Evan
e06720b067
chore(ci): correct codeql-action version comment to match pinned SHA
...
The github/codeql-action/init and analyze steps were pinned to SHA
8aad20d150bbac5944a9f9d289da16a4b0d87c1e but annotated with a '# v4'
comment. That SHA is the v4.36.2 release, and the moving 'v4' tag now
resolves to a different commit, so zizmor's ref-version-mismatch rule
flags the comment as untruthful. Update the comment to '# v4.36.2' to
reflect the actual pinned ref, matching how other actions in this
workflow annotate their exact versions (e.g. actions/checkout # v7.0.0).
Resolves code-scanning alert #2560
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-07-02 10:34:36 -07:00
dependabot[bot]
420a74b01e
chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 ( #41358 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-24 00:52:16 -07:00
Durgaprasad M L
7e98410743
fix(theme): embedded method overrides dashboard level config ( #40777 )
...
Co-authored-by: Mehmet Salih Yavuz <salih.yavuz@proton.me >
2026-06-17 18:33:04 -07:00
dependabot[bot]
32ae0afcac
chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 ( #40966 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-11 21:27:32 +07:00
dependabot[bot]
ff4783f1e4
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1 ( #40894 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 10:30:30 -07:00
dependabot[bot]
7a3b8f49c7
chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 ( #40892 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: hainenber <dotronghai96@gmail.com >
2026-06-10 00:25:41 +07:00
Evan Rusackas
ff5e43c8a0
ci: add timeout-minutes to compute-heavy workflow jobs ( #40743 )
...
Co-authored-by: Claude Code <noreply@anthropic.com >
2026-06-04 09:47:55 -07:00
Evan Rusackas
5ba60d51fd
ci: gate CodeQL analysis at the job level for docs-only PRs ( #40724 )
2026-06-03 23:49:59 +02:00
Evan Rusackas
2e7bec3646
chore(ci): harden GitHub Actions workflows per static analysis ( #40545 )
...
Co-authored-by: Claude Code <noreply@anthropic.com >
2026-05-30 13:13:43 +07:00
dependabot[bot]
6bd1b46216
chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 ( #40458 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-27 15:28:06 -07:00
dependabot[bot]
f47300102c
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 ( #40218 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 06:26:20 -07:00
Evan Rusackas
5ab8583cd0
chore(gha): pin github/codeql-action to a SHA ( #40043 )
...
Co-authored-by: Superset Dev <dev@superset.apache.org >
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-11 20:18:55 -07:00
Đỗ Trọng Hải
83823911b5
feat(sec): harden GHA ref by using its SHA ID to prevent accidental usage of compromised actions ( #38782 )
...
Signed-off-by: hainenber <dotronghai96@gmail.com >
2026-03-21 21:27:30 +07:00
dependabot[bot]
23b61b080e
chore(deps): bump actions/checkout from 5 to 6 ( #36219 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 12:02:43 -08:00
dependabot[bot]
8727d321f3
chore(deps): bump github/codeql-action from 3 to 4 ( #35568 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-10 17:26:36 -07:00
dependabot[bot]
3dbe593a4a
chore(deps): bump actions/checkout from 4 to 5 ( #34969 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-03 10:36:16 -07:00
Maxime Beauchemin
531f1b6aa4
chore(gha): bump ubuntu to latest fresh release ( #31390 )
2024-12-18 23:32:10 -08:00
Maxime Beauchemin
d49d79121c
chore: trigger CI jobs on all release-related branches ( #29274 )
2024-06-17 13:42:58 -07:00
Maxime Beauchemin
e80d194b8f
fix: improve change detection for GHAs ( #27904 )
2024-04-08 16:20:25 -07:00
Michael S. Molina
a54a24e3b5
fix: Re-enable CI checks on release branches ( #27390 )
2024-03-06 14:23:07 -03:00
dependabot[bot]
5930bbb5d3
build(deps): bump actions/checkout from 2 to 4 ( #26971 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 11:56:33 -07:00
Maxime Beauchemin
26e330e119
feat(ci): kill duplicate CI jobs on PRs ( #26945 )
2024-02-01 08:08:41 -07:00
dependabot[bot]
b7ddfff0a1
build(deps): bump github/codeql-action from 2 to 3 ( #26956 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 10:16:13 +00:00
Evan Rusackas
20d439ac01
chore(actions): adding JavaScript to CodeQL config ( #23974 )
2023-05-10 08:08:21 -06:00
Daniel Vaz Gaspar
2a63b39f33
chore: add codeQL to CI ( #23949 )
2023-05-05 19:39:57 +01:00