From 737d30e5919adca4142b6a847bebc8b45e5817e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 17:26:29 +0000 Subject: [PATCH] build(deps): bump the all group with 2 updates Bumps the all group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [coverallsapp/github-action](https://github.com/coverallsapp/github-action). Updates `github/codeql-action` from 4.31.3 to 4.31.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/014f16e7ab1402f30e7c3329d33797e7948572db...e12f0178983d466f2f6028f5cc7a6d786fd97f4b) Updates `coverallsapp/github-action` from 2.3.6 to 2.3.7 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/648a8eb78e6d50909eff900e4ec85cab4524a45b...5cbfd81b66ca5d10c19b062c04de0199c215fb6e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: coverallsapp/github-action dependency-version: 2.3.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/codeql-azclient.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- .github/workflows/trivy.yaml | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad60339d73..721e44ce83 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -74,7 +74,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -91,10 +91,10 @@ jobs: grep -v mock profile.cov.tmp > profile.cov - name: Coveralls - uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 + uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7 with: file: profile.cov format: golang - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 diff --git a/.github/workflows/codeql-azclient.yml b/.github/workflows/codeql-azclient.yml index 11d24d6e31..1f16988f5e 100644 --- a/.github/workflows/codeql-azclient.yml +++ b/.github/workflows/codeql-azclient.yml @@ -60,7 +60,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -77,4 +77,4 @@ jobs: echo "fail if files changed" git add . && git diff --quiet && git diff --cached --quiet - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 68298867e9..da4d21d23d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index fbcfb0f45c..dd20013940 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -69,7 +69,7 @@ jobs: env: TRIVY_SKIP_DB_UPDATE: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: sarif_file: 'trivy-ccm-results.sarif' category: azure-cloud-controller-manager-image @@ -85,7 +85,7 @@ jobs: env: TRIVY_SKIP_DB_UPDATE: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: sarif_file: 'trivy-cnm-linux-results.sarif' category: azure-cloud-node-manager-linux-image @@ -101,7 +101,7 @@ jobs: env: TRIVY_SKIP_DB_UPDATE: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v3.29.5 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v3.29.5 with: sarif_file: 'trivy-health-probe-proxy-linux-results.sarif' category: health-probe-proxy-linux-image