Skip to content

Bump github/codeql-action from 2.2.9 to 2.2.12 #3711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 15, 2023
Merged

Bump github/codeql-action from 2.2.9 to 2.2.12 #3711

merged 2 commits into from
Apr 15, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2023

Bumps github/codeql-action from 2.2.9 to 2.2.12.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.2.12 - 13 Apr 2023

  • Include the value of the GITHUB_RUN_ATTEMPT environment variable in the telemetry sent to GitHub. #1640
  • Improve the ease of debugging failed runs configured using default setup. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the tool status page. #1619

2.2.11 - 06 Apr 2023

No user facing changes.

2.2.10 - 05 Apr 2023

  • Update default CodeQL bundle version to 2.12.6. #1629

2.2.9 - 27 Mar 2023

  • Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
    • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
    • The upload input to the analyze Action now accepts the following values:
      • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
      • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
      • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
      • The legacy true and false options will be interpreted as always and failure-only respectively.

2.2.8 - 22 Mar 2023

  • Update default CodeQL bundle version to 2.12.5. #1585

2.2.7 - 15 Mar 2023

No user facing changes.

2.2.6 - 10 Mar 2023

  • Update default CodeQL bundle version to 2.12.4. #1561

2.2.5 - 24 Feb 2023

  • Update default CodeQL bundle version to 2.12.3. #1543

2.2.4 - 10 Feb 2023

No user facing changes.

2.2.3 - 08 Feb 2023

... (truncated)

Commits
  • 7df0ce3 Merge pull request #1646 from github/update-v2.2.12-d944b3423
  • fbedeca Update changelog for v2.2.12
  • d944b34 Merge pull request #1619 from github/henrymercer/default-setup-workflow
  • e3210d8 Add changelog note
  • 599f492 Allow passing the workflow via an environment variable
  • ed6c499 Merge pull request #1645 from github/henrymercer/remove-dependencies
  • c2b5d64 Require xml2js >=0.5.0 to address CVE-2023-0842
  • 9c13316 Remove unused dependencies
  • 98f7bbd Add workflow_run_attempt data to status report (#1640)
  • d7b9dcd Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1643)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/codeql-action from 2.2.9 to 2.2.12
b48f5a0 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@04df126...7df0ce3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added team Infra upgrades, team productivity, code health, technical debt. See also team: labels. team: infra Infrastructure like devicelab, Cirrus, or LUCI. labels Apr 14, 2023
@dependabot dependabot bot requested review from godofredoc and Hixie April 14, 2023 09:00
@dependabot dependabot bot mentioned this pull request Apr 14, 2023
Closed
@godofredoc godofredoc added the autosubmit Merge PR when tree becomes green via auto submit App label Apr 15, 2023
@auto-submit auto-submit bot merged commit e2c3677 into main Apr 15, 2023
@auto-submit auto-submit bot deleted the dependabot/github_actions/github/codeql-action-2.2.12 branch April 15, 2023 04:45
Mairramer added a commit to Mairramer/packages that referenced this pull request Apr 16, 2023
@Mairramer
[camera] Provides a default exposure point if null
941e115 
[camera] fix format

Bump actions/checkout from 3.5.0 to 3.5.2 (flutter#3710)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v3.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: Use correct API url / endpoint in GHES by <a href="https://github.com/fhammerl"><code>@�fhammerl</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1289">actions/checkout#1289</a> based on <a href="https://redirect.github.com/actions/checkout/issues/1286">#1286</a> by <a href="https://github.com/1newsr"><code>@�1newsr</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2</a></p>
<h2>v3.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Improve checkout performance on Windows runners by upgrading <code>@�actions/github</code> dependency by <a href="https://github.com/BrettDong"><code>@�BrettDong</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/BrettDong"><code>@�BrettDong</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li>
<li><a href="https://github.com/fhammerl"><code>@�fhammerl</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1284">actions/checkout#1284</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.0...v3.5.1">https://github.com/actions/checkout/compare/v3.5.0...v3.5.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@�actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@�actions/io</code> to 1.1.2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@�actions/core</code> <code>saveState</code> and <code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/284">Fix default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab"><code>8e5e7e5</code></a> Release v3.5.2 (<a href="https://redirect.github.com/actions/checkout/issues/1291">#1291</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/eb35239ec22e9029a5be28f8c41e67452f615f0f"><code>eb35239</code></a> Fix: convert baseUrl to serverApiUrl 'formatted' (<a href="https://redirect.github.com/actions/checkout/issues/1289">#1289</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/83b7061638ee4956cf7545a6f7efe594e5ad0247"><code>83b7061</code></a> Release v3.5.1 (<a href="https://redirect.github.com/actions/checkout/issues/1284">#1284</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/40a16ebeed7da831425b665e600750cb36b38d06"><code>40a16eb</code></a> Improve checkout performance on Windows runners by upgrading <code>@�actions/github</code> ...</li>
<li>See full diff in <a href="https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...8e5e7e5ab8b370d6c329ec480221332ada57f0ab">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.5.0&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Bump github/codeql-action from 2.2.9 to 2.2.12 (flutter#3711)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4. <a href="https://redirect.github.com/github/codeql-action/pull/1561">#1561</a></li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db"><code>7df0ce3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1646">#1646</a> from github/update-v2.2.12-d944b3423</li>
<li><a href="https://github.com/github/codeql-action/commit/fbedecac345b827920c17b4b3488704f4f5bf0b8"><code>fbedeca</code></a> Update changelog for v2.2.12</li>
<li><a href="https://github.com/github/codeql-action/commit/d944b3423d194ae3a11d1d7291ab2f38eb94207a"><code>d944b34</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1619">#1619</a> from github/henrymercer/default-setup-workflow</li>
<li><a href="https://github.com/github/codeql-action/commit/e3210d8ce3ab70ba62248e01804f8ace92086dc3"><code>e3210d8</code></a> Add changelog note</li>
<li><a href="https://github.com/github/codeql-action/commit/599f4927f24ee8729768e58d8ba4c60b93bc1833"><code>599f492</code></a> Allow passing the workflow via an environment variable</li>
<li><a href="https://github.com/github/codeql-action/commit/ed6c4995fcfc90fa1e870bf955dd15e010cf71e8"><code>ed6c499</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1645">#1645</a> from github/henrymercer/remove-dependencies</li>
<li><a href="https://github.com/github/codeql-action/commit/c2b5d643fdc41c9b28b4930ec55e93dbedf6636d"><code>c2b5d64</code></a> Require xml2js <code>&gt;=0.5.0</code> to address CVE-2023-0842</li>
<li><a href="https://github.com/github/codeql-action/commit/9c13316a15486574cee9cd715fe1892201680a31"><code>9c13316</code></a> Remove unused dependencies</li>
<li><a href="https://github.com/github/codeql-action/commit/98f7bbd6102f2c11acb5631e38386a1837dca5a5"><code>98f7bbd</code></a> Add <code>workflow_run_attempt</code> data to status report (<a href="https://redirect.github.com/github/codeql-action/issues/1640">#1640</a>)</li>
<li><a href="https://github.com/github/codeql-action/commit/d7b9dcdb855b6df190af13376d458258d9dff7ef"><code>d7b9dcd</code></a> Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (<a href="https://redirect.github.com/github/codeql-action/issues/1643">#1643</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.2.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Roll Flutter from f740544 to 00171b0 (17 revisions) (flutter#3717)

flutter/flutter@f740544...00171b0

2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from f24e37bb4d9e to 41c1ea9a8283 (1 revision) (flutter/flutter#124916)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from f6e64a87407f to f24e37bb4d9e (2 revisions) (flutter/flutter#124914)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from c8d84cf3b761 to f6e64a87407f (2 revisions) (flutter/flutter#124913)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from 4552a6e105f1 to c8d84cf3b761 (1 revision) (flutter/flutter#124907)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from 0a5ed019cea5 to 4552a6e105f1 (1 revision) (flutter/flutter#124904)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from f7945293aced to 0a5ed019cea5 (2 revisions) (flutter/flutter#124901)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter Engine from e9739bca5c66 to f7945293aced (5 revisions) (flutter/flutter#124900)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter Engine from 413e95d1e22d to e9739bca5c66 (7 revisions) (flutter/flutter#124896)
2023-04-14 jhy03261997@gmail.com Add optional labelText and semanticLabel to Checkbox (flutter/flutter#124555)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter Engine from 9c314065c852 to 413e95d1e22d (1 revision) (flutter/flutter#124892)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter Engine from 87fc46430e1d to 9c314065c852 (5 revisions) (flutter/flutter#124886)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter Engine from ea0e1b17006c to 87fc46430e1d (1 revision) (flutter/flutter#124878)
2023-04-14 jmccandless@google.com iOS context menu shadow (flutter/flutter#122429)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter Engine from 4b96e38c9275 to ea0e1b17006c (1 revision) (flutter/flutter#124867)
2023-04-14 jacksongardner@google.com Add option to run wasm-opt on module output. (flutter/flutter#124831)
2023-04-14 pateltirth454@gmail.com [CupertinoListSection] adds new property separatorColor (flutter/flutter#124803)
2023-04-14 engine-flutter-autoroll@skia.org Roll Packages from d01f4ea to e4ec155 (5 revisions) (flutter/flutter#124863)

If this roll has caused a breakage, revert this CL and stop the roller
using the controls here:
https://autoroll.skia.org/r/flutter-packages
Please CC bmparr@google.com,rmistry@google.com,stuartmorgan@google.com on the revert to ensure that a human
is aware of the problem.

To file a bug in Packages: https://github.com/flutter/flutter/issues/new/choose

To report a problem with the AutoRoller itself, please file a bug:
https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md

[camera] bump version

[camera] rollback tests
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Apr 17, 2023
Merged
engine-flutter-autoroll added a commit to engine-flutter-autoroll/flutter that referenced this pull request Apr 17, 2023
@engine-flutter-autoroll
e2c3677 Bump github/codeql-action from 2.2.9 to 2.2.12 (flutter/packa…
bae519a 
…ges#3711)
auto-submit bot pushed a commit to flutter/flutter that referenced this pull request Apr 17, 2023
@engine-flutter-autoroll
Roll Packages from e4ec155 to 0277f2a (9 revisions) (#124972)
c368d64 
flutter/packages@e4ec155...0277f2a

2023-04-16 engine-flutter-autoroll@skia.org Roll Flutter from 00171b0 to 50171bb (7 revisions) (flutter/packages#3723)
2023-04-15 engine-flutter-autoroll@skia.org Roll Flutter from f740544 to 00171b0 (17 revisions) (flutter/packages#3717)
2023-04-15 49699333+dependabot[bot]@users.noreply.github.com Bump github/codeql-action from 2.2.9 to 2.2.12 (flutter/packages#3711)
2023-04-15 49699333+dependabot[bot]@users.noreply.github.com Bump actions/checkout from 3.5.0 to 3.5.2 (flutter/packages#3710)
2023-04-14 stuartmorgan@google.com [path_provider] Fix Android lint warnings (flutter/packages#3706)
2023-04-14 10687576+bparrishMines@users.noreply.github.com [webview_flutter_android] [camera_android_camerax] Updates internal Java InstanceManager to only stop finalization callbacks when stopped (flutter/packages#3571)
2023-04-14 stuartmorgan@google.com [shared_preferences] Fix Android Java version issue (flutter/packages#3712)
2023-04-14 48185017+andreisas06@users.noreply.github.com [image_picker][android] Non-bitmap images now return path instead of null (flutter/packages#3590)
2023-04-14 engine-flutter-autoroll@skia.org Roll Flutter from be45eb2 to f740544 (24 revisions) (flutter/packages#3713)

If this roll has caused a breakage, revert this CL and stop the roller
using the controls here:
https://autoroll.skia.org/r/flutter-packages-flutter-autoroll
Please CC flutter-ecosystem@google.com,rmistry@google.com on the revert to ensure that a human
is aware of the problem.

To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose

To report a problem with the AutoRoller itself, please file a bug:
https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
@reidbaker reidbaker mentioned this pull request Apr 25, 2023
Merged
11 tasks
nploi pushed a commit to nploi/packages that referenced this pull request Jul 16, 2023
@dependabot @nploi
Bump github/codeql-action from 2.2.9 to 2.2.12 (flutter#3711)
67ced87 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4. <a href="https://redirect.github.com/github/codeql-action/pull/1561">#1561</a></li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db"><code>7df0ce3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1646">#1646</a> from github/update-v2.2.12-d944b3423</li>
<li><a href="https://github.com/github/codeql-action/commit/fbedecac345b827920c17b4b3488704f4f5bf0b8"><code>fbedeca</code></a> Update changelog for v2.2.12</li>
<li><a href="https://github.com/github/codeql-action/commit/d944b3423d194ae3a11d1d7291ab2f38eb94207a"><code>d944b34</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1619">#1619</a> from github/henrymercer/default-setup-workflow</li>
<li><a href="https://github.com/github/codeql-action/commit/e3210d8ce3ab70ba62248e01804f8ace92086dc3"><code>e3210d8</code></a> Add changelog note</li>
<li><a href="https://github.com/github/codeql-action/commit/599f4927f24ee8729768e58d8ba4c60b93bc1833"><code>599f492</code></a> Allow passing the workflow via an environment variable</li>
<li><a href="https://github.com/github/codeql-action/commit/ed6c4995fcfc90fa1e870bf955dd15e010cf71e8"><code>ed6c499</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1645">#1645</a> from github/henrymercer/remove-dependencies</li>
<li><a href="https://github.com/github/codeql-action/commit/c2b5d643fdc41c9b28b4930ec55e93dbedf6636d"><code>c2b5d64</code></a> Require xml2js <code>&gt;=0.5.0</code> to address CVE-2023-0842</li>
<li><a href="https://github.com/github/codeql-action/commit/9c13316a15486574cee9cd715fe1892201680a31"><code>9c13316</code></a> Remove unused dependencies</li>
<li><a href="https://github.com/github/codeql-action/commit/98f7bbd6102f2c11acb5631e38386a1837dca5a5"><code>98f7bbd</code></a> Add <code>workflow_run_attempt</code> data to status report (<a href="https://redirect.github.com/github/codeql-action/issues/1640">#1640</a>)</li>
<li><a href="https://github.com/github/codeql-action/commit/d7b9dcdb855b6df190af13376d458258d9dff7ef"><code>d7b9dcd</code></a> Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (<a href="https://redirect.github.com/github/codeql-action/issues/1643">#1643</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.2.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fluttergithubbot fluttergithubbot fluttergithubbot approved these changes

@godofredoc godofredoc godofredoc approved these changes

@Hixie Hixie Awaiting requested review from Hixie

Assignees
No one assigned
Labels
autosubmit Merge PR when tree becomes green via auto submit App team: infra Infrastructure like devicelab, Cirrus, or LUCI. team Infra upgrades, team productivity, code health, technical debt. See also team: labels.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fluttergithubbot @godofredoc