chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 (#4749)

dependabot[bot] · web-flow · commit 586eb04b2879 · 2025-09-09T15:15:52.000+02:00
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.1</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.1 - 05 Sep 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.0. <a href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.1/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.30.1 - 05 Sep 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.0. <a href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li> </ul> <h2>3.30.0 - 01 Sep 2025</h2> <ul> <li>Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. <a href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li> </ul> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/f1f6e5f6af878fb37288ce1c627459e94dbf7d01"><code>f1f6e5f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3081">#3081</a> from github/update-v3.30.1-2d2f57ed3</li> <li><a href="https://github.com/github/codeql-action/commit/5dd2164a3d69fc450bc99ff83e46354092852955"><code>5dd2164</code></a> Update changelog for v3.30.1</li> <li><a href="https://github.com/github/codeql-action/commit/2d2f57ed3a96a5c55ea34a02d2787de24943ebea"><code>2d2f57e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3079">#3079</a> from github/mbg/proxy/accept-git-source</li> <li><a href="https://github.com/github/codeql-action/commit/b364f99409ed3cd283e99b317d8e29cd062f4c06"><code>b364f99</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3077">#3077</a> from github/update-bundle/codeql-bundle-v2.23.0</li> <li><a href="https://github.com/github/codeql-action/commit/5b8860ac11161b727664576c3f8b9924d6f2038e"><code>5b8860a</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.23.0</li> <li><a href="https://github.com/github/codeql-action/commit/8fe8b2420215df90da3cc29b24f7809dfc7d5373"><code>8fe8b24</code></a> Add <code>git_source</code> as supported registry type for Go</li> <li><a href="https://github.com/github/codeql-action/commit/6242bcbf1b24d310505ba9bd8be374eb1433557a"><code>6242bcb</code></a> Allow multiple registry types in <code>LANGUAGE_TO_REGISTRY_TYPE</code></li> <li><a href="https://github.com/github/codeql-action/commit/dfb741d27f8d018f727c8caf9033781133fdf550"><code>dfb741d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3075">#3075</a> from github/mbg/remove-augmentation-properties</li> <li><a href="https://github.com/github/codeql-action/commit/920bba1769f279c4373d93131c769e74bc258100"><code>920bba1</code></a> Add unit tests for <code>createInitWithConfigStatusReport</code></li> <li><a href="https://github.com/github/codeql-action/commit/37ddb03e0d7f9f4f374a33bd14142694e5c89b0b"><code>37ddb03</code></a> Add <code>createInitWithConfigStatusReport</code> function</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d...f1f6e5f6af878fb37288ce1c627459e94dbf7d01">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.0&new-version=3.30.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
@@ -51,7 +51,7 @@ jobs:
           path: results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5
+        uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.29.5
         with:
           sarif_file: results.sarif
           category: actions-zizmor
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -39,12 +39,12 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5
+      uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.29.5
       with:
         languages: ${{ matrix.language }}
         build-mode: none
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5
+      uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.29.5
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -48,6 +48,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d
+        uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01
         with:
           sarif_file: results.sarif
