Title: Update `glob` to at least `13.0.6` by mbg · Pull Request #3974 · github/codeql-action · GitHub
Open Graph Title: Update `glob` to at least `13.0.6` by mbg · Pull Request #3974 · github/codeql-action
X Title: Update `glob` to at least `13.0.6` by mbg · Pull Request #3974 · github/codeql-action
Description: Dependabot is struggling to update glob since we have an override for it. I checked, and the override is still required since some of our dependencies transitively depend on older versions of glob. This PR bumps glob to a newer version, which allows several other dependency updates as well. Risk assessment For internal use only. Please select the risk level of this change: Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. Which use cases does this change impact? Workflow types: Advanced setup - Impacts users who have custom CodeQL workflows. Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...). Products: Code Scanning - The changes impact analyses when analysis-kinds: code-scanning. Code Quality - The changes impact analyses when analysis-kinds: code-quality. Other first-party - The changes impact other first-party analyses. Third-party analyses - The changes affect the upload-sarif action. Environments: Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency. GHES - Impacts CodeQL workflows on GitHub Enterprise Server. How did/will you validate this change? Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files). End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks). If something goes wrong after this change is released, what are the mitigation and rollback strategies? Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix. How will you know if something goes wrong after this change is released? Telemetry - I rely on existing telemetry or have made changes to the telemetry. Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. Alerts - New or existing monitors will trip if something goes wrong with this change. Are there any special considerations for merging or releasing this change? No special considerations - This change can be merged at any time. Merge / deployment checklist Confirm this change is backwards compatible with existing workflows. Consider adding a changelog entry for this change. Confirm the readme and docs have been updated if necessary.
Open Graph Description: Dependabot is struggling to update glob since we have an override for it. I checked, and the override is still required since some of our dependencies transitively depend on older versions of glob....
X Description: Dependabot is struggling to update glob since we have an override for it. I checked, and the override is still required since some of our dependencies transitively depend on older versions of glob....
Opengraph URL: https://github.com/github/codeql-action/pull/3974
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:c3fd842c-7b97-bd28-dbb7-6ead3378ac06 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | A3EC:DCE25:16FCD90:21443E3:6A4CEE2D |
| html-safe-nonce | daafbaac7805d2b6c1f7c8afadac3e1794e7238f2167124f6d93a6c4d7ae80f6 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBM0VDOkRDRTI1OjE2RkNEOTA6MjE0NDNFMzo2QTRDRUUyRCIsInZpc2l0b3JfaWQiOiIyNjkwNjUwMjIzNjMwMTUxMjEzIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 5c6381c61f175121cc96e2cc2949c428680e3f1fb0101c37eb9da37c3af0d840 |
| hovercard-subject-tag | pull_request:3922109773 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/github/codeql-action/pull/3974/files |
| twitter:image | https://avatars.githubusercontent.com/u/278086?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/278086?s=400&v=4 |
| og:image:alt | Dependabot is struggling to update glob since we have an override for it. I checked, and the override is still required since some of our dependencies transitively depend on older versions of glob.... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 299b43bca6e02ad35197ffeba30d2466846d5fb02ab96fbced5b5e6cec589fb8 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/github/codeql-action git https://github.com/github/codeql-action.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 259445878 |
| octolytics-dimension-repository_nwo | github/codeql-action |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 259445878 |
| octolytics-dimension-repository_network_root_nwo | github/codeql-action |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | efec6750a5afcaeaf5dfcf629f404cf98c8371e3 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width