Skip to content

chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8#5726

Merged
eso-service-account-app[bot] merged 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-4.31.8
Dec 15, 2025
Merged

chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8#5726
eso-service-account-app[bot] merged 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-4.31.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Dec 15, 2025
edited
Loading

Bumps github/codeql-action from 4.31.7 to 4.31.8.

Release notes

Sourced from github/codeql-action's releases.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

... (truncated)

Commits
  • 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
  • 120f277 Update changelog for v4.31.8
  • 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
  • db812c1 Add changelog note
  • 2930dba Update default bundle to codeql-bundle-v2.23.8
  • c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
  • 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
  • 5b7e7fc Update src/codeql.ts
  • 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
  • 97c2630 Rebuild
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 15, 2025
@github-actions github-actions bot added area/deps kind/chore Categorizes Pull Requests for chore activities (like bumping versions) kind/dependency dependabot and upgrades component/github-actions labels Dec 15, 2025
@eso-service-account-app eso-service-account-app bot enabled auto-merge (squash) December 15, 2025 08:02
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Dec 15, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8
7d50b87 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.7 to 4.31.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cf1bb45...1b168cd)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github/codeql-action-4.31.8 branch from 1224dac to 7d50b87 Compare December 15, 2025 08:08
@eso-service-account-app eso-service-account-app bot merged commit 3c8985a into main Dec 15, 2025
8 checks passed
@eso-service-account-app eso-service-account-app bot deleted the dependabot/github_actions/github/codeql-action-4.31.8 branch December 15, 2025 08:08
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Dec 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

alexlebens pushed a commit to alexlebens/infrastructure that referenced this pull request Dec 20, 2025
@alexlebens
Update Helm release external-secrets to v1.2.0 (#2737)
3e76f9c 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.1.1` -> `1.2.0` |

---

### Release Notes

<details>
<summary>external-secrets/external-secrets (external-secrets)</summary>

### [`v1.2.0`](https://github.com/external-secrets/external-secrets/releases/tag/v1.2.0)

[Compare Source](external-secrets/external-secrets@v1.1.1...v1.2.0)

Image: `ghcr.io/external-secrets/external-secrets:v1.2.0`
Image: `ghcr.io/external-secrets/external-secrets:v1.2.0-ubi`
Image: `ghcr.io/external-secrets/external-secrets:v1.2.0-ubi-boringssl`

<!-- Release notes generated using configuration in .github/release.yml at main -->

#### What's Changed

##### General

- chore: bump 1.1.1 by [@&#8203;gusfcarvalho](https://github.com/gusfcarvalho) in [#&#8203;5687](external-secrets/external-secrets#5687)
- chore: fix the argocd e2e test case by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5688](external-secrets/external-secrets#5688)
- feat(provider): add Barbican provider support by [@&#8203;rkferreira](https://github.com/rkferreira) in [#&#8203;5398](external-secrets/external-secrets#5398)
- docs(secretserver): promote secretserver provider to beta by [@&#8203;DelineaSahilWankhede](https://github.com/DelineaSahilWankhede) in [#&#8203;5668](external-secrets/external-secrets#5668)
- feat(controller): add flag to enable/disable secretstore reconcile by [@&#8203;Ilhan-Personal](https://github.com/Ilhan-Personal) in [#&#8203;5653](external-secrets/external-secrets#5653)
- fix(aws-secrets-manager): Apply filtering based on both name and tags if provided by [@&#8203;iypetrov](https://github.com/iypetrov) in [#&#8203;5685](external-secrets/external-secrets#5685)
- fix(gcpsm): SecretExists should check for regional secrets when store location is specified by [@&#8203;tokiwong](https://github.com/tokiwong) in [#&#8203;5708](external-secrets/external-secrets#5708)
- feat: introduce store deprecation by [@&#8203;gusfcarvalho](https://github.com/gusfcarvalho) in [#&#8203;5711](external-secrets/external-secrets#5711)
- feat(charts): add global values for common deployment configurations by [@&#8203;Gabryel8818](https://github.com/Gabryel8818) in [#&#8203;5652](external-secrets/external-secrets#5652)
- feat: add Doppler OIDC-based authentication by [@&#8203;mikesellitto](https://github.com/mikesellitto) in [#&#8203;5475](external-secrets/external-secrets#5475)
- fix: make custom configuration available regardless of environment by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5713](external-secrets/external-secrets#5713)
- chore(chart): update bitwarden dependency to v0.5.2 by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5719](external-secrets/external-secrets#5719)
- docs(templating): update rbac for generic targets by [@&#8203;lostick](https://github.com/lostick) in [#&#8203;5736](external-secrets/external-secrets#5736)
- fix(testing): Breaking changes should not break ci by [@&#8203;evrardjp](https://github.com/evrardjp) in [#&#8203;5739](external-secrets/external-secrets#5739)
- fix(security): Get rid of getSecretKey by [@&#8203;evrardjp](https://github.com/evrardjp) in [#&#8203;5738](external-secrets/external-secrets#5738)
- fix(aws): parse resource policies into canonical JSON (sorted) before comparing by [@&#8203;cmoscofian](https://github.com/cmoscofian) in [#&#8203;5622](external-secrets/external-secrets#5622)
- docs: Fix example in GCP documentation by [@&#8203;headcr4sh](https://github.com/headcr4sh) in [#&#8203;5745](external-secrets/external-secrets#5745)
- chore(secretserver): update dependencies to accept new DelineaXPM/tss-sdk-go by [@&#8203;DelineaSahilWankhede](https://github.com/DelineaSahilWankhede) in [#&#8203;5742](external-secrets/external-secrets#5742)
- fix(gcpsm): Improve SecretExists method in GCP secret manager provider by [@&#8203;tosih](https://github.com/tosih) in [#&#8203;5610](external-secrets/external-secrets#5610)
- chore(docs): add clarification to helm values being disabled by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;5746](external-secrets/external-secrets#5746)
- fix(release): apply [`64dc681`](external-secrets/external-secrets@64dc681) to release by [@&#8203;jakobmoellerdev](https://github.com/jakobmoellerdev) in [#&#8203;5749](external-secrets/external-secrets#5749)
- docs(release): 1.2 stability-support.md by [@&#8203;jakobmoellerdev](https://github.com/jakobmoellerdev) in [#&#8203;5750](external-secrets/external-secrets#5750)

##### Dependencies

- chore(deps): bump golang from 1.25.4 to 1.25.5 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5693](external-secrets/external-secrets#5693)
- chore(deps): bump golang from 1.25.4-bookworm to 1.25.5-bookworm in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5702](external-secrets/external-secrets#5702)
- chore(deps): bump ubi9/ubi from `dcd8128` to `75937d9` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5655](external-secrets/external-secrets#5655)
- chore(deps): bump peter-evans/slash-command-dispatch from 5.0.0 to 5.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5695](external-secrets/external-secrets#5695)
- chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5696](external-secrets/external-secrets#5696)
- chore(deps): bump actions/stale from 10.1.0 to 10.1.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5697](external-secrets/external-secrets#5697)
- chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5700](external-secrets/external-secrets#5700)
- chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5698](external-secrets/external-secrets#5698)
- chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5699](external-secrets/external-secrets#5699)
- chore(deps): bump platformdirs from 4.5.0 to 4.5.1 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5705](external-secrets/external-secrets#5705)
- chore(deps): bump distroless/static from `87bce11` to `4b2a093` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5692](external-secrets/external-secrets#5692)
- chore(deps): bump alpine from 3.22 to 3.23 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5703](external-secrets/external-secrets#5703)
- chore(deps): bump urllib3 from 2.5.0 to 2.6.0 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5704](external-secrets/external-secrets#5704)
- chore(deps): bump pymdown-extensions from 10.17.2 to 10.18 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5706](external-secrets/external-secrets#5706)
- chore(deps): bump alpine from 3.22.2 to 3.23.0 in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5701](external-secrets/external-secrets#5701)
- chore(deps): bump golang from `2611181` to `2611181` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5721](external-secrets/external-secrets#5721)
- chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5725](external-secrets/external-secrets#5725)
- chore(deps): bump urllib3 from 2.6.0 to 2.6.2 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5730](external-secrets/external-secrets#5730)
- chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5726](external-secrets/external-secrets#5726)
- chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5724](external-secrets/external-secrets#5724)
- chore(deps): bump tornado from 6.5.2 to 6.5.3 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5732](external-secrets/external-secrets#5732)
- chore(deps): bump ubi9/ubi from `75937d9` to `d4feb57` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5722](external-secrets/external-secrets#5722)
- chore(deps): bump golang from `5117d68` to `09f53de` in /e2e by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5729](external-secrets/external-secrets#5729)
- chore(deps): bump alpine from `4b7ce07` to `51183f2` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5694](external-secrets/external-secrets#5694)
- chore(deps): bump hashicorp/setup-terraform from [`712b439`](external-secrets/external-secrets@712b439) to [`071811a`](external-secrets/external-secrets@071811a) by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5727](external-secrets/external-secrets#5727)
- chore(deps): bump pymdown-extensions from 10.18 to 10.19.1 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5731](external-secrets/external-secrets#5731)
- chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5728](external-secrets/external-secrets#5728)
- chore(deps): bump actions/cache from 4.3.0 to 5.0.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5723](external-secrets/external-secrets#5723)

#### New Contributors

- [@&#8203;iypetrov](https://github.com/iypetrov) made their first contribution in [#&#8203;5685](external-secrets/external-secrets#5685)
- [@&#8203;tokiwong](https://github.com/tokiwong) made their first contribution in [#&#8203;5708](external-secrets/external-secrets#5708)
- [@&#8203;Gabryel8818](https://github.com/Gabryel8818) made their first contribution in [#&#8203;5652](external-secrets/external-secrets#5652)
- [@&#8203;mikesellitto](https://github.com/mikesellitto) made their first contribution in [#&#8203;5475](external-secrets/external-secrets#5475)
- [@&#8203;lostick](https://github.com/lostick) made their first contribution in [#&#8203;5736](external-secrets/external-secrets#5736)
- [@&#8203;cmoscofian](https://github.com/cmoscofian) made their first contribution in [#&#8203;5622](external-secrets/external-secrets#5622)
- [@&#8203;headcr4sh](https://github.com/headcr4sh) made their first contribution in [#&#8203;5745](external-secrets/external-secrets#5745)
- [@&#8203;tosih](https://github.com/tosih) made their first contribution in [#&#8203;5610](external-secrets/external-secrets#5610)

**Full Changelog**: <external-secrets/external-secrets@v1.1.1...v1.2.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhcnQiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2737
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eso-service-account-app eso-service-account-app[bot] eso-service-account-app[bot] approved these changes

Assignees

No one assigned

Labels

area/deps component/github-actions dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code kind/chore Categorizes Pull Requests for chore activities (like bumping versions) kind/dependency dependabot and upgrades size/xs

Projects

External Secrets
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants