chore(deps): bump github/codeql-action/init from 4.36.3 to 4.37.0#6445
chore(deps): bump github/codeql-action/init from 4.36.3 to 4.37.0#6445dependabot[bot] wants to merge 1 commit into
Conversation
Semver Impact of This PR⚪ None (no version bump detected) 📋 Changelog PreviewThis is how your changes will appear in the changelog.
Plus 1 more 🤖 This preview updates automatically when you update the PR. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2a942b7. Configure here.
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pin@v4.36.3 | ||
| uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # pin@v4.37.0 |
There was a problem hiding this comment.
CodeQL action version skew
Medium Severity
This bump only moves github/codeql-action/init to v4.37.0 while autobuild and analyze stay on v4.36.3. Those steps share config and the CodeQL bundle from init, so mismatched pins can break the CodeQL job. v4.37.0 also switches the default bundle to 2.26.0, which widens the skew. Flagged this per the dependency-update review guidance in the PR rules.
Additional Locations (2)
Triggered by project rule: PR Review Guidelines for Cursor Bot
Reviewed by Cursor Bugbot for commit 2a942b7. Configure here.
|
@dependabot recreate |
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.3 to 4.37.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@54f647b...99df26d) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2429b43 to
5514881
Compare
|
Superseded by #6461. |


Bumps github/codeql-action/init from 4.36.3 to 4.37.0.
Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependencies