Skip to content

chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7#5696

Merged
eso-service-account-app[bot] merged 2 commits intomainfrom
dependabot/github_actions/github/codeql-action-4.31.7
Dec 8, 2025
Merged

chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7#5696
eso-service-account-app[bot] merged 2 commits intomainfrom
dependabot/github_actions/github/codeql-action-4.31.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps github/codeql-action from 4.31.5 to 4.31.7.

Release notes

Sourced from github/codeql-action's releases.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

... (truncated)

Commits
  • cf1bb45 Merge pull request #3344 from github/update-v4.31.7-f5c63fadd
  • f4ebe95 Update changelog for v4.31.7
  • f5c63fa Merge pull request #3343 from github/update-bundle/codeql-bundle-v2.23.7
  • a2c01e7 Add changelog note
  • ac34c13 Update default bundle to codeql-bundle-v2.23.7
  • 267c467 Merge pull request #3339 from github/dependabot/npm_and_yarn/npm-minor-77d264...
  • aeabef7 Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-77d26487b0
  • 78357d3 Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-tests
  • d61a6fa Update CLI config test to account for overlay db changes on PRs
  • ce27e95 Rebuild
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7
6ebb8bd 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@fdbfb4d...cf1bb45)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 8, 2025
@github-actions github-actions bot added kind/dependency dependabot and upgrades area/deps component/github-actions kind/chore Categorizes Pull Requests for chore activities (like bumping versions) size/xs labels Dec 8, 2025
@eso-service-account-app eso-service-account-app bot enabled auto-merge (squash) December 8, 2025 08:01
@eso-service-account-app eso-service-account-app bot merged commit 248ddf6 into main Dec 8, 2025
14 of 15 checks passed
@eso-service-account-app eso-service-account-app bot deleted the dependabot/github_actions/github/codeql-action-4.31.7 branch December 8, 2025 13:19
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Dec 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

tokiwong pushed a commit to tokiwong/external-secrets that referenced this pull request Dec 9, 2025
@dependabot @Skarlso @tokiwong
chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 (externa…
1dd0b17 
…l-secrets#5696)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@fdbfb4d...cf1bb45)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <skarlso777@gmail.com>
Signed-off-by: Alvin Wong <alvin.wong@forgerock.com>
alexlebens pushed a commit to alexlebens/infrastructure that referenced this pull request Dec 20, 2025
@alexlebens
Update Helm release external-secrets to v1.2.0 (#2737)
3e76f9c 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.1.1` -> `1.2.0` |

---

### Release Notes

<details>
<summary>external-secrets/external-secrets (external-secrets)</summary>

### [`v1.2.0`](https://github.com/external-secrets/external-secrets/releases/tag/v1.2.0)

[Compare Source](external-secrets/external-secrets@v1.1.1...v1.2.0)

Image: `ghcr.io/external-secrets/external-secrets:v1.2.0`
Image: `ghcr.io/external-secrets/external-secrets:v1.2.0-ubi`
Image: `ghcr.io/external-secrets/external-secrets:v1.2.0-ubi-boringssl`

<!-- Release notes generated using configuration in .github/release.yml at main -->

#### What's Changed

##### General

- chore: bump 1.1.1 by [@&#8203;gusfcarvalho](https://github.com/gusfcarvalho) in [#&#8203;5687](external-secrets/external-secrets#5687)
- chore: fix the argocd e2e test case by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5688](external-secrets/external-secrets#5688)
- feat(provider): add Barbican provider support by [@&#8203;rkferreira](https://github.com/rkferreira) in [#&#8203;5398](external-secrets/external-secrets#5398)
- docs(secretserver): promote secretserver provider to beta by [@&#8203;DelineaSahilWankhede](https://github.com/DelineaSahilWankhede) in [#&#8203;5668](external-secrets/external-secrets#5668)
- feat(controller): add flag to enable/disable secretstore reconcile by [@&#8203;Ilhan-Personal](https://github.com/Ilhan-Personal) in [#&#8203;5653](external-secrets/external-secrets#5653)
- fix(aws-secrets-manager): Apply filtering based on both name and tags if provided by [@&#8203;iypetrov](https://github.com/iypetrov) in [#&#8203;5685](external-secrets/external-secrets#5685)
- fix(gcpsm): SecretExists should check for regional secrets when store location is specified by [@&#8203;tokiwong](https://github.com/tokiwong) in [#&#8203;5708](external-secrets/external-secrets#5708)
- feat: introduce store deprecation by [@&#8203;gusfcarvalho](https://github.com/gusfcarvalho) in [#&#8203;5711](external-secrets/external-secrets#5711)
- feat(charts): add global values for common deployment configurations by [@&#8203;Gabryel8818](https://github.com/Gabryel8818) in [#&#8203;5652](external-secrets/external-secrets#5652)
- feat: add Doppler OIDC-based authentication by [@&#8203;mikesellitto](https://github.com/mikesellitto) in [#&#8203;5475](external-secrets/external-secrets#5475)
- fix: make custom configuration available regardless of environment by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5713](external-secrets/external-secrets#5713)
- chore(chart): update bitwarden dependency to v0.5.2 by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5719](external-secrets/external-secrets#5719)
- docs(templating): update rbac for generic targets by [@&#8203;lostick](https://github.com/lostick) in [#&#8203;5736](external-secrets/external-secrets#5736)
- fix(testing): Breaking changes should not break ci by [@&#8203;evrardjp](https://github.com/evrardjp) in [#&#8203;5739](external-secrets/external-secrets#5739)
- fix(security): Get rid of getSecretKey by [@&#8203;evrardjp](https://github.com/evrardjp) in [#&#8203;5738](external-secrets/external-secrets#5738)
- fix(aws): parse resource policies into canonical JSON (sorted) before comparing by [@&#8203;cmoscofian](https://github.com/cmoscofian) in [#&#8203;5622](external-secrets/external-secrets#5622)
- docs: Fix example in GCP documentation by [@&#8203;headcr4sh](https://github.com/headcr4sh) in [#&#8203;5745](external-secrets/external-secrets#5745)
- chore(secretserver): update dependencies to accept new DelineaXPM/tss-sdk-go by [@&#8203;DelineaSahilWankhede](https://github.com/DelineaSahilWankhede) in [#&#8203;5742](external-secrets/external-secrets#5742)
- fix(gcpsm): Improve SecretExists method in GCP secret manager provider by [@&#8203;tosih](https://github.com/tosih) in [#&#8203;5610](external-secrets/external-secrets#5610)
- chore(docs): add clarification to helm values being disabled by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5746](external-secrets/external-secrets#5746)
- fix(release): apply [`64dc681`](external-secrets/external-secrets@64dc681) to release by [@&#8203;jakobmoellerdev](https://github.com/jakobmoellerdev) in [#&#8203;5749](external-secrets/external-secrets#5749)
- docs(release): 1.2 stability-support.md by [@&#8203;jakobmoellerdev](https://github.com/jakobmoellerdev) in [#&#8203;5750](external-secrets/external-secrets#5750)

##### Dependencies

- chore(deps): bump golang from 1.25.4 to 1.25.5 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5693](external-secrets/external-secrets#5693)
- chore(deps): bump golang from 1.25.4-bookworm to 1.25.5-bookworm in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5702](external-secrets/external-secrets#5702)
- chore(deps): bump ubi9/ubi from `dcd8128` to `75937d9` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5655](external-secrets/external-secrets#5655)
- chore(deps): bump peter-evans/slash-command-dispatch from 5.0.0 to 5.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5695](external-secrets/external-secrets#5695)
- chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5696](external-secrets/external-secrets#5696)
- chore(deps): bump actions/stale from 10.1.0 to 10.1.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5697](external-secrets/external-secrets#5697)
- chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5700](external-secrets/external-secrets#5700)
- chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5698](external-secrets/external-secrets#5698)
- chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5699](external-secrets/external-secrets#5699)
- chore(deps): bump platformdirs from 4.5.0 to 4.5.1 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5705](external-secrets/external-secrets#5705)
- chore(deps): bump distroless/static from `87bce11` to `4b2a093` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5692](external-secrets/external-secrets#5692)
- chore(deps): bump alpine from 3.22 to 3.23 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5703](external-secrets/external-secrets#5703)
- chore(deps): bump urllib3 from 2.5.0 to 2.6.0 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5704](external-secrets/external-secrets#5704)
- chore(deps): bump pymdown-extensions from 10.17.2 to 10.18 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5706](external-secrets/external-secrets#5706)
- chore(deps): bump alpine from 3.22.2 to 3.23.0 in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5701](external-secrets/external-secrets#5701)
- chore(deps): bump golang from `2611181` to `2611181` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5721](external-secrets/external-secrets#5721)
- chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5725](external-secrets/external-secrets#5725)
- chore(deps): bump urllib3 from 2.6.0 to 2.6.2 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5730](external-secrets/external-secrets#5730)
- chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5726](external-secrets/external-secrets#5726)
- chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5724](external-secrets/external-secrets#5724)
- chore(deps): bump tornado from 6.5.2 to 6.5.3 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5732](external-secrets/external-secrets#5732)
- chore(deps): bump ubi9/ubi from `75937d9` to `d4feb57` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5722](external-secrets/external-secrets#5722)
- chore(deps): bump golang from `5117d68` to `09f53de` in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5729](external-secrets/external-secrets#5729)
- chore(deps): bump alpine from `4b7ce07` to `51183f2` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5694](external-secrets/external-secrets#5694)
- chore(deps): bump hashicorp/setup-terraform from [`712b439`](external-secrets/external-secrets@712b439) to [`071811a`](external-secrets/external-secrets@071811a) by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5727](external-secrets/external-secrets#5727)
- chore(deps): bump pymdown-extensions from 10.18 to 10.19.1 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5731](external-secrets/external-secrets#5731)
- chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5728](external-secrets/external-secrets#5728)
- chore(deps): bump actions/cache from 4.3.0 to 5.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5723](external-secrets/external-secrets#5723)

#### New Contributors

- [@&#8203;iypetrov](https://github.com/iypetrov) made their first contribution in [#&#8203;5685](external-secrets/external-secrets#5685)
- [@&#8203;tokiwong](https://github.com/tokiwong) made their first contribution in [#&#8203;5708](external-secrets/external-secrets#5708)
- [@&#8203;Gabryel8818](https://github.com/Gabryel8818) made their first contribution in [#&#8203;5652](external-secrets/external-secrets#5652)
- [@&#8203;mikesellitto](https://github.com/mikesellitto) made their first contribution in [#&#8203;5475](external-secrets/external-secrets#5475)
- [@&#8203;lostick](https://github.com/lostick) made their first contribution in [#&#8203;5736](external-secrets/external-secrets#5736)
- [@&#8203;cmoscofian](https://github.com/cmoscofian) made their first contribution in [#&#8203;5622](external-secrets/external-secrets#5622)
- [@&#8203;headcr4sh](https://github.com/headcr4sh) made their first contribution in [#&#8203;5745](external-secrets/external-secrets#5745)
- [@&#8203;tosih](https://github.com/tosih) made their first contribution in [#&#8203;5610](external-secrets/external-secrets#5610)

**Full Changelog**: <external-secrets/external-secrets@v1.1.1...v1.2.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhcnQiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2737
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eso-service-account-app eso-service-account-app[bot] eso-service-account-app[bot] approved these changes

Assignees

No one assigned

Labels

area/deps component/github-actions dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code kind/chore Categorizes Pull Requests for chore activities (like bumping versions) kind/dependency dependabot and upgrades size/xs

Projects

External Secrets
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Skarlso