Skip to content

Bump github/codeql-action/upload-sarif from 4.37.0 to 4.37.1 in the ci group#269

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-d8a2d0ba5c
Open

Bump github/codeql-action/upload-sarif from 4.37.0 to 4.37.1 in the ci group#269
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-d8a2d0ba5c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the ci group with 1 update: github/codeql-action/upload-sarif.

Updates github/codeql-action/upload-sarif from 4.37.0 to 4.37.1

Release notes

Sourced from github/codeql-action/upload-sarif's releases.

v4.37.1

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956
  • Update default CodeQL bundle version to 2.26.1. #4019
Commits
  • 7188fc3 Merge pull request #4020 from github/update-v4.37.1-9e7c07009
  • c8b5f69 Update changelog for v4.37.1
  • 9e7c070 Merge pull request #4014 from github/mbg/explicit-remote-prefix
  • 3492b7e Change REMOTE_PATH_PREFIX to remote=
  • 3654baa Merge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix
  • 2d682ac Merge pull request #4017 from github/dependabot/github_actions/dot-github/wor...
  • 23f6a50 Merge pull request #4009 from github/mbg/action-state/additions
  • 1ee3c75 Merge pull request #4018 from github/dependabot/github_actions/dot-github/wor...
  • e053684 Merge pull request #4015 from github/dependabot/npm_and_yarn/npm-minor-fd2e83...
  • 6803c56 Merge pull request #4019 from github/update-bundle/codeql-bundle-v2.26.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 1 update: [github/codeql-action/upload-sarif](https://github.com/github/codeql-action).


Updates `github/codeql-action/upload-sarif` from 4.37.0 to 4.37.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@99df26d...7188fc3)

---
updated-dependencies:
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.37.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 16, 2026
@github-actions

Copy link
Copy Markdown

Overview

Image reference my-sample-workload:latest my-sample-workload:latest
- digest c746b2ddfc3e c746b2ddfc3e
- tag latest latest
- provenance 6186dd4 41039b9
- vulnerabilities critical: 0 high: 0 medium: 0 low: 0 critical: 0 high: 0 medium: 0 low: 0
- platform linux/amd64 linux/amd64
- size 56 MB 56 MB
- packages 18 18
Policies (0 improved, 0 worsened)
Policy Name my-sample-workload:latest my-sample-workload:latest Change Standing
Default non-root user No Change
No copyleft licenses ⚠️ 8 ⚠️ 8 No Change
No fixable critical or high vulnerabilities No Change
No high-profile vulnerabilities No Change
No outdated base images ⚠️ ⚠️ No Change
No unapproved base images No Change
Supply chain attestations No Change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants