build(deps): bump the codeql-action group with 2 updates#59
Conversation
Bumps the codeql-action group with 2 updates: [github/codeql-action/init](https://github.com/github/codeql-action) and [github/codeql-action/analyze](https://github.com/github/codeql-action). Updates `github/codeql-action/init` from 4.37.0 to 4.37.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@99df26d...7188fc3) Updates `github/codeql-action/analyze` from 4.37.0 to 4.37.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@99df26d...7188fc3) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.37.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: codeql-action - dependency-name: github/codeql-action/analyze dependency-version: 4.37.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: codeql-action ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed July 17, 2026, 3:28 AM ET / 07:28 UTC. Summary Reproducibility: not applicable. This PR is a routine GitHub Actions dependency-pin update, not a report of broken runtime behavior. Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Next step before merge
Security Review detailsBest possible solution: Merge the full-SHA v4.37.1 update through the normal dependency-review path while retaining the unchanged workflow permissions and configuration. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR is a routine GitHub Actions dependency-pin update, not a report of broken runtime behavior. Is this the best way to solve the issue? Yes: advancing both CodeQL steps together to the same immutable upstream release commit is the narrowest maintainable update, and the affected scan succeeds. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against a9610b5576fa. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
ClawSweeper status: review started. I am starting a fresh review of this pull request: build(deps): bump the codeql-action group with 2 updates This is item 1/1 in the current shard. Shard 0/1. This placeholder means the worker is alive and reading the current context. I will edit this same comment with the actual review when the claws are done clicking. Crustacean status: shell secured, claws on keyboard, evidence pebbles being sorted. |
Bumps the codeql-action group with 2 updates: github/codeql-action/init and github/codeql-action/analyze.
Updates
github/codeql-action/initfrom 4.37.0 to 4.37.1Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
7188fc3Merge pull request #4020 from github/update-v4.37.1-9e7c07009c8b5f69Update changelog for v4.37.19e7c070Merge pull request #4014 from github/mbg/explicit-remote-prefix3492b7eChangeREMOTE_PATH_PREFIXtoremote=3654baaMerge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix2d682acMerge pull request #4017 from github/dependabot/github_actions/dot-github/wor...23f6a50Merge pull request #4009 from github/mbg/action-state/additions1ee3c75Merge pull request #4018 from github/dependabot/github_actions/dot-github/wor...e053684Merge pull request #4015 from github/dependabot/npm_and_yarn/npm-minor-fd2e83...6803c56Merge pull request #4019 from github/update-bundle/codeql-bundle-v2.26.1Updates
github/codeql-action/analyzefrom 4.37.0 to 4.37.1Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
7188fc3Merge pull request #4020 from github/update-v4.37.1-9e7c07009c8b5f69Update changelog for v4.37.19e7c070Merge pull request #4014 from github/mbg/explicit-remote-prefix3492b7eChangeREMOTE_PATH_PREFIXtoremote=3654baaMerge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix2d682acMerge pull request #4017 from github/dependabot/github_actions/dot-github/wor...23f6a50Merge pull request #4009 from github/mbg/action-state/additions1ee3c75Merge pull request #4018 from github/dependabot/github_actions/dot-github/wor...e053684Merge pull request #4015 from github/dependabot/npm_and_yarn/npm-minor-fd2e83...6803c56Merge pull request #4019 from github/update-bundle/codeql-bundle-v2.26.1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions