From 82e84f4654de8307f923c7040ec8874085afe3ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Apr 2023 23:09:23 -0500
Subject: [PATCH] Bump github/codeql-action from 2.3.0 to 2.3.1 (#64)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.3.0 to 2.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
<li>Bump the minimum CodeQL bundle version to 2.8.5. <a
href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li>
</ul>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment
variable in the telemetry sent to GitHub. <a
href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default
setup</a>. The CodeQL Action will now upload diagnostic information to
Code Scanning from failed runs configured using default setup. You can
view this diagnostic information on the <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool
status page</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the
<code>analyze</code> Action before uploading it to Code Scanning will
benefit from an improved debugging experience. <a
href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging
information to Code Scanning on failed runs for customers using
<code>upload: false</code>. Previously, this was only available for
customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now
accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF
file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers
post-processing the SARIF file before uploading it to Code Scanning.
This option uploads debugging information to Code Scanning for failed
runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning
even if the code scanning run fails. This is not recommended for
external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be
interpreted as <code>always</code> and <code>failure-only</code>
respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a
href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4. <a
href="https://redirect.github.com/github/codeql-action/pull/1561">#1561</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/8662eabe0e9f338a07350b7fd050732745f93848"><code>8662eab</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1659">#1659</a>
from github/update-v2.3.1-da583b07a</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f2f707d999190f10a1f8a336f3d6e7972cbf00a"><code>1f2f707</code></a>
Update changelog for v2.3.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/da583b07a7c587e17604358c799ad8adf110f3e4"><code>da583b0</code></a>
Add <code>workload_run_attempt</code> to analysis upload (<a
href="https://redirect.github.com/github/codeql-action/issues/1658">#1658</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/a9648ea7c684e61497d9a56b7b560a9640298dce"><code>a9648ea</code></a>
Throw full error for CLI bundle download (<a
href="https://redirect.github.com/github/codeql-action/issues/1657">#1657</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/c5f3f016aedaa90345726465387734d1941bdb3a"><code>c5f3f01</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1656">#1656</a>
from github/mergeback/v2.3.0-to-main-b2c19fb9</li>
<li><a
href="https://github.com/github/codeql-action/commit/90f053271ec2d427908d5d8b1448bdcd355bfd62"><code>90f0532</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/0f085f964c8c7e0946c4565866839149bb19b5eb"><code>0f085f9</code></a>
Update changelog and version after v2.3.0</li>
<li>See full diff in <a
href="https://github.com/github/codeql-action/compare/v2.3.0...8662eabe0e9f338a07350b7fd050732745f93848">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml    | 6 +++---
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index da209a987..cd16828fc 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -40,17 +40,17 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0
+        uses: github/codeql-action/init@8662eabe0e9f338a07350b7fd050732745f93848 # v2.3.1
         with:
           languages: ${{ matrix.language }}
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0
+        uses: github/codeql-action/autobuild@8662eabe0e9f338a07350b7fd050732745f93848 # v2.3.1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0
+        uses: github/codeql-action/analyze@8662eabe0e9f338a07350b7fd050732745f93848 # v2.3.1
         with:
           category: "/language:${{matrix.language}}"
 
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 67faea08a..1db4fe064 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@8662eabe0e9f338a07350b7fd050732745f93848 # v2.2.4
         with:
           sarif_file: results.sarif