From 819690e204dd5488eade1afc06a37853388b174a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 00:10:05 +0000 Subject: [PATCH] Bump github/codeql-action from 3.27.5 to 3.28.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.5 to 3.28.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.27.5...v3.28.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/default.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml index 2a4734e..61f5e9a 100644 --- a/.github/workflows/default.yml +++ b/.github/workflows/default.yml @@ -56,7 +56,7 @@ jobs: run: cp .github/workflows/config/settings.xml ${HOME}/.m2/settings.xml - name: Initialize CodeQL - uses: github/codeql-action/init@v3.27.5 + uses: github/codeql-action/init@v3.28.0 with: languages: java queries: security-and-quality @@ -77,7 +77,7 @@ jobs: NEXUS_GITHUB_ACTIONS_READONLY_TOKEN: ${{ secrets.NEXUS_GITHUB_ACTIONS_READONLY_TOKEN }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.27.5 + uses: github/codeql-action/analyze@v3.28.0 with: category: '/language:java' @@ -94,7 +94,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: github.event_name != 'pull_request' - uses: github/codeql-action/upload-sarif@v3.27.5 + uses: github/codeql-action/upload-sarif@v3.28.0 with: sarif_file: trivy-results.sarif