From aa765235031b111ef58d6264149799037ea1d18d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:20:11 +0000 Subject: [PATCH 1/4] Update default bundle to codeql-bundle-v2.20.2 --- lib/defaults.json | 8 ++++---- src/defaults.json | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/defaults.json b/lib/defaults.json index 1afbbc52d3..851fee2175 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.20.1", - "cliVersion": "2.20.1", - "priorBundleVersion": "codeql-bundle-v2.20.0", - "priorCliVersion": "2.20.0" + "bundleVersion": "codeql-bundle-v2.20.2", + "cliVersion": "2.20.2", + "priorBundleVersion": "codeql-bundle-v2.20.1", + "priorCliVersion": "2.20.1" } diff --git a/src/defaults.json b/src/defaults.json index 3c3e56944a..8645754788 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.20.1", - "cliVersion": "2.20.1", - "priorBundleVersion": "codeql-bundle-v2.20.0", - "priorCliVersion": "2.20.0" + "bundleVersion": "codeql-bundle-v2.20.2", + "cliVersion": "2.20.2", + "priorBundleVersion": "codeql-bundle-v2.20.1", + "priorCliVersion": "2.20.1" } From a0c2b7d2962efa67ce742fd48c4f3178950b2c25 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:20:16 +0000 Subject: [PATCH 2/4] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9396160ba..b01c517a2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.20.2. [#2707](https://github.com/github/codeql-action/pull/2707) ## 3.28.1 - 10 Jan 2025 From c34eb63970af33aa2fc41530a94c726b55a70813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 13:20:50 +0000 Subject: [PATCH 3/4] build(deps): bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group Bumps the npm_and_yarn group with 1 update: [undici](https://github.com/nodejs/undici). Updates `undici` from 5.28.4 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- package-lock.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index f8179a025f..6ac92424bd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7636,9 +7636,10 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", + "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" }, From 140c5ea762e1a2be830ca8428d936fb48671ba00 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 13:22:06 +0000 Subject: [PATCH 4/4] Update checked-in dependencies --- node_modules/.package-lock.json | 7 ++++--- node_modules/undici/lib/fetch/body.js | 10 +++++++++- node_modules/undici/package.json | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index a9ab271a4b..3c008471ec 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -7568,9 +7568,10 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", + "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" }, diff --git a/node_modules/undici/lib/fetch/body.js b/node_modules/undici/lib/fetch/body.js index fd8481b796..4afcfdfbcd 100644 --- a/node_modules/undici/lib/fetch/body.js +++ b/node_modules/undici/lib/fetch/body.js @@ -22,6 +22,14 @@ const { isUint8Array, isArrayBuffer } = require('util/types') const { File: UndiciFile } = require('./file') const { parseMIMEType, serializeAMimeType } = require('./dataURL') +let random +try { + const crypto = require('node:crypto') + random = (max) => crypto.randomInt(0, max) +} catch { + random = (max) => Math.floor(Math.random(max)) +} + let ReadableStream = globalThis.ReadableStream /** @type {globalThis['File']} */ @@ -107,7 +115,7 @@ function extractBody (object, keepalive = false) { // Set source to a copy of the bytes held by object. source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength)) } else if (util.isFormDataLike(object)) { - const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}` + const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}` const prefix = `--${boundary}\r\nContent-Disposition: form-data` /*! formdata-polyfill. MIT License. Jimmy Wärting */ diff --git a/node_modules/undici/package.json b/node_modules/undici/package.json index 65a2d9833c..0c6b71e175 100644 --- a/node_modules/undici/package.json +++ b/node_modules/undici/package.json @@ -1,6 +1,6 @@ { "name": "undici", - "version": "5.28.4", + "version": "5.28.5", "description": "An HTTP/1.1 client, written from scratch for Node.js", "homepage": "https://undici.nodejs.org", "bugs": {