Merge remote-tracking branch 'upstream/main' into update-ossf-workflow-permissions

trask · trask · commit 54eb54578495 · 2025-02-04T19:50:53.000-08:00
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -173,8 +173,8 @@
     },
     {
       // intentionally using Java 11 in some examples
-      // not using matchUpdateTypes "major", because renovate wants to bump "11-jre" to "11.0.19_7-jre"
       "matchPackageNames": ["eclipse-temurin"],
+      "matchUpdateTypes": ["major"],
       "enabled": false
     },
     {
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -61,8 +61,10 @@ jobs:
           tools: latest
 
       - name: Build
-        # skipping build cache is needed so that all modules will be analyzed
-        run: ./gradlew assemble -x javadoc
+        # --no-build-cache is required for codeql to analyze all modules
+        # --no-daemon is required for codeql to observe the compilation
+        # (see https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#specifying-build-commands)
+        run: ./gradlew assemble -x javadoc --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
         uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8

Original file line number	Diff line number	Diff line change
`@@ -173,8 +173,8 @@`
`173`	`173`	`},`
`174`	`174`	`{`
`175`	`175`	`// intentionally using Java 11 in some examples`
`176`		`- // not using matchUpdateTypes "major", because renovate wants to bump "11-jre" to "11.0.19_7-jre"`
`177`	`176`	`"matchPackageNames": ["eclipse-temurin"],`
	`177`	`+ "matchUpdateTypes": ["major"],`
`178`	`178`	`"enabled": false`
`179`	`179`	`},`
`180`	`180`	`{`