)]}'
{
  "commit": "3d5aaa3f075de3eb1f67fef446b239ec2726a9eb",
  "tree": "959ac44a9c369306c264519da2f4f51afa8fa702",
  "parents": [
    "8e703e28f772257776745fa482ea4077c0ba074c"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Tue Jul 01 06:35:25 2025 +0000"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Tue Jul 01 06:35:25 2025 +0000"
  },
  "message": "Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions group (#2514)\n\nBumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 3.28.18 to 3.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.29.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.19\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b\"\u003e\u003ccode\u003e181d5ee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2957\"\u003e#2957\u003c/a\u003e from github/update-v3.29.2-4c57370d0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca\"\u003e\u003ccode\u003ec77386a\u003c/code\u003e\u003c/a\u003e Fix changelog PR number\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b\"\u003e\u003ccode\u003e8d43d4e\u003c/code\u003e\u003c/a\u003e Update changelog for v3.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a\"\u003e\u003ccode\u003e4c57370\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2935\"\u003e#2935\u003c/a\u003e from github/mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c\"\u003e\u003ccode\u003e2830b75\u003c/code\u003e\u003c/a\u003e Add changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c\"\u003e\u003ccode\u003eaa72dda\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551\"\u003e\u003ccode\u003e65d1e45\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eSARIF_UPLOAD_ENDPOINT\u003c/code\u003e members\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f\"\u003e\u003ccode\u003e362ebf8\u003c/code\u003e\u003c/a\u003e Check both SARIF files in \u003ccode\u003equality-queries.yml\u003c/code\u003e test\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab\"\u003e\u003ccode\u003e10a3e4b\u003c/code\u003e\u003c/a\u003e Fix formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae\"\u003e\u003ccode\u003e8593ea6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2954\"\u003e#2954\u003c/a\u003e from github/mergeback/v3.29.1-to-main-39edc492\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...181d5eefc20863364f96762470ba6f862bdef56b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.28.18\u0026new-version\u003d3.29.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "607337b25abefa2f4efec2e85e527170eb5bc3a7",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "56fdbe182e7b0686cc117d8444667ff9fb4fff02",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    }
  ]
}