diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 05f6cccc3ec..fe0ccfd664f 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -66,6 +66,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # 2.1.22 + uses: github/codeql-action/upload-sarif@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # 2.1.22 with: sarif_file: results.sarif diff --git a/src/changelog/.2.x.x/update_github_codeql_action.xml b/src/changelog/.2.x.x/update_github_codeql_action.xml new file mode 100644 index 00000000000..23cea69e495 --- /dev/null +++ b/src/changelog/.2.x.x/update_github_codeql_action.xml @@ -0,0 +1,9 @@ + + + + + Update `github/codeql-action` to version `2.22.3` + diff --git a/src/site/_release-notes/_2.x.x.adoc b/src/site/_release-notes/_2.x.x.adoc index 44d73411177..4fbfc9505e5 100644 --- a/src/site/_release-notes/_2.x.x.adoc +++ b/src/site/_release-notes/_2.x.x.adoc @@ -49,6 +49,7 @@ The module name of four bridges (`log4j-slf4j-impl`, `log4j-slf4j2-impl`, `log4j * Update `co.elastic.clients:elasticsearch-java` to version `8.10.4` (https://github.com/apache/logging-log4j2/pull/1881[1881]) * Update `com.google.guava:guava` to version `32.1.3-jre` (https://github.com/apache/logging-log4j2/pull/1875[1875]) * Update `com.h2database:h2` to version `2.2.224` (https://github.com/apache/logging-log4j2/pull/1880[1880]) +* Update `github/codeql-action` to version `2.22.3` (https://github.com/apache/logging-log4j2/pull/1862[1862]) * Update `io.netty:netty-bom` to version `4.1.100.Final` (https://github.com/apache/logging-log4j2/pull/1857[1857]) * Update `org.springframework.boot:spring-boot` to version `2.7.17` (https://github.com/apache/logging-log4j2/pull/1874[1874]) * Update `org.zeromq:jeromq` to version `0.5.4` (https://github.com/apache/logging-log4j2/pull/1878[1878])