Latest Results
Bump the actions-non-major group with 7 updates (#268)
Bumps the actions-non-major group with 7 updates:
| Package | From | To |
| --- | --- | --- |
| [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) |
`2.7.8` | `2.8.0` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) |
`2.52.4` | `2.56.0` |
|
[actions/attest-build-provenance](https://github.com/actions/attest-build-provenance)
| `2.3.0` | `2.4.0` |
|
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
| `3.10.0` | `3.11.1` |
|
[EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action)
| `2.0.11` | `2.0.12` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.28.18` | `3.29.2` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.32.0` |
`1.34.0` |
Updates `Swatinem/rust-cache` from 2.7.8 to 2.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/swatinem/rust-cache/releases">Swatinem/rust-cache's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add cache-workspace-crates feature by <a
href="https://github.com/jbransen"><code>@jbransen</code></a> in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/246">Swatinem/rust-cache#246</a></li>
<li>Feat: support warpbuild cache provider by <a
href="https://github.com/stegaBOB"><code>@stegaBOB</code></a> in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/247">Swatinem/rust-cache#247</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jbransen"><code>@jbransen</code></a>
made their first contribution in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/246">Swatinem/rust-cache#246</a></li>
<li><a href="https://github.com/stegaBOB"><code>@stegaBOB</code></a>
made their first contribution in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/247">Swatinem/rust-cache#247</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0">https://github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md">Swatinem/rust-cache's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>2.8.0</h2>
<ul>
<li>Add support for <code>warpbuild</code> cache provider</li>
<li>Add new <code>cache-workspace-crates</code> feature</li>
</ul>
<h2>2.7.8</h2>
<ul>
<li>Include CPU arch in the cache key</li>
</ul>
<h2>2.7.7</h2>
<ul>
<li>Also cache <code>cargo install</code> metadata</li>
</ul>
<h2>2.7.6</h2>
<ul>
<li>Allow opting out of caching $CARGO_HOME/bin</li>
<li>Add runner OS in cache key</li>
<li>Adds an option to do lookup-only of the cache</li>
</ul>
<h2>2.7.5</h2>
<ul>
<li>Support Cargo.lock format cargo-lock v4</li>
<li>Only run macOsWorkaround() on macOS</li>
</ul>
<h2>2.7.3</h2>
<ul>
<li>Work around upstream problem that causes cache saving to hang for
minutes.</li>
</ul>
<h2>2.7.2</h2>
<ul>
<li>Only key by <code>Cargo.toml</code> and <code>Cargo.lock</code>
files of workspace members.</li>
</ul>
<h2>2.7.1</h2>
<ul>
<li>Update toml parser to fix parsing errors.</li>
</ul>
<h2>2.7.0</h2>
<ul>
<li>Properly cache <code>trybuild</code> tests.</li>
</ul>
<h2>2.6.2</h2>
<ul>
<li>Fix <code>toml</code> parsing.</li>
</ul>
<h2>2.6.1</h2>
<ul>
<li>Fix hash contributions of
<code>Cargo.lock</code>/<code>Cargo.toml</code> files.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/98c8021b550208e191a6a3145459bfc9fb29c4c0"><code>98c8021</code></a>
2.8.0</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/14d3bc39c43eec8ca2cd08dd0805a32ee0cb3666"><code>14d3bc3</code></a>
update Changelog</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/52ea1434f87f7081841d430fb7b1235754488e51"><code>52ea143</code></a>
support warpbuild cache provider (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/247">#247</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/eaa85be6b1bfdc6616fd14d8916fc5aa0435e435"><code>eaa85be</code></a>
Add cache-workspace-crates feature (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/246">#246</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/901019c0f83889e6f8eaa395f97093151c05c4b0"><code>901019c</code></a>
Update the test lockfiles</li>
<li>See full diff in <a
href="https://github.com/swatinem/rust-cache/compare/9d47c6ad4b02e050fd481d890b2ea34778fd09d6...98c8021b550208e191a6a3145459bfc9fb29c4c0">compare
view</a></li>
</ul>
</details>
<br />
Updates `taiki-e/install-action` from 2.52.4 to 2.56.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.56.0</h2>
<ul>
<li>Support <code>coreutils</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/1017">#1017</a>,
thanks <a
href="https://github.com/jayvdb"><code>@jayvdb</code></a>)</li>
</ul>
<h2>2.55.4</h2>
<ul>
<li>
<p>Update <code>trivy@latest</code> to 0.64.0.</p>
</li>
<li>
<p>Update <code>just@latest</code> to 1.41.0.</p>
</li>
</ul>
<h2>2.55.3</h2>
<ul>
<li>Update <code>dprint@latest</code> to 0.50.1.</li>
</ul>
<h2>2.55.2</h2>
<ul>
<li>
<p>Update <code>zizmor@latest</code> to 1.11.0.</p>
</li>
<li>
<p>Update <code>cargo-dinghy@latest</code> to 0.8.1.</p>
</li>
</ul>
<h2>2.55.1</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.17.1.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.34.0.</p>
</li>
</ul>
<h2>2.55.0</h2>
<ul>
<li>
<p>Support <code>vacuum</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/1016">#1016</a>,
thanks <a
href="https://github.com/jayvdb"><code>@jayvdb</code></a>)</p>
</li>
<li>
<p>Update <code>cargo-shear@latest</code> to 1.3.2.</p>
</li>
</ul>
<h2>2.54.3</h2>
<ul>
<li>Update <code>cargo-careful@latest</code> to 0.4.8.</li>
</ul>
<h2>2.54.2</h2>
<ul>
<li>
<p>Update <code>rclone@latest</code> to 1.70.2.</p>
</li>
<li>
<p>Update <code>zizmor@latest</code> to 1.10.0.</p>
</li>
</ul>
<h2>2.54.1</h2>
<ul>
<li>
<p>Update <code>wasmtime@latest</code> to 34.0.1.</p>
</li>
<li>
<p>Update <code>cargo-tarpaulin@latest</code> to 0.32.8.</p>
</li>
<li>
<p>Update <code>knope@latest</code> to 0.21.0.</p>
</li>
</ul>
<h2>2.54.0</h2>
<ul>
<li>
<p>Add <code>cyclonedx</code> (<a
href="https://redirect.github.com/taiki-e/install-action/pull/1000">#1000</a>,
thanks <a
href="https://github.com/jayvdb"><code>@jayvdb</code></a>)</p>
</li>
<li>
<p>Update <code>wasmtime@latest</code> to 34.0.0.</p>
</li>
<li>
<p>Update <code>rclone@latest</code> to 1.70.1.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.14.1.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<h2>[2.56.0] - 2025-07-01</h2>
<ul>
<li>Support <code>coreutils</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/1017">#1017</a>,
thanks <a
href="https://github.com/jayvdb"><code>@jayvdb</code></a>)</li>
</ul>
<h2>[2.55.4] - 2025-07-01</h2>
<ul>
<li>
<p>Update <code>trivy@latest</code> to 0.64.0.</p>
</li>
<li>
<p>Update <code>just@latest</code> to 1.41.0.</p>
</li>
</ul>
<h2>[2.55.3] - 2025-06-30</h2>
<ul>
<li>Update <code>dprint@latest</code> to 0.50.1.</li>
</ul>
<h2>[2.55.2] - 2025-06-30</h2>
<ul>
<li>
<p>Update <code>zizmor@latest</code> to 1.11.0.</p>
</li>
<li>
<p>Update <code>cargo-dinghy@latest</code> to 0.8.1.</p>
</li>
</ul>
<h2>[2.55.1] - 2025-06-30</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.17.1.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.34.0.</p>
</li>
</ul>
<h2>[2.55.0] - 2025-06-30</h2>
<ul>
<li>
<p>Support <code>vacuum</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/1016">#1016</a>,
thanks <a
href="https://github.com/jayvdb"><code>@jayvdb</code></a>)</p>
</li>
<li>
<p>Update <code>cargo-shear@latest</code> to 1.3.2.</p>
</li>
</ul>
<h2>[2.54.3] - 2025-06-28</h2>
<ul>
<li>Update <code>cargo-careful@latest</code> to 0.4.8.</li>
</ul>
<h2>[2.54.2] - 2025-06-27</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/taiki-e/install-action/commit/0eee80d37f55e834144deec670972c19e81a85b0"><code>0eee80d</code></a>
Release 2.56.0</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/26f60eede8f601ce8fe13feaa1203df2a2ecb259"><code>26f60ee</code></a>
Update changelog</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/c4c7f93a2f347a041a78da699a43021bf8361477"><code>c4c7f93</code></a>
Add coreutils (<a
href="https://redirect.github.com/taiki-e/install-action/issues/1017">#1017</a>)</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/b3a78f63e98edea84875a27f5fe0a58ff321ebe4"><code>b3a78f6</code></a>
Release 2.55.4</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/317f4ffb0d14d6ea9ec109b44d340aff41978549"><code>317f4ff</code></a>
Update <code>trivy@latest</code> to 0.64.0</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/7acec7942cb41ee0cf397654c0826300119f8986"><code>7acec79</code></a>
Update <code>just@latest</code> to 1.41.0</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/9ca1734d8940023f074414ee621fd530c4ce10f2"><code>9ca1734</code></a>
Release 2.55.3</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/03194083f74089f1234ff81feb1ee39230ce1745"><code>0319408</code></a>
Update <code>dprint@latest</code> to 0.50.1</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/078fd1effed2a5b798f878af03e5dd4885768dc1"><code>078fd1e</code></a>
Release 2.55.2</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/70afd9d53f23ef626d07de54e3299412db73fcaf"><code>70afd9d</code></a>
Update <code>zizmor@latest</code> to 1.11.0</li>
<li>Additional commits viewable in <a
href="https://github.com/taiki-e/install-action/compare/735e5933943122c5ac182670a935f54a949265c1...0eee80d37f55e834144deec670972c19e81a85b0">compare
view</a></li>
</ul>
</details>
<br />
Updates `actions/attest-build-provenance` from 2.3.0 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/attest-build-provenance/releases">actions/attest-build-provenance's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/633">actions/attest-build-provenance#633</a></li>
<li>Bump actions/attest from 2.3.0 to <a
href="https://github.com/actions/attest/releases/tag/v2.4.0">2.4.0</a>
by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in
<a
href="https://redirect.github.com/actions/attest-build-provenance/pull/654">actions/attest-build-provenance#654</a>
<ul>
<li>Includes support for the new well-known summary file which will
accumulate paths to all attestations generated in a given workflow
run</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest-build-provenance/compare/v2.3.0...v2.4.0">https://github.com/actions/attest-build-provenance/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/e8998f949152b193b063cb0ec769d69d929409be"><code>e8998f9</code></a>
bump actions/attest from 2.3.0 to 2.4.0 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/654">#654</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/11c67f22cd5a3968528de1f8de4bb4487ee5306e"><code>11c67f2</code></a>
Bump the npm-development group across 1 directory with 6 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/649">#649</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/39cb715ce0ddd23df1f705e863f642bfb72dfb2b"><code>39cb715</code></a>
Bump the npm-development group across 1 directory with 7 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/641">#641</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/7d91c4030d8fdc376f87f022d8ca01fe8bf07fcd"><code>7d91c40</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/633">#633</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/d848170917c12653fb344e617a79614f36d13e00"><code>d848170</code></a>
Bump super-linter/super-linter in the actions-minor group (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/640">#640</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/0ca36ea29fc5b46379679e3d2a9ce33a62c57e04"><code>0ca36ea</code></a>
Bump the npm-development group with 7 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/582">#582</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/d82e7cd0c70d3e7b2615badc4d8824ca0b098d86"><code>d82e7cd</code></a>
offboard from eslint in superlinter (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/618">#618</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/attest-build-provenance/compare/db473fddc028af60658334401dc6fa3ffd8669fd...e8998f949152b193b063cb0ec769d69d929409be">compare
view</a></li>
</ul>
</details>
<br />
Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.11.1</h2>
<ul>
<li>Fix <code>keep-state</code> not being respected by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/429">docker/setup-buildx-action#429</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1">https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1</a></p>
<h2>v3.11.0</h2>
<ul>
<li>Keep BuildKit state support by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/427">docker/setup-buildx-action#427</a></li>
<li>Remove aliases created when installing by default by <a
href="https://github.com/hashhar"><code>@hashhar</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/139">docker/setup-buildx-action#139</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/422">docker/setup-buildx-action#422</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/425">docker/setup-buildx-action#425</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0">https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/e468171a9de216ec08956ac3ada2f0791b6bd435"><code>e468171</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/429">#429</a>
from crazy-max/fix-keep-state</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/a3e7502fd02828f4a26a8294ad2621a6c2204952"><code>a3e7502</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/b145473295476dbef957d01d109fe7810b511c95"><code>b145473</code></a>
fix keep-state not being respected</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0"><code>18ce135</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/425">#425</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/0e198e93af3b40a76583e851660b876e62b3a155"><code>0e198e9</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/05f3f3ac108784e8fb56815c12fbfcf2d0ed660f"><code>05f3f3a</code></a>
build(deps): bump <code>@docker/actions-toolkit</code> from 0.61.0 to
0.62.1</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/622913496df23a5293cfb3418e5836ee4dd28f3a"><code>6229134</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/427">#427</a>
from crazy-max/keep-state</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/c6f6a0702519e6c47b71b117b24c0c1c130fdf32"><code>c6f6a07</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/6c5e29d8485c56f3f8d1cb2197b657959dd6e032"><code>6c5e29d</code></a>
skip builder creation if one already exists with the same name</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/548b2977492e10f459d0f0df8bee7ce3c5937792"><code>548b297</code></a>
ci: keep-state check</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...e468171a9de216ec08956ac3ada2f0791b6bd435">compare
view</a></li>
</ul>
</details>
<br />
Updates `EmbarkStudios/cargo-deny-action` from 2.0.11 to 2.0.12
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/EmbarkStudios/cargo-deny-action/commit/30f817c6f72275c6d54dc744fbca09ebc958599f"><code>30f817c</code></a>
Bump to 0.18.3</li>
<li><a
href="https://github.com/EmbarkStudios/cargo-deny-action/commit/6e6dcaa32fbf6bd330c20bc0068f950de9d85f73"><code>6e6dcaa</code></a>
Add Defguard to "repositories using this action" (<a
href="https://redirect.github.com/embarkstudios/cargo-deny-action/issues/100">#100</a>)</li>
<li>See full diff in <a
href="https://github.com/embarkstudios/cargo-deny-action/compare/34899fc7ba81ca6268d5947a7a16b4649013fea1...30f817c6f72275c6d54dc744fbca09ebc958599f">compare
view</a></li>
</ul>
</details>
<br />
Updates `github/codeql-action` from 3.28.18 to 3.29.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.29.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the
<code>init</code> action is provided with an argument, separate
<code>.quality.sarif</code> files are produced and uploaded for each
language with the results of the specified queries. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.29.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code>
query filter fails to exclude non-included queries. <a
href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.29.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.19</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the
<code>init</code> action is provided with an argument, separate
<code>.quality.sarif</code> files are produced and uploaded for each
language with the results of the specified queries. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li>
</ul>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code>
query filter fails to exclude non-included queries. <a
href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li>
</ul>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b"><code>181d5ee</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2957">#2957</a>
from github/update-v3.29.2-4c57370d0</li>
<li><a
href="https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca"><code>c77386a</code></a>
Fix changelog PR number</li>
<li><a
href="https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b"><code>8d43d4e</code></a>
Update changelog for v3.29.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a"><code>4c57370</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2935">#2935</a>
from github/mbg/interpret-cq-results</li>
<li><a
href="https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c"><code>2830b75</code></a>
Add changelog entry</li>
<li><a
href="https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c"><code>aa72dda</code></a>
Merge branch 'main' into mbg/interpret-cq-results</li>
<li><a
href="https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551"><code>65d1e45</code></a>
Rename <code>SARIF_UPLOAD_ENDPOINT</code> members</li>
<li><a
href="https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f"><code>362ebf8</code></a>
Check both SARIF files in <code>quality-queries.yml</code> test</li>
<li><a
href="https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab"><code>10a3e4b</code></a>
Fix formatting</li>
<li><a
href="https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae"><code>8593ea6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2954">#2954</a>
from github/mergeback/v3.29.1-to-main-39edc492</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...181d5eefc20863364f96762470ba6f862bdef56b">compare
view</a></li>
</ul>
</details>
<br />
Updates `crate-ci/typos` from 1.32.0 to 1.34.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.34.0</h2>
<h2>[1.34.0] - 2025-06-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1309">June
2025</a> changes</li>
</ul>
<h2>v1.33.1</h2>
<h2>[1.33.1] - 2025-06-02</h2>
<h3>Fixes</h3>
<ul>
<li><em>(dict)</em> Don't correct <code>wasn't</code> to
<code>wasm't</code></li>
</ul>
<h2>v1.33.0</h2>
<h2>[1.33.0] - 2025-06-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1290">May
2025</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.34.0] - 2025-06-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1309">June
2025</a> changes</li>
</ul>
<h2>[1.33.1] - 2025-06-02</h2>
<h3>Fixes</h3>
<ul>
<li><em>(dict)</em> Don't correct <code>wasn't</code> to
<code>wasm't</code></li>
</ul>
<h2>[1.33.0] - 2025-06-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1290">May
2025</a> changes</li>
</ul>
<h2>[1.32.0] - 2025-05-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1264">April
2025</a> changes</li>
</ul>
<h2>[1.31.2] - 2025-04-28</h2>
<h3>Fixes</h3>
<ul>
<li><em>(exclusion)</em> Don't confused emails as base64</li>
<li><em>(dict)</em> Correct <code>contamint</code> to
<code>contaminant</code>, not <code>contaminat</code></li>
<li><em>(dict)</em> Correct <code>contamints</code> to
<code>contaminants</code>, not <code>contaminats</code></li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve tokenization performance</li>
</ul>
<h2>[1.31.1] - 2025-03-31</h2>
<h3>Fixes</h3>
<ul>
<li><em>(dict)</em> Also correct <code>typ</code> to
<code>type</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/392b78fe18a52790c53f42456e46124f77346842"><code>392b78f</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/34b60f1f88de8e54cacf5e81696626cdd93e4a86"><code>34b60f1</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/8b9670a614739811a6d950685c45b739b7c12060"><code>8b9670a</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a6e61180eb1d93e26419981971518de3646105d3"><code>a6e6118</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1332">#1332</a>
from epage/juune</li>
<li><a
href="https://github.com/crate-ci/typos/commit/92f481e38a40eeae0e1cbee5c99e5805bd282d46"><code>92f481e</code></a>
feat(dict): June 2025 updates</li>
<li><a
href="https://github.com/crate-ci/typos/commit/fb1f64595962a79113c92d4879e6b3b2e8f524b4"><code>fb1f645</code></a>
chore(deps): Update Rust Stable to v1.88 (<a
href="https://redirect.github.com/crate-ci/typos/issues/1330">#1330</a>)</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ebc6aac34e3692b3ce373e13f4145e8980875396"><code>ebc6aac</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1327">#1327</a>
from not-my-profile/fix-typo-in-error</li>
<li><a
href="https://github.com/crate-ci/typos/commit/e359d71a7fe98d06e3936fecd1338ef3f9d26938"><code>e359d71</code></a>
fix(cli): Correct config field reference in error message</li>
<li><a
href="https://github.com/crate-ci/typos/commit/022bdbe8ce21237ca3a95659bd6b8aef48389b9f"><code>022bdbe</code></a>
chore(ci): Update from windows-2019</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ed74f4ebbb4bb7e504ae669d8184b476bdf0a50a"><code>ed74f4e</code></a>
chore(ci): Update from windows-2019</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/0f0ccba9ed1df83948f0c15026e4f5ccfce46109...392b78fe18a52790c53f42456e46124f77346842">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marvin Vogt <m@rvinvogt.com> Active Branches
#560%
© 2025 CodSpeed Technology