)]}'
{
  "commit": "fa2f87be26b02f7df0954c120d1b2002a234489e",
  "tree": "c2555437bb015d14fcdf66a4980c8b71cfcc7a4a",
  "parents": [
    "a7be30b119b9afa2fd63d14efd07ccfd7c6c0edf"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Mon Sep 04 09:45:32 2023 +0200"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Mon Sep 04 09:45:32 2023 +0200"
  },
  "message": "Bump github/codeql-action from 2.21.2 to 2.21.5 (#1002)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action)\r\nfrom 2.21.2 to 2.21.5.\r\n\u003cdetails\u003e\r\n\u003csummary\u003eChangelog\u003c/summary\u003e\r\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\r\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\r\n\u003cblockquote\u003e\r\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\r\n\u003cp\u003eSee the \u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\r\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\r\npacks.\u003c/p\u003e\r\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\r\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\r\n\u003ch2\u003e2.21.5 - 28 Aug 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eUpdate default CodeQL bundle version to 2.14.3. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1845\"\u003e#1845\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eFixed a bug in CodeQL Action 2.21.3 onwards that affected beta\r\nsupport for \u003ca href\u003d\"https://projectlombok.org/\"\u003eProject Lombok\u003c/a\u003e when\r\nanalyzing Java. The environment variable\r\n\u003ccode\u003eCODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS\u003c/code\u003e will now be\r\nrespected if it was manually configured in the workflow. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1844\"\u003e#1844\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eEnable support for Kotlin 1.9.20 when running with CodeQL CLI\r\nv2.13.4 through v2.14.3. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1853\"\u003e#1853\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eBetter error message when there is a failure to determine the merge\r\nbase of the code to analysis. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1860\"\u003e#1860\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.21.4 - 14 Aug 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eUpdate default CodeQL bundle version to 2.14.2. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1831\"\u003e#1831\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eLog a warning if the amount of available disk space runs low during\r\na code scanning run. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1825\"\u003e#1825\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eWhen downloading CodeQL bundle version 2.13.4 and later, cache these\r\nbundles in the Actions tool cache using a simpler version number. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1832\"\u003e#1832\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eFix an issue that first appeared in CodeQL Action v2.21.2 that\r\nprevented CodeQL invocations from being logged. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eWe are rolling out a feature in August 2023 that will improve the\r\nquality of file coverage information. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1835\"\u003e#1835\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.21.3 - 08 Aug 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eWe are rolling out a feature in August 2023 that will improve\r\nmulti-threaded performance on larger runners. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1817\"\u003e#1817\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eWe are rolling out a feature in August 2023 that adds beta support\r\nfor \u003ca href\u003d\"https://projectlombok.org/\"\u003eProject Lombok\u003c/a\u003e when\r\nanalyzing Java. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1809\"\u003e#1809\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eReduce disk space usage when downloading the CodeQL bundle. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1820\"\u003e#1820\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.21.2 - 28 Jul 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eUpdate default CodeQL bundle version to 2.14.1. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1797\"\u003e#1797\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eAvoid duplicating the analysis summary within the logs. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1811\"\u003e#1811\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.21.1 - 26 Jul 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eImprove the handling of fatal errors from the CodeQL CLI. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1795\"\u003e#1795\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eAdd the \u003ccode\u003esarif-output\u003c/code\u003e output to the analyze action that\r\ncontains the path to the directory of the generated SARIF. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1799\"\u003e#1799\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.21.0 - 19 Jul 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eCodeQL Action now requires CodeQL CLI 2.9.4 or later. For more\r\ninformation, see the corresponding changelog entry for CodeQL Action\r\nversion 2.20.4. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003e2.20.4 - 14 Jul 2023\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eThis is the last release of the Action that supports CodeQL CLI\r\nversions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were\r\ndeprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and\r\nwill not be supported by the next release of the CodeQL Action (2.21.0).\r\n\u003cul\u003e\r\n\u003cli\u003eIf you are using one of these versions, please update to CodeQL CLI\r\nversion 2.9.4 or later. For instance, if you have specified a custom\r\nversion of the CLI using the \u0027tools\u0027 input to the \u0027init\u0027 Action, you can\r\nremove this input to use the default version.\u003c/li\u003e\r\n\u003cli\u003eAlternatively, if you want to continue using a version of the CodeQL\r\nCLI between 2.8.5 and 2.9.3, you can replace\r\n\u0027github/codeql-action/\u003cem\u003e\u003ca\r\nhref\u003d\"https://github.com/v2\"\u003e\u003ccode\u003e@​v2\u003c/code\u003e\u003c/a\u003e\u0027 by\r\n\u0027github/codeql-action/\u003c/em\u003e\u003ca\r\nhref\u003d\"https://github.com/v2\"\u003e\u003ccode\u003e@​v2\u003c/code\u003e\u003c/a\u003e.20.4\u0027 in your code\r\nscanning workflow to ensure you continue using this version of the\r\nCodeQL Action.\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003c/li\u003e\r\n\u003cli\u003eWe are rolling out a feature in July 2023 that will slightly reduce\r\nthe default amount of RAM used for query execution, in proportion to the\r\nrunner\u0027s total memory. This will help to avoid out-of-memory failures on\r\nlarger runners. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1760\"\u003e#1760\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003eUpdate default CodeQL bundle version to 2.14.0. \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/1762\"\u003e#1762\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003c!-- raw HTML omitted --\u003e\r\n\u003c/blockquote\u003e\r\n\u003cp\u003e... (truncated)\u003c/p\u003e\r\n\u003c/details\u003e\r\n\u003cdetails\u003e\r\n\u003csummary\u003eCommits\u003c/summary\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/00e563ead9f72a8461b24876bee2d0c2e8bd2ee8\"\u003e\u003ccode\u003e00e563e\u003c/code\u003e\u003c/a\u003e\r\nMerge pull request \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/1858\"\u003e#1858\u003c/a\u003e\r\nfrom github/update-v2.21.5-100912429\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/7323c2ac6bb5b909731a79a05be177865803cb35\"\u003e\u003ccode\u003e7323c2a\u003c/code\u003e\u003c/a\u003e\r\nUpdate changelog for v2.21.5\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/100912429fab4cb230e66ffb11e738ac5194e73a\"\u003e\u003ccode\u003e1009124\u003c/code\u003e\u003c/a\u003e\r\nMerge pull request \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/1845\"\u003e#1845\u003c/a\u003e\r\nfrom github/update-bundle/codeql-bundle-v2.14.3\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/a2d14d32b8fe679ae2cd9a1a42b7a1b494ca080e\"\u003e\u003ccode\u003ea2d14d3\u003c/code\u003e\u003c/a\u003e\r\nMerge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.14.3\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/ff9cb435df425a3cb2cd53b09e3947f600b11ef5\"\u003e\u003ccode\u003eff9cb43\u003c/code\u003e\u003c/a\u003e\r\nMerge pull request \u003ca\r\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/1853\"\u003e#1853\u003c/a\u003e\r\nfrom github/igfoo/kot1.9.10\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/2f913c12497b474080784ca08ad349d693b3c172\"\u003e\u003ccode\u003e2f913c1\u003c/code\u003e\u003c/a\u003e\r\nnpm run build\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/7dab60079ba615275bc07067ee108dfa7ebec60a\"\u003e\u003ccode\u003e7dab600\u003c/code\u003e\u003c/a\u003e\r\nPut upper limit on the CodeQL versions for which we override the Kotlin\r\nlimit\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/862b2cf102c7d450547d5bfb21e408e6cd6813aa\"\u003e\u003ccode\u003e862b2cf\u003c/code\u003e\u003c/a\u003e\r\nAdd a changelog entry for the Kotlin 1.9.10 support\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/070dd05edd619bee2751a0cc76633f1e8b6ebda9\"\u003e\u003ccode\u003e070dd05\u003c/code\u003e\u003c/a\u003e\r\nnpm run build\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/commit/ff95d147d6ce5678eee4d906f79bff30f5e182a1\"\u003e\u003ccode\u003eff95d14\u003c/code\u003e\u003c/a\u003e\r\nKotlin: Fix lint\u003c/li\u003e\r\n\u003cli\u003eAdditional commits viewable in \u003ca\r\nhref\u003d\"https://github.com/github/codeql-action/compare/0ba4244466797eb048eb91a6cd43d5c03ca8bd05...00e563ead9f72a8461b24876bee2d0c2e8bd2ee8\"\u003ecompare\r\nview\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003c/details\u003e\r\n\u003cbr /\u003e\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d2.21.2\u0026new-version\u003d2.21.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n\u003cdetails\u003e\r\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\r\n\u003cbr /\u003e\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n\u003c/details\u003e\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "6ce955948557c5ef2b410d4f40b665dbd970a3f6",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "32e257f1580c3276700449432c0ee00653148ba5",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    }
  ]
}