fix(deps): update github/codeql-action action to v4.30.9 #56
Conversation
Signed-off-by: Renovate Bot <bot@renovateapp.com>
✅ Deploy Preview for visulima-com ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Thank you for following the naming conventions! 🙏 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR performs a routine patch update of the github/codeql-action from v4.30.8 to v4.30.9 across two GitHub Actions workflow files. The update brings the CodeQL bundle to version 2.23.3 and adds an experimental setup-codeql action (not used in this repository). The change is purely a version bump with corresponding commit hash updates—no logic, configuration, or permission changes are involved. Both the Scorecards security workflow and the CodeQL analysis workflow are updated consistently, maintaining the repository's security scanning capabilities with the latest patch release. This is a standard dependency maintenance task managed by Renovate, ensuring the codebase benefits from the latest bug fixes and improvements in GitHub's security analysis tooling.
Important Files Changed
| Filename | Score | Overview |
|---|---|---|
| .github/workflows/scorecards.yml | 5/5 | Updated github/codeql-action/upload-sarif from v4.30.8 to v4.30.9 with new commit hash reference |
| .github/workflows/codeql.yml | 5/5 | Updated all three CodeQL action steps (init, autobuild, analyze) from v4.30.8 to v4.30.9 with consistent commit hash updates |
Confidence score: 5/5
- This PR is safe to merge with minimal risk as it contains only version updates to a well-maintained GitHub Action with no configuration or logic changes
- Score reflects the narrow scope of changes (patch version bump), consistency across all action references, and the use of pinned commit hashes following security best practices
- No files require special attention; both workflow files contain identical, straightforward version updates with no potential for breakage
2 files reviewed, no comments
|
🚀 Great job, @renovate[bot]! You've merged your 24th PR! 🎊 Your contributions to visulima.com are making a real difference. Keep up the fantastic work! 💪 @prisis is here if you need any guidance. Onward and upward! 🚀 |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
This PR contains the following updates:
v4.30.8->v4.30.9Release Notes
github/codeql-action (github/codeql-action)
v4.30.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
Configuration
📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.