Merge pull request #1346 from github/mergeback/v2.1.31-to-main-c3b6fce4

Mergeback v2.1.31 refs/heads/releases/v2 into main
2022-11-07 02:18:21 -08:00 · 2022-11-07 02:18:21 -08:00 · 8aff97f12c
commit 8aff97f12c
parent a8cabafa56 31a2afec21
4 changed files with 8 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,10 @@

 No user facing changes.

+## 2.1.31 - 04 Nov 2022
+
+- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)
+
 ## 2.1.30 - 02 Nov 2022

 - Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.1.31",
+  "version": "2.1.32",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "2.1.31",
+  "version": "2.1.32",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "2.1.31",
+      "version": "2.1.32",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^1.1.0",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.1.31",
+  "version": "2.1.32",
  "private": true,
  "description": "CodeQL action",
  "scripts": {