer be able to use \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e\u003c/a\u003e. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the \u003ccode\u003eCODEQL_ACTION_ARTIFACT_V4_UPGRADE\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e and bump \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e to \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to \u003ccode\u003eactions/download-artifact@v3\u003c/code\u003e to \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e will begin failing then.\u003c/p\u003e\n\u003cp\u003eThis change is currently unavailable for GitHub Enterprise Server customers, as \u003ccode\u003eactions/upload-artifact@v4\u003c/code\u003e and \u003ccode\u003eactions/download-artifact@v4\u003c/code\u003e are not yet compatible with GHES.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate default CodeQL bundle version to 2.19.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2519\"\u003e#2519\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.10 - 30 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with \u003ca href\u003d\"http://facebook.github.io/zstd/\"\u003eZstandard\u003c/a\u003e. Our aim is to improve the performance of setting up CodeQL. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2502\"\u003e#2502\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.9 - 24 Sep 2024\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.26.8 - 19 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.19.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2483\"\u003e#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.7 - 13 Sep 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.18.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2471\"\u003e#2471\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.6 - 29 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.18.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2449\"\u003e#2449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.5 - 23 Aug 2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the \u003ccode\u003ecsrutil\u003c/code\u003e system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2441\"\u003e#2441\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c36620d31ac7c881962c3d9dd939c40ec9434f2b\"\u003e\u003ccode\u003ec36620d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2529\"\u003e#2529\u003c/a\u003e from github/update-v3.26.12-c9a70ff45\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/570aecb95f2b62832269f4d9ed8d228c9a1342fb\"\u003e\u003ccode\u003e570aecb\u003c/code\u003e\u003c/a\u003e Update changelog for v3.26.12\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c9a70ff45f6a0ebf67a02cf3a09094b72f56e5cb\"\u003e\u003ccode\u003ec9a70ff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2526\"\u003e#2526\u003c/a\u003e from github/henrymercer/check-zstd-on-path\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d65a17605a400f2b42f1e4785239bc63a91419b9\"\u003e\u003ccode\u003ed65a176\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/bf2e624d0b3b15a9fe5c6ae1294f207a8f2ee3f1\"\u003e\u003ccode\u003ebf2e624\u003c/code\u003e\u003c/a\u003e Update src/tar.ts\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/56d197570aa047eae7fe04401603196e2f68521d\"\u003e\u003ccode\u003e56d1975\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2489\"\u003e#2489\u003c/a\u003e from github/redsun82/rust\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/7cf65a5b2e089b7207c678633bc4a42884847231\"\u003e\u003ccode\u003e7cf65a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2518\"\u003e#2518\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-88156698cd\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a56dd2e53735063047ec88acbea334aecdd702e\"\u003e\u003ccode\u003e8a56dd2\u003c/code\u003e\u003c/a\u003e Update to \u003ccode\u003e@​actions/core\u003c/code\u003e 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/153267135194d736d42c011f5c4288fd7318a484\"\u003e\u003ccode\u003e1532671\u003c/code\u003e\u003c/a\u003e Update default bundle to 2.19.1 (\u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/64871a860c2923a5ec7cf6cefc983b535e8fe0e7\"\u003e\u003ccode\u003e64871a8\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.19.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea...c36620d31ac7c881962c3d9dd939c40ec9434f2b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| github/codeql-action | [\u003c 2.3.5, \u003e 2.3.4] |\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.26.11\u0026new-version\u003d3.26.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\u003c/details\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "90e8b3b01401055d106df4148be92f8c3fde6b56",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "8c4c2ddac7bc99273efb8aae8fc1f81fd0cff315",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    }
  ]
}