)]}'
{
  "commit": "bb651412ba245cbca6d297d70263973f9e426e6e",
  "tree": "f412fd993ea6c8c9f98844b350bef1bd22cb57c6",
  "parents": [
    "b8b47b9926db32adb61b205f9410e37d144b4c88"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Tue Nov 18 10:41:55 2025 -0500"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Tue Nov 18 10:41:55 2025 -0500"
  },
  "message": "build(deps): bump the github-actions group across 1 directory with 2 updates (#6418)\n\nBumps the github-actions group with 2 updates in the / directory:\n[actions/checkout](https://github.com/actions/checkout) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 5.0.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd\"\u003e\u003ccode\u003e93cb6ef\u003c/code\u003e\u003c/a\u003e\nCleanup actions/checkout@v6 auth style (\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...93cb6efe18208431cddfb8368fd83d5badbf9bfd\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.2 to 4.31.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now\nlogs a warning for customers who are running v3 but could be running v4.\nFor more information, see \u003ca\nhref\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming\ndeprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e\nfor more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now\nlogs a warning for customers who are running v3 but could be running v4.\nFor more information, see \u003ca\nhref\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming\ndeprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the\n\u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL\nAction 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or\n\u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically\nperforms post-processing steps to prepare the data for the upload.\nPreviously, these post-processing steps were only performed before an\nupload took place. We are now changing this so that the post-processing\nsteps will always be performed, even when the SARIF files are not\nuploaded. This does not change anything for the\n\u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may\naffect Advanced Setup for CodeQL users who specify a value other than\n\u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added\nwhich is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the\nCodeQL CLI and does not initialize a database. Do not use this in\nproduction as it is part of an internal experiment and subject to change\nat any time. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with\n\u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a\n\u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the\nworkflow it is used in does not use different versions of the CodeQL\nAction for different workflow steps. Mixing different versions of the\nCodeQL Action in the same workflow is unsupported and can lead to\nunpredictable results. A warning will now be emitted from the\n\u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL\nAction are detected in the workflow file. Additionally, an error will\nnow be thrown by the other CodeQL Action steps if they load a\nconfiguration file that was generated by a different version of the\n\u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/014f16e7ab1402f30e7c3329d33797e7948572db\"\u003e\u003ccode\u003e014f16e\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3293\"\u003e#3293\u003c/a\u003e\nfrom github/update-v4.31.3-8c10e89c7\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/14d898ef09787f3258d7542ed62ad3da38295b68\"\u003e\u003ccode\u003e14d898e\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.31.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8c10e89c78c754f211c440ce6999ed8668811c3b\"\u003e\u003ccode\u003e8c10e89\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3288\"\u003e#3288\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.23.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/9777b01a4952c6266ad795197c2dd702065a6d19\"\u003e\u003ccode\u003e9777b01\u003c/code\u003e\u003c/a\u003e\nMerge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.23.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/456a74a6faf33b08baa780e0bf31b41fabd1ca35\"\u003e\u003ccode\u003e456a74a\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3289\"\u003e#3289\u003c/a\u003e\nfrom github/mbg/ci/setup-dotnet\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/3fac49c14012959fab197865a1813bffe8a04dd1\"\u003e\u003ccode\u003e3fac49c\u003c/code\u003e\u003c/a\u003e\nUpdate remaining workflows\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/38a3a7258f252b705a070bd91df7a72a50d61318\"\u003e\u003ccode\u003e38a3a72\u003c/code\u003e\u003c/a\u003e\nEnable \u003ccode\u003einstallDotNet\u003c/code\u003e in all workflows that analyse C#\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/58c9eb6c034b7054387301aa21926d94da049b69\"\u003e\u003ccode\u003e58c9eb6\u003c/code\u003e\u003c/a\u003e\nAdd \u003ccode\u003eglobal.json\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f20e02164a8bd2f32913932752d67ee2bbf22246\"\u003e\u003ccode\u003ef20e021\u003c/code\u003e\u003c/a\u003e\nAdd support for adding \u003ccode\u003esetup-dotnet\u003c/code\u003e steps to\n\u003ccode\u003esync.sh\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8d3d4001e38901ebbee39c134163b67198c956f7\"\u003e\u003ccode\u003e8d3d400\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...014f16e7ab1402f30e7c3329d33797e7948572db\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b0d8deaedc8a27b683ab4f23c2b18a47a72a3b88",
      "old_mode": 33188,
      "old_path": ".github/workflows/autoroll.yml",
      "new_id": "6976686c50cfe21e4e53b25298bb6c6da043b5d8",
      "new_mode": 33188,
      "new_path": ".github/workflows/autoroll.yml"
    },
    {
      "type": "modify",
      "old_id": "6ff7855b46766a31cc60edaa5bdbd09eb272504b",
      "old_mode": 33188,
      "old_path": ".github/workflows/bazel.yml",
      "new_id": "7a1ba06ab9f56dd6cba3c803110a853b5af99698",
      "new_mode": 33188,
      "new_path": ".github/workflows/bazel.yml"
    },
    {
      "type": "modify",
      "old_id": "3d12dda516d672a4ddc21d06eba1615a23295d46",
      "old_mode": 33188,
      "old_path": ".github/workflows/ios.yml",
      "new_id": "04d01a7aa2a0a207b016d90604a46a3b965ff56b",
      "new_mode": 33188,
      "new_path": ".github/workflows/ios.yml"
    },
    {
      "type": "modify",
      "old_id": "126ef63ed11b032b7e5306e8bed38db49547ae59",
      "old_mode": 33188,
      "old_path": ".github/workflows/release.yml",
      "new_id": "b75394c808b47ebc60250a76ab6a7bbfb353d7bd",
      "new_mode": 33188,
      "new_path": ".github/workflows/release.yml"
    },
    {
      "type": "modify",
      "old_id": "ae59174274dd432ce45f5f807712f1314c7b73e4",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecard.yml",
      "new_id": "ad45b3507831cfae11ef7405c486f2ade85e624f",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecard.yml"
    },
    {
      "type": "modify",
      "old_id": "d3fd170f3ffa620f4401195a0b4c9c1cd57574e0",
      "old_mode": 33188,
      "old_path": ".github/workflows/wasm.yml",
      "new_id": "3b3762a5c7446b3845856edbbe445069d96f3303",
      "new_mode": 33188,
      "new_path": ".github/workflows/wasm.yml"
    }
  ]
}