3d5aaa3f075de3eb1f67fef446b239ec2726a9eb - test

commit: 3d5aaa3f075de3eb1f67fef446b239ec2726a9eb
[log]
author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Tue Jul 01 06:35:25 2025 +0000
committer: GitHub <noreply@github.com>
Tue Jul 01 06:35:25 2025 +0000
tree: 959ac44a9c369306c264519da2f4f51afa8fa702
parent: 8e703e28f772257776745fa482ea4077c0ba074c [diff]

Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions group (#2514)

Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).

Updates `github/codeql-action` from 3.28.18 to 3.29.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p>
<blockquote>
<h2>v3.29.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li>
</ul>
<p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md">CHANGELOG.md</a> for more information.</p>
<h2>v3.29.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li>
</ul>
<p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md">CHANGELOG.md</a> for more information.</p>
<h2>v3.29.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md">CHANGELOG.md</a> for more information.</p>
<h2>v3.28.19</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview.
The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md">CHANGELOG.md</a> for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li>
</ul>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li>
</ul>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview.
The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b"><code>181d5ee</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2957">#2957</a> from github/update-v3.29.2-4c57370d0</li>
<li><a href="https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca"><code>c77386a</code></a> Fix changelog PR number</li>
<li><a href="https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b"><code>8d43d4e</code></a> Update changelog for v3.29.2</li>
<li><a href="https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a"><code>4c57370</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2935">#2935</a> from github/mbg/interpret-cq-results</li>
<li><a href="https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c"><code>2830b75</code></a> Add changelog entry</li>
<li><a href="https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c"><code>aa72dda</code></a> Merge branch 'main' into mbg/interpret-cq-results</li>
<li><a href="https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551"><code>65d1e45</code></a> Rename <code>SARIF_UPLOAD_ENDPOINT</code> members</li>
<li><a href="https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f"><code>362ebf8</code></a> Check both SARIF files in <code>quality-queries.yml</code> test</li>
<li><a href="https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab"><code>10a3e4b</code></a> Fix formatting</li>
<li><a href="https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae"><code>8593ea6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2954">#2954</a> from github/mergeback/v3.29.1-to-main-39edc492</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...181d5eefc20863364f96762470ba6f862bdef56b">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.18&new-version=3.29.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions

</details>

.github/workflows/scorecards-analysis.yml[diff]

1 file changed

tree: 959ac44a9c369306c264519da2f4f51afa8fa702

README.md

What's here?

Welcome! package:test is the standard testing library for Dart and Flutter. If you have questions about Dart testing, please see the docs for package:test. package:test_api and package:test_core are implementation details and generally not user-facing.

package:checks is a relatively new library for expressing test expectations. It's a more modern version of package:matcher and features a literate API.

Packages

Package	Description	Issues	Version
checks	A framework for checking values against expectations and building custom expectations.
fake_async	Fake asynchronous events such as timers and microtasks for deterministic testing.
matcher	Support for specifying test expectations via an extensible Matcher class. Also includes a number of built-in Matcher implementations for common cases.
test	A full featured library for writing and running Dart tests across platforms.
test_api	The user facing API for structuring Dart tests and checking expectations.
test_core	A basic library for writing tests and running them on the VM.
test_descriptor	An API for defining and verifying files and directory structures.
test_process	Test processes: starting; validating stdout and stderr; checking exit code.