actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code
toolkit/.github/workflows
History
Patrick Ellis 8f032d304a
Upgrade codeql actions to v2 
Currently we're using v1, and there have been some important changes since then.

In particular, the latest version, v2.14.6, contains an important security patch:

> The CodeQL CLI no longer supports the `SEMMLE_JAVA_ARGS` environment variable. All previous versions of the CodeQL CLI perform command substitution on the `SEMMLE_JAVA_ARGS` value (for example, replacing `'$(echo foo)'` with `'foo'`) when starting a new Java virtual machine, which, depending on the execution environment, may have security implications. Users are advised to check their environments for possible `SEMMLE_JAVA_ARGS` misuse.

See the [codeql-cli-binaries release notes](https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.4) for full details.
 		2023-09-27 15:18:59 -04:00
..
artifact-tests.yml update workflows to node20 2023-08-28 16:40:06 +02:00
audit.yml update workflows to node20 2023-08-28 16:40:06 +02:00
cache-tests.yml update workflows to node20 2023-08-28 16:40:06 +02:00
cache-windows-test.yml update workflows to node20 2023-08-28 16:40:06 +02:00
codeql.yml Upgrade codeql actions to v2 2023-09-27 15:18:59 -04:00
releases.yml update workflows to node20 2023-08-28 16:40:06 +02:00
unit-tests.yml . 2023-08-29 14:56:32 +00:00
update-github.yaml Bump actions to newer versions 2023-01-03 16:59:01 +01:00