Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use one CodeQL Action version across the job

This upgrades only the init step while the same workflow still runs github/codeql-action/autobuild and github/codeql-action/analyze at v2.28.1 later in the job. CodeQL stores the init configuration with the action version and the later action validates it, so mixed versions in one job trigger the CodeQL warning that all github/codeql-action steps must use the same version and cause analysis to fail loading config written by v4 while running v2. Please update the companion autobuild/analyze steps to the same v4 pin (or keep init on v2) in this workflow.

Useful? React with 👍 / 👎.

with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand Down
Loading