Skip to content

Bump github/codeql-action from 1 to 2 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump github/codeql-action from 1 to 2 #1

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 26, 2022
edited
Loading

Bumps github/codeql-action from 1 to 2.

Changelog

Sourced from github/codeql-action's changelog.

2.1.8 - 08 Apr 2022

  • Update default CodeQL bundle version to 2.8.5. #1014
  • Fix error where the init action would fail due to a GitHub API request that was taking too long to complete #1025

2.1.7 - 05 Apr 2022

  • A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. #1018

2.1.6 - 30 Mar 2022

  • [v2+ only] The CodeQL Action now runs on Node.js v16. #1000
  • Update default CodeQL bundle version to 2.8.4. #990
  • Fix a bug where an invalid commit_oid was being sent to code scanning when a custom checkout path was being used. #956
Commits
  • 2c03704 Allow the version of the ML-powered pack to depend on the CLI version
  • dd6b592 Simplify ML-powered query status report definition
  • a90d8bf Merge pull request #1011 from github/henrymercer/ml-powered-queries-pr-check
  • dc0338e Use latest major version of actions/upload-artifact
  • 57096fe Add a PR check to validate that ML-powered queries are run correctly
  • b0ddf36 Merge pull request #1012 from github/henrymercer/update-actions-major-versions
  • 1ea2f2d Merge branch 'main' into henrymercer/update-actions-major-versions
  • 9dcc141 Merge pull request #1010 from github/henrymercer/stop-running-ml-powered-quer...
  • ea751a9 Update other Actions from v2 to v3
  • a2949f4 Update actions/checkout from v2 to v3
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 26, 2022
@dependabot dependabot bot changed the base branch from trunk to master April 26, 2022 19:22
@dependabot
Bump github/codeql-action from 1 to 2
e943d9e 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github/codeql-action-2 branch from 11bf7d9 to e943d9e Compare April 26, 2022 19:22
schneems pushed a commit that referenced this pull request Nov 25, 2022
@nobu
[MSWin] Get rid of single quotes in sed command lines
c722597 
GnuWin32 sed strips only double quotes, but not single quotes, and
dies:

```
sed: -e expression #1, char 1: unknown command: `''
```
schneems pushed a commit that referenced this pull request Nov 25, 2022
@bdewater @rhenium
[ruby/openssl] Call out insecure PKCS #1 v1.5 default padding for RSA
6166fa6 
ruby/openssl@fd5eaa6dfc
schneems pushed a commit that referenced this pull request Nov 25, 2022
@tenderlove
Always lookup IV buffers when iterating
2d86e79 
Always look up instance variable buffers when iterating.  It is possible
for the instance variable buffer to change out from under the object
during iteration, so we cannot cache the buffer on the stack.

In the case of Bug #19095, the transient heap moved the buffer during
iteration:

```
Watchpoint 1 hit:
old value: 0x0000000107c00df8
new value: 0x00000001032743c0
Process 31720 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = watchpoint 1
    frame #0: 0x00000001006e5178 miniruby`rb_obj_transient_heap_evacuate(obj=0x000000010d6b94b0, promote=1) at variable.c:1361:5
   1358	        }
   1359	        MEMCPY(new_ptr, old_ptr, VALUE, len);
   1360	        ROBJECT(obj)->as.heap.ivptr = new_ptr;
-> 1361	    }
   1362	}
   1363	#endif
   1364
miniruby`rb_obj_transient_heap_evacuate:
->  0x1006e5178 <+328>: b      0x1006e517c               ; <+332> at variable.c:1362:1
    0x1006e517c <+332>: ldp    x29, x30, [sp, #0x50]
    0x1006e5180 <+336>: add    sp, sp, #0x60
    0x1006e5184 <+340>: ret
Target 0: (miniruby) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = watchpoint 1
  * frame #0: 0x00000001006e5178 miniruby`rb_obj_transient_heap_evacuate(obj=0x000000010d6b94b0, promote=1) at variable.c:1361:5
    frame #1: 0x00000001006cb150 miniruby`transient_heap_block_evacuate(theap=0x0000000100b196c0, block=0x0000000107c00000) at transient_heap.c:734:17
    frame #2: 0x00000001006c854c miniruby`transient_heap_evacuate(dmy=0x0000000000000000) at transient_heap.c:808:17
    frame #3: 0x00000001007fe6c0 miniruby`rb_postponed_job_flush(vm=0x0000000104402900) at vm_trace.c:1773:21
    frame #4: 0x0000000100637a84 miniruby`rb_threadptr_execute_interrupts(th=0x0000000103803bc0, blocking_timing=0) at thread.c:2316:13
    frame #5: 0x000000010078b730 miniruby`rb_vm_check_ints(ec=0x00000001048038d0) at vm_core.h:2025:9
    frame #6: 0x00000001006fbd10 miniruby`vm_pop_frame(ec=0x00000001048038d0, cfp=0x0000000104a04440, ep=0x0000000104904a28) at vm_insnhelper.c:422:5
    frame #7: 0x00000001006fbca0 miniruby`rb_vm_pop_frame(ec=0x00000001048038d0) at vm_insnhelper.c:431:5
    frame #8: 0x00000001007d6420 miniruby`vm_call0_cfunc_with_frame(ec=0x00000001048038d0, calling=0x000000016fdcc6a0, argv=0x0000000000000000) at vm_eval.c:153:9
    frame #9: 0x00000001007d44cc miniruby`vm_call0_cfunc(ec=0x00000001048038d0, calling=0x000000016fdcc6a0, argv=0x0000000000000000) at vm_eval.c:164:12
    frame #10: 0x0000000100766e80 miniruby`vm_call0_body(ec=0x00000001048038d0, calling=0x000000016fdcc6a0, argv=0x0000000000000000) at vm_eval.c:210:15
    frame #11: 0x00000001007d76f0 miniruby`vm_call0_cc(ec=0x00000001048038d0, recv=0x000000010d6b49d8, id=2769, argc=0, argv=0x0000000000000000, cc=0x000000010d6b2e58, kw_splat=0) at vm_eval.c:87:12
    frame #12: 0x0000000100769e48 miniruby`rb_funcallv_scope(recv=0x000000010d6b49d8, mid=2769, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) at vm_eval.c:1051:16
    frame #13: 0x0000000100760a54 miniruby`rb_funcallv(recv=0x000000010d6b49d8, mid=2769, argc=0, argv=0x0000000000000000) at vm_eval.c:1066:12
    frame #14: 0x000000010037513c miniruby`rb_inspect(obj=0x000000010d6b49d8) at object.c:633:34
    frame #15: 0x000000010002c950 miniruby`inspect_ary(ary=0x000000010d6b4938, dummy=0x0000000000000000, recur=0) at array.c:3091:13
    frame #16: 0x0000000100642020 miniruby`exec_recursive(func=(miniruby`inspect_ary at array.c:3084), obj=0x000000010d6b4938, pairid=0x0000000000000000, arg=0x0000000000000000, outer=0, mid=2769) at thread.c:5177:23
    frame #17: 0x00000001006412fc miniruby`rb_exec_recursive(func=(miniruby`inspect_ary at array.c:3084), obj=0x000000010d6b4938, arg=0x0000000000000000) at thread.c:5205:12
    frame #18: 0x00000001000127f0 miniruby`rb_ary_inspect(ary=0x000000010d6b4938) at array.c:3117:12
```

In general though, any calls back out to the interpreter could change
the IV buffer, so it's not safe to cache.

[Bug #19095]
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Nov 29, 2022

Looks like github/codeql-action is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Nov 29, 2022
@dependabot dependabot bot deleted the dependabot/github_actions/github/codeql-action-2 branch November 29, 2022 20:15
hsbt pushed a commit that referenced this pull request Oct 4, 2024
@peterzhu2118
Mark iseq keyword default values during compilation
6acf036 
During compilation, we write keyword default values into the iseq, so we
should mark it to ensure it does not get GC'd.

This might fix issues on ASAN like
http://ci.rvm.jp/logfiles/brlog.trunk_asan.20240927-194923

    ==805257==ERROR: AddressSanitizer: use-after-poison on address 0x7b7e5e3e2828 at pc 0x5e09ac4822f8 bp 0x7ffde56b0140 sp 0x7ffde56b0138
    READ of size 8 at 0x7b7e5e3e2828 thread T0
    #0 0x5e09ac4822f7 in RB_BUILTIN_TYPE include/ruby/internal/value_type.h:191:30
    #1 0x5e09ac4822f7 in rbimpl_RB_TYPE_P_fastpath include/ruby/internal/value_type.h:352:19
    #2 0x5e09ac4822f7 in gc_mark gc/default.c:4488:9
    #3 0x5e09ac51011e in rb_iseq_mark_and_move iseq.c:361:17
    #4 0x5e09ac4b85c4 in rb_imemo_mark_and_move imemo.c:386:9
    #5 0x5e09ac467544 in rb_gc_mark_children gc.c:2508:9
    #6 0x5e09ac482c24 in gc_mark_children gc/default.c:4673:5
    #7 0x5e09ac482c24 in gc_mark_stacked_objects gc/default.c:4694:9
    #8 0x5e09ac482c24 in gc_mark_stacked_objects_all gc/default.c:4732:12
    #9 0x5e09ac48c7f9 in gc_marks_rest gc/default.c:5755:9
    #10 0x5e09ac48c7f9 in gc_marks gc/default.c:5870:9
    #11 0x5e09ac48c7f9 in gc_start gc/default.c:6517:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant