Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-2.0.0

2021-08-11 12:18:01 +01:00 · 2021-08-11 12:18:01 +01:00 · 46ddfc6186
commit 46ddfc6186
parent d6a5bf5c1c 07fa17da87
8 changed files with 19 additions and 11 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -17,8 +17,6 @@ jobs:
      versions: ${{ steps.compare.outputs.versions }}

    permissions:
-      actions: read
-      contents: read
      security-events: write

    steps:
@ -68,8 +66,6 @@ jobs:
    runs-on: ${{ matrix.os }}

    permissions:
-      actions: read
-      contents: read
      security-events: write

    steps:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,11 @@

 ## [UNRELEASED]

-No user facing changes.
+- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)
+
+## 1.0.11 - 09 Aug 2021
+
+- Update default CodeQL bundle version to 2.5.9. [#687](https://github.com/github/codeql-action/pull/687)

 ## 1.0.10 - 03 Aug 2021

--- a/README.md
+++ b/README.md
@ -42,6 +42,14 @@ jobs:
    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
    runs-on: ubuntu-latest

+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "1.0.11",
+  "version": "1.0.12",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "1.0.11",
+  "version": "1.0.12",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "1.0.11",
+      "version": "1.0.12",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^0.5.2",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "1.0.11",
+  "version": "1.0.12",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
--- a/runner/package-lock.json
+++ b/runner/package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "codeql-runner",
-  "version": "1.0.11",
+  "version": "1.0.12",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/runner/package.json
+++ b/runner/package.json
@ -1,6 +1,6 @@
 {
  "name": "codeql-runner",
-  "version": "1.0.11",
+  "version": "1.0.12",
  "private": true,
  "description": "CodeQL runner",
  "scripts": {