Skip to content

chore(deps): update github/codeql-action digest to 338146c #5200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 31, 2025
Merged

chore(deps): update github/codeql-action digest to 338146c #5200

merged 2 commits into from
Oct 31, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 31, 2025

This PR contains the following updates:

Package Type Update Change
github/codeql-action action digest 9bd8638 -> 338146c

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Oct 31, 2025

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

  • Branch has one or more failed status checks

@github-actions
Copy link
Contributor

github-actions bot commented Oct 31, 2025

Code Review: CodeQL Action Digest Update ✅

This PR updates the github/codeql-action from digest 9bd8638 to 338146c.

Analysis

Change Summary:

  • Updates two uses of github/codeql-action in .github/workflows/build.yml:
    • codeql-action/init@338146ca93283a2901a142d408241096146019b5
    • codeql-action/analyze@338146ca93283a2901a142d408241096146019b5

What Changed in CodeQL Action:
The updated digest corresponds to PR #3264: "Create immutable action version on tag push"

  • Type: Maintenance/workflow improvement
  • Impact: Internal release CI process simplification
  • Risk: Low - affects only CodeQL Action's own release process, not functionality

Status Check Summary

CodeQL Analysis: Passed
⚠️ TruffleHog: Failed with exit code 183 (32 unverified secrets found)
Other Build Jobs: In progress/queued

Important Note: The TruffleHog failure is NOT related to this CodeQL digest update. The unverified secrets detected are in the existing codebase, not introduced by this PR.

Recommendation

APPROVE

This is a routine dependency update with:

  • Low risk profile
  • Maintenance-only changes to CodeQL Action's internal processes
  • No breaking changes
  • No security concerns introduced by this change

The TruffleHog failure should be addressed separately as it represents pre-existing issues in the codebase, not issues introduced by this PR.

🤖 Generated with Claude Code

Co-Authored-By: Claude [email protected]

@github-actions
Copy link
Contributor

github-actions bot commented Oct 31, 2025

Additional Note: Cargo.lock Update ⚠️

I noticed the second commit (fdd4eb0) updates oxidation/Cargo.lock:

  • cc crate: 1.2.431.2.44

Concern:
Version 1.2.44 of the cc crate does not appear to exist yet on crates.io.

Possible Causes:

  1. Pre-release/yanked version: The version may have been published briefly and then yanked
  2. Renovate anticipation: Renovate may have detected the version in the registry index before it was fully published
  3. Cargo.lock generation issue: The lock file may have been generated with an unreleased version

Recommendation:

  • CodeQL digest update is fine - proceed with that change
  • ⚠️ Investigate the cc 1.2.44 version - verify this version exists or revert to 1.2.43
  • Consider checking if cargo update in the oxidation/ directory reproduces this change

Action Items:

cd oxidation
cargo update --dry-run --package cc

This will show what version cargo resolves for the cc crate.

🤖 Generated with Claude Code

Co-Authored-By: Claude [email protected]

@github-actions
Copy link
Contributor

github-actions bot commented Oct 31, 2025

Correction: Cargo.lock Update is Valid ✅

I need to correct my previous comment. Version 1.2.44 of the cc crate DOES exist and was released today (October 31, 2025).

cc 1.2.44 Release Notes

Changes:

  1. Debug assertion fix - Resolved debug assertion error related to environment/ABI mismatches
  2. Cross-compilation improvement - Fixed invalid target being passed to llvm-mingw's cross-compilation wrappers
  3. Changelog update - Updated documentation from 1.2.43

Source: GitHub Release

Assessment

Both updates in this PR are valid and safe:

  • CodeQL action digest update - Maintenance-only change
  • cc crate 1.2.43 → 1.2.44 - Bug fixes for debug assertions and cross-compilation

Final Recommendation: APPROVE AND MERGE

Both dependency updates are low-risk improvements with no breaking changes.

🤖 Generated with Claude Code

Co-Authored-By: Claude [email protected]

@asakatida asakatida merged commit 2d3a052 into stable Oct 31, 2025
@asakatida asakatida deleted the renovate-github-codeql-action-digest branch October 31, 2025 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asakatida