chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 in the github-actions group#1702
Conversation
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.36.1 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@87557b9...8aad20d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
LGTM — Dependabot patch bump of github/codeql-action with pinned SHA.
Extended reasoning...
Overview
This PR is a Dependabot-generated patch bump of github/codeql-action from v4.36.1 to v4.36.2 in .github/workflows/codeql.yml. Both init and analyze step references are updated, with the SHA pin (8aad20d150bbac5944a9f9d289da16a4b0d87c1e) matching the v4.36.2 release tag.
Security risks
None. The action is pinned to a full commit SHA, which is the recommended security practice. The patch release contains only internal improvements (CLI version caching, exponential backoff for SARIF polling, default bundle bump to 2.25.6) — no API or behavioral changes affecting consumers.
Level of scrutiny
Minimal. This is a CI-only workflow file change with no impact on the published package or runtime behavior of langfuse. Patch-level bump of a well-established first-party GitHub action.
Other factors
No bugs reported by the hunting system. No prior reviews to consider. SHA pin matches the tag in the release notes.
Bumps the github-actions group with 1 update: github/codeql-action.
Updates
github/codeql-actionfrom 4.36.1 to 4.36.2Release notes
Sourced from github/codeql-action's releases.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions