actions/gradle
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2026-04-19 18:12:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
83d3189aae3332f1b2235b42d8804258f2348213
gradle/.github/workflows/ci-codeql.yml
T
Daz DeBoer f333b2d34b Update dependencies and resolve npm vulnerabilities (#933) 
This pull request includes dependency updates, a minor bug fix, and a
workflow update. The most significant changes are grouped below:

Dependency Updates:

* Updated several development dependencies in `sources/package.json`,
including `@typescript-eslint/eslint-plugin` to 8.58.0, `esbuild` to
0.28.0, and `ts-jest` to 29.4.9, to keep the project up to date with the
latest features and bug fixes.

Bug Fix:

* Fixed a typo in the import statement for `deprecation-collector` in
`sources/src/configuration.ts`, correcting the import from `de cator` to
`deprecator`.

CI/CD Workflow Update:

* Updated the commit hashes for the `github/codeql-action/init` and
`github/codeql-action/analyze` steps in
`.github/workflows/ci-codeql.yml` to use a newer commit, ensuring the
workflow uses the latest patches for these actions.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-02 17:46:48 -06:00

47 lines
1.0 KiB
YAML
Raw Blame History

name: CI-codeql
on:
push:
branches:
- 'main'
- 'release/**'
- 'dev/**' # Allow running Code QL on dev branches without a PR
pull_request:
branches:
- 'main'
schedule:
- cron: '25 23 * * 2'
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript-typescript' ]
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5
with:
languages: ${{ matrix.language }}
config: |
paths:
- sources/src
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5
Reference in New Issue View Git Blame Copy Permalink