Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update github/codeql-action action to v2.25.11 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
chore(deps): update github/codeql-action action to v2.25.11
| datasource  | package              | from    | to       |
| ----------- | -------------------- | ------- | -------- |
| github-tags | github/codeql-action | v2.23.1 | v2.25.11 |
plural-renovate[bot] committed Jun 28, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit bc4a22490e9b030743c02f355335d09166dc8e91
2 changes: 1 addition & 1 deletion .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
@@ -31,7 +31,7 @@ jobs:
format: 'sarif'
output: 'trivy-results.sarif'

- uses: github/codeql-action/upload-sarif@4759df8df70c5ebe7042c3029bbace20eee13edd # v2.23.1
- uses: github/codeql-action/upload-sarif@d958b976dc5b990f802df244f2dc5d807113327f # v2.25.11
with:
sarif_file: trivy-results.sarif
category: 'docker-image-${{ matrix.tag }}'

Unchanged files with check annotations Beta

} catch (err) {
// do nothing
}
expect(readme).toBeDefined();

Check failure on line 32 in lib/modules/manager/metadata.spec.ts

GitHub Actions / test (6/16)

modules/manager/metadata › plural has readme with no h1 or h2

expect(received).toBeDefined() Received: undefined at lib/modules/manager/metadata.spec.ts:32:22
const lines = readme!.split('\n');
let isCode = false;
const res: string[] = [];
`;
const fileName = 'Chart.yaml';
const result = extractPackageFile(content, fileName);
expect(result).not.toBeNull();

Check failure on line 26 in lib/modules/manager/plural/extract.spec.ts

GitHub Actions / test (6/16)

modules/manager/plural/extract › extractPackageFile() › skips invalid registry urls

expect(received).not.toBeNull() Received: null at Object.<anonymous> (lib/modules/manager/plural/extract.spec.ts:26:26)
expect(result).toMatchSnapshot();
expect(result?.deps.every((dep) => dep.skipReason)).toBe(true);
});
);
expect(dep?.sourceDirectory).toBeUndefined();
expect(httpMock.getTrace()).toMatchInlineSnapshot(`

Check failure on line 273 in lib/modules/datasource/npm/get.spec.ts

GitHub Actions / test (2/16)

modules/datasource/npm/get › massages non-compliant repository urls

expect(received).toMatchInlineSnapshot(snapshot) Snapshot name: `modules/datasource/npm/get massages non-compliant repository urls 1` - Snapshot - 1 + Received + 1 @@ -3,11 +3,11 @@ "headers": { "accept": "application/json", "accept-encoding": "gzip, deflate, br", "authorization": "***", "host": "test.org", - "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)", + "user-agent": "RenovateBot/1.0.7 (https://github.com/renovatebot/renovate)", }, "method": "GET", "url": "https://test.org/@neutrinojs%2Freact", }, ] at Object.<anonymous> (lib/modules/datasource/npm/get.spec.ts:273:33)
[
{
"headers": {
);
expect(dep?.sourceDirectory).toBe('packages/foo');
expect(httpMock.getTrace()).toMatchInlineSnapshot(`

Check failure on line 419 in lib/modules/datasource/npm/get.spec.ts

GitHub Actions / test (2/16)

modules/datasource/npm/get › does not override sourceDirectory

expect(received).toMatchInlineSnapshot(snapshot) Snapshot name: `modules/datasource/npm/get does not override sourceDirectory 1` - Snapshot - 1 + Received + 1 @@ -3,11 +3,11 @@ "headers": { "accept": "application/json", "accept-encoding": "gzip, deflate, br", "authorization": "***", "host": "test.org", - "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)", + "user-agent": "RenovateBot/1.0.7 (https://github.com/renovatebot/renovate)", }, "method": "GET", "url": "https://test.org/@neutrinojs%2Freact", }, ] at Object.<anonymous> (lib/modules/datasource/npm/get.spec.ts:419:33)
[
{
"headers": {
);
expect(dep?.sourceDirectory).toBeUndefined();
expect(httpMock.getTrace()).toMatchInlineSnapshot(`

Check failure on line 459 in lib/modules/datasource/npm/get.spec.ts

GitHub Actions / test (2/16)

modules/datasource/npm/get › does not massage non-github non-compliant repository urls

expect(received).toMatchInlineSnapshot(snapshot) Snapshot name: `modules/datasource/npm/get does not massage non-github non-compliant repository urls 1` - Snapshot - 1 + Received + 1 @@ -3,11 +3,11 @@ "headers": { "accept": "application/json", "accept-encoding": "gzip, deflate, br", "authorization": "***", "host": "test.org", - "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)", + "user-agent": "RenovateBot/1.0.7 (https://github.com/renovatebot/renovate)", }, "method": "GET", "url": "https://test.org/@neutrinojs%2Freact", }, ] at Object.<anonymous> (lib/modules/datasource/npm/get.spec.ts:459:33)
[
{
"headers": {
return pr.url?.toString() ?? '';
}
throw new Error(`Unsupported platform: ${platform}`);

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › ensures PR when impossible to automerge

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:900:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › ensures PR and adds lock file error comment if no releaseTimestamp

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:963:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › ensures PR and adds lock file error comment if old releaseTimestamp

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:988:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › ensures PR and adds lock file error comment if new releaseTimestamp and branch exists

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1013:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › ensures PR and adds lock file error comment recreate closed

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1061:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › throws and swallows branch errors

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1091:35)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › rebases branch onto new basebranch if baseBranch changed by user

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1121:7)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › branch pr no schedule lockfile (dry run)

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1225:14)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › branch pr no schedule (dry run)

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1268:9)

Check failure on line 85 in lib/modules/manager/plural/callback.ts

GitHub Actions / test (11/16)

workers/repository/update/branch/index › processBranch › branch pr no schedule

Unsupported platform: undefined at getLink (lib/modules/manager/plural/callback.ts:85:9) at Object.getLink [as onPullRequestUpdate] (lib/modules/manager/plural/callback.ts:25:12) at Object.onPullRequestUpdate [as processBranch] (lib/workers/repository/update/branch/index.ts:883:16) at Object.<anonymous> (lib/workers/repository/update/branch/index.spec.ts:1316:14)
}
export { plural };
},
});
const pr = await gitlab.getBranchPr('some-branch');
expect(pr).toMatchSnapshot();

Check failure on line 565 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › getBranchPr(branchName) › should return the PR object

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index getBranchPr(branchName) should return the PR object 1` - Snapshot - 0 + Received + 2 { "bodyStruct": { "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", }, + "creator": undefined, "hasAssignees": false, "headPipelineStatus": undefined, "labels": undefined, "number": 91, "reviewers": undefined, "sha": undefined, "sourceBranch": "some-branch", "state": "open", "targetBranch": "master", "title": "some change", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:565:18)
});
it('should strip draft prefix from title', async () => {
},
});
const pr = await gitlab.getBranchPr('some-branch');
expect(pr).toMatchSnapshot();

Check failure on line 600 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › getBranchPr(branchName) › should strip draft prefix from title

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index getBranchPr(branchName) should strip draft prefix from title 1` - Snapshot - 0 + Received + 2 @@ -1,9 +1,10 @@ { "bodyStruct": { "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", }, + "creator": undefined, "hasAssignees": false, "headPipelineStatus": undefined, "isDraft": true, "labels": undefined, "number": 91, @@ -11,6 +12,7 @@ "sha": undefined, "sourceBranch": "some-branch", "state": "open", "targetBranch": "master", "title": "some change", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:600:18)
});
it('should strip deprecated draft prefix from title', async () => {
},
});
const pr = await gitlab.getBranchPr('some-branch');
expect(pr).toMatchSnapshot();

Check failure on line 635 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › getBranchPr(branchName) › should strip deprecated draft prefix from title

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index getBranchPr(branchName) should strip deprecated draft prefix from title 1` - Snapshot - 0 + Received + 2 @@ -1,9 +1,10 @@ { "bodyStruct": { "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", }, + "creator": undefined, "hasAssignees": false, "headPipelineStatus": undefined, "isDraft": true, "labels": undefined, "number": 91, @@ -11,6 +12,7 @@ "sha": undefined, "sourceBranch": "some-branch", "state": "open", "targetBranch": "master", "title": "some change", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:635:18)
});
});
prBody: 'the-body',
labels: null,
});
expect(pr).toMatchSnapshot();

Check failure on line 1763 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) returns the PR 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1763:18)
});
it('uses default branch', async () => {
prBody: 'the-body',
labels: [],
});
expect(pr).toMatchSnapshot();

Check failure on line 1783 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) uses default branch 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1783:18)
});
it('supports draftPR on < 13.2', async () => {
prBody: 'the-body',
draftPR: true,
});
expect(pr).toMatchSnapshot();

Check failure on line 1803 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) supports draftPR on < 13.2 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "isDraft": true, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1803:18)
});
it('supports draftPR on >= 13.2', async () => {
prBody: 'the-body',
draftPR: true,
});
expect(pr).toMatchSnapshot();

Check failure on line 1823 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) supports draftPR on >= 13.2 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "isDraft": true, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1823:18)
});
it('auto-accepts the MR when requested', async () => {
prBody: 'the-body',
labels: null,
});
expect(pr).toMatchSnapshot();

Check failure on line 1939 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) raises with squash enabled when repository squash option is default_on 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1939:18)
});
it('raises with squash enabled when repository squash option is always', async () => {
prBody: 'the-body',
labels: null,
});
expect(pr).toMatchSnapshot();

Check failure on line 1971 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchSnapshot() Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) raises with squash enabled when repository squash option is always 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:1971:18)
});
it('adds approval rule to ignore all approvals', async () => {
gitLabIgnoreApprovals: true,
},
}),
).toMatchInlineSnapshot(`

Check failure on line 2014 in lib/modules/platform/gitlab/index.spec.ts

GitHub Actions / test (7/16)

modules/platform/gitlab/index › createPr(branchName

expect(received).toMatchInlineSnapshot(snapshot) Snapshot name: `modules/platform/gitlab/index createPr(branchName, title, body) adds approval rule to ignore all approvals 1` - Snapshot - 0 + Received + 2 { + "creator": undefined, "id": 1, "iid": 12345, "number": 12345, "sourceBranch": "some-branch", "title": "some title", + "url": undefined, } at Object.<anonymous> (lib/modules/platform/gitlab/index.spec.ts:2014:9)
{
"id": 1,
"iid": 12345,
decryptedStr = await tryDecrypt(privateKeyOld, eVal, repository);
}
if (!is.nonEmptyString(decryptedStr)) {
const error = new Error('config-validation');

Check failure on line 192 in lib/config/decrypt.ts

GitHub Actions / test (16/16)

config/decrypt › decryptConfig() › handles PGP org constraint

config-validation at decryptConfig (lib/config/decrypt.ts:192:27) at Object.<anonymous> (lib/config/decrypt.spec.ts:156:19)

Check failure on line 192 in lib/config/decrypt.ts

GitHub Actions / test (16/16)

config/decrypt › decryptConfig() › handles PGP multi-org constraint

config-validation at decryptConfig (lib/config/decrypt.ts:192:27) at Object.<anonymous> (lib/config/decrypt.spec.ts:170:17)

Check failure on line 192 in lib/config/decrypt.ts

GitHub Actions / test (16/16)

config/decrypt › decryptConfig() › handles PGP org/repo constraint

config-validation at decryptConfig (lib/config/decrypt.ts:192:27) at Object.<anonymous> (lib/config/decrypt.spec.ts:187:19)

Check failure on line 192 in lib/config/decrypt.ts

GitHub Actions / test (16/16)

config/decrypt › decryptConfig() › handles PGP multi-org/repo constraint

config-validation at decryptConfig (lib/config/decrypt.ts:192:27) at Object.<anonymous> (lib/config/decrypt.spec.ts:201:17)
error.validationError = `Failed to decrypt field ${eKey}. Please re-encrypt and try again.`;
throw error;
}
delete err.stack;
// sanitize like Bunyan
expect(sanitizeValue(err)).toMatchSnapshot({

Check failure on line 102 in lib/logger/err-serializer.spec.ts

GitHub Actions / test (16/16)

logger/err-serializer › got › sanitize http error

expect(received).toMatchSnapshot(properties) Snapshot name: `logger/err-serializer got sanitize http error 1` - Snapshot - 1 + Received + 1 @@ -4,11 +4,11 @@ "name": "HTTPError", "options": { "headers": { "accept": "application/json", "accept-encoding": "gzip, deflate, br", - "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)", + "user-agent": "RenovateBot/1.0.7 (https://github.com/renovatebot/renovate)", }, "hostType": "any", "http2": false, "method": "POST", "password": "***********", at Object.<anonymous> (lib/logger/err-serializer.spec.ts:102:34)
name: 'HTTPError',
options: {
method: 'POST',