dependabot[bot]
a7805e2da8
meta: bump github/codeql-action from 4.31.3 to 4.31.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 4.31.3 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: https://github.com/nodejs/node/pull/60926
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2025-12-03 20:38:56 +00:00
dependabot[bot]
861ef97bf1
meta: bump actions/checkout from 5.0.1 to 6.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.1
to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: https://github.com/nodejs/node/pull/60925
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2025-12-03 20:38:44 +00:00
dependabot[bot]
f65fc956d7
meta: bump github/codeql-action from 4.31.2 to 4.31.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...014f16e7abhttps://github.com/nodejs/node/pull/60770
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Xuguang Mei <meixuguang@gmail.com>
2025-11-20 08:14:30 +00:00
dependabot[bot]
93fc88036f
meta: bump actions/checkout from 5.0.0 to 5.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...93cb6efe18https://github.com/nodejs/node/pull/60767
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2025-11-20 08:02:02 +00:00
dependabot[bot]
39b6424e49
meta: bump github/codeql-action from 3.30.5 to 4.31.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...0499de31b9https://github.com/nodejs/node/pull/60533
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2025-11-03 18:15:45 +00:00
dependabot[bot]
f4bc574e9b
meta: bump github/codeql-action from 3.30.0 to 3.30.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...3599b3baa1https://github.com/nodejs/node/pull/60089
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2025-10-03 18:52:34 +00:00
dependabot[bot]
66fcca4328
meta: bump github/codeql-action from 3.29.2 to 3.30.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.2 to 3.30.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](181d5eefc2...2d92b76c45https://github.com/nodejs/node/pull/59728
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2025-09-04 11:42:21 +00:00
dependabot[bot]
92f4c47aea
meta: bump actions/checkout from 4.2.2 to 5.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8https://github.com/nodejs/node/pull/59725
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
2025-09-04 11:25:33 +00:00
dependabot[bot]
e13d15d614
meta: bump github/codeql-action from 3.28.18 to 3.29.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.18 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ff0a06e83c...181d5eefc2https://github.com/nodejs/node/pull/58922
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2025-07-04 12:33:28 +00:00
dependabot[bot]
ff8c4091d5
meta: bump github/codeql-action from 3.28.16 to 3.28.18
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.16 to 3.28.18.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28deaeda66...ff0a06e83chttps://github.com/nodejs/node/pull/58552
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2025-06-07 09:07:04 +00:00
dependabot[bot]
3067874ba1
meta: bump github/codeql-action from 3.28.11 to 3.28.16
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.11 to 3.28.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3.28.11...28deaeda66b76a05916b6923827895f2b14ab387 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.28.16
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
PR-URL: https://github.com/nodejs/node/pull/58112
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2025-05-25 18:23:52 +00:00
Rich Trott
067a779f17
tools: enable CodeQL config file
...
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.
Refs: https://github.com/nodejs/node/pull/57978#issuecomment-2829182983
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: https://github.com/nodejs/node/pull/58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2025-04-28 13:34:47 +00:00
Rich Trott
1b5b12c3e6
tools: ignore test directory in CodeQL scans
...
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.
PR-URL: https://github.com/nodejs/node/pull/57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2025-04-24 18:52:25 +00:00
Rafael Gonzaga
78fd82b77b
tools: add codeql nightly
...
Refs: https://github.com/nodejs/node/pull/57535
PR-URL: https://github.com/nodejs/node/pull/57788
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2025-04-14 17:22:32 +00:00
