commit c4fe0ba59ea84b3fd58f0e2cb7b7a30bda95cbe5
author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Tue Jun 04 09:05:44 2024 -0700
committer Copybara-Service <copybara-worker@google.com> Tue Jun 04 09:07:33 2024 -0700
tree eae9f866917238f4b8320b1164069c98d8fef7db
parent 1c0135cf88bf16d9ffddf8f687ded797f07960b1

Bump the github-actions group with 4 updates

Bumps the github-actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [bazelbuild/continuous-integration](https://github.com/bazelbuild/continuous-integration), [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `step-security/harden-runner` from 2.7.1 to 2.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<p>Release v2.8.0 by <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/416">step-security/harden-runner#416</a>
This release includes:</p>
<ul>
<li>File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.</li>
<li>Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.</li>
</ul>
<p>These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.8.0">https://github.com/step-security/harden-runner/compare/v2...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/step-security/harden-runner/commit/f086349bfa2bd1361f7909c78558e816508cdc10"><code>f086349</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/416">#416</a> from step-security/rc-8</li>
<li><a href="https://github.com/step-security/harden-runner/commit/b9c325d8cec96c3cecd4f8c5ab6b4f9058e4c586"><code>b9c325d</code></a> Update image</li>
<li><a href="https://github.com/step-security/harden-runner/commit/808a771f66e13e2991bc3b6062649d248f41f7b6"><code>808a771</code></a> Add info about file and process events</li>
<li><a href="https://github.com/step-security/harden-runner/commit/71714298b4c48ff29a5e1a00d4e7a986f8b3beab"><code>7171429</code></a> Update agent</li>
<li><a href="https://github.com/step-security/harden-runner/commit/9ff9d14760a73102d9fa2f47131624137f50ead8"><code>9ff9d14</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/406">#406</a> from step-security/dependabot/github_actions/step-sec...</li>
<li><a href="https://github.com/step-security/harden-runner/commit/ac5fa0194e5c1f994c09fb151efeb386a2486859"><code>ac5fa01</code></a> Bump step-security/harden-runner from 2.7.0 to 2.7.1</li>
<li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/a4aa98b93cab29d9b1101a6143fb8bce00e2eac4...f086349bfa2bd1361f7909c78558e816508cdc10">compare view</a></li>
</ul>
</details>
<br />

Updates `bazelbuild/continuous-integration` from 41a5b5c2f1a075e7fbab8f6b82e839906139ccc6 to fcd3cdd216acf5b78449ae6c05da1c789f5ef76c
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/bazelbuild/continuous-integration/blob/master/docs/release-playbook.md">bazelbuild/continuous-integration's changelog</a>.</em></p>
<blockquote>
<h1>Bazel Release Playbook</h1>
<p>This is the guide to conducting a Bazel release. This is especially relevant for
release managers, but will be of interest to anyone who is curious about the
release process.</p>
<h2>Preface</h2>
<blockquote>
<p>For future reference and release managers - the release manager playbook should
be treated like an IKEA manual. That means: Do not try to be smart, optimize /
skip / reorder steps, otherwise chaos will ensue. Just follow it and the end
result will be.. well, a usable piece of furniture, or a Bazel release
(depending on the manual).</p>
<p>Like aviation and workplace safety regulations, the playbook is written in the
tears and blood of broken Bazelisks, pipelines, releases and Git branches.
Assume that every step is exactly there for a reason, even if it might not be
obvious. If you follow them to the letter, they are not error prone. Errors
have only happened in the past, when a release manager thought it's ok to
follow them by spirit instead. ;)</p>
<p>-- <a href="https://github.com/philwo"><code>@​philwo</code></a></p>
</blockquote>
<h2>One-time setup</h2>
<p>These steps only have to be performed once, ever.</p>
<ul>
<li>Make sure you are a member of the Bazel <a href="https://github.com/orgs/bazelbuild/teams/release-managers/members">Release Managers</a> team on GitHub.</li>
<li>Make sure you are a member of the Bazel <a href="https://buildkite.com/organizations/bazel-trusted/teams/release-managers/members">release-managers</a>
group on BuildKite.  If that link does not work for you, ask one of the Buildkite org admins to add you to
the group.</li>
<li>Set up github ssh key if you haven't already.
<ul>
<li><a href="https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/">https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/</a></li>
</ul>
</li>
<li>Generate a new identifier for Google's internal Git mirror: <a href="https://bazel.googlesource.com/new-password">https://bazel.googlesource.com/new-password</a> (and paste the code in your shell).</li>
<li>Log in to the Gerrit UI to create an account: <a href="[]
</ul>
<h2>Preparing a new release</h2>
<ol>
<li><a href="https://github.com/bazelbuild/bazel/milestones/new">Create a release blockers milestone</a> named &quot;X.Y.Z release blockers&quot; (case-sensitive), where we keep track of issues that must be resolved before the release goes out.
<ul>
<li>Set the (tentative) release date.</li>
<li>Add this description: <code>Issues that need to be resolved before the X.Y.Z release.</code>.</li>
<li>Refer to <a href="https://github.com/bazelbuild/bazel/milestone/38">this example</a></li>
</ul>
</li>
<li><a href="https://github.com/bazelbuild/bazel/issues/new?assignees=&amp;labels=release%2Cteam-OSS%2CP1%2Ctype%3A+process&amp;template=release.md&amp;title=Release+X.Y+-+%24MONTH+%24YEAR">Create a release tracking issue</a> to keep the community updated about the progress of the release. <a href="https://redirect.github.com/bazelbuild/bazel/issues/16159">See example</a>. Pin this issue.</li>
<li>Create the branch for the release. The branch should always be named <code>release-X.Y.Z</code> (the <code>.Z</code> part is important). Cherry-pick PRs will be sent against this branch.
<ul>
<li>The actual creation of the branch can be done via the GitHub UI or via the command line. For minor and patch releases, create the branch from the previous release tag, if possible. How we choose the base commit of the branch depends on the type of the release:</li>
<li>For patch releases (<code>X.Y.Z</code> where <code>Z&gt;0</code>), the base commit should simply be <code>X.Y.(Z-1)</code>.</li>
<li>For minor releases (<code>X.Y.0</code> where <code>Y&gt;0</code>), the base commit should typically be <code>X.(Y-1).&lt;current max Z&gt;</code>.</li>
<li>For major releases (<code>X.0.0</code>), the base commit is some &quot;healthy&quot; commit on the main branch.
<ul>
<li>This means that there's an extra step involved in preparing the release -- &quot;cutting&quot; the release branch, so to speak. For this, check the <a href="https://buildkite.com/bazel/bazel-with-downstream-projects-bazel">Bazel@HEAD+Downstream pipeline</a>. The branch cut should happen on a green commit there; if the pipeline is persistently red, work with the Green Team to resolve it first and delay the branch cut as needed.</li>
<li>A first release candidate should immediately be created after the release branch is created. See <a href="https://github.com/bazelbuild/continuous-integration/blob/master/docs/#create-a-release-candidate">create a release candidate</a> below.</li>
</ul>
</li>
</ul>
</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/fcd3cdd216acf5b78449ae6c05da1c789f5ef76c"><code>fcd3cdd</code></a> Gerrit build: Bump Fedora version to 40 (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1959">#1959</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/195ca8dd39d0f35121df8693fb4c6e00bdcce35c"><code>195ca8d</code></a> Bump requests from 2.31.0 to 2.32.2 in /actions/update-lockfile (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1958">#1958</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/968f5d3d21148f7a52bcc8752370d919731966b1"><code>968f5d3</code></a> Update lockfiles when PR is merged to a release branch (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1950">#1950</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/ada80845567251d7714192c80480dd24adfcf2ca"><code>ada8084</code></a> Shard summary: Show root cause of build failures (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1953">#1953</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/9fe262a5dc799e023ff3cda8b76222c85cbf13b3"><code>9fe262a</code></a> Test shard summary: Include FAILED_TO_BULD targets (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1952">#1952</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/061ce4e133a686b96e567301f167ce1784a6b0f7"><code>061ce4e</code></a> Add docker image for fedora 40 linux distribution (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1947">#1947</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/d92a692d83313645d55604a2983b15d6470740c1"><code>d92a692</code></a> Bump requests from 2.31.0 to 2.32.0 in /buildkite/docker/ubuntu1604 (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1954">#1954</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/57255fdc09a102f555263bc567d064a6921d7b2b"><code>57255fd</code></a> Improve display of available Xcode versions (<a href="https://redirect.github.com/bazelbuild/continuous-integration/issues/1951">#1951</a>)</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/102c2a75b67cf28b1a7e5959a6b7f06d8f4a92a6"><code>102c2a7</code></a> Update README.md</li>
<li><a href="https://github.com/bazelbuild/continuous-integration/commit/b9928ed7bb4b791349b0812f1d931fc0f424c5bf"><code>b9928ed</code></a> update slack invite link again</li>
<li>See full diff in <a href="https://github.com/bazelbuild/continuous-integration/compare/41a5b5c2f1a075e7fbab8f6b82e839906139ccc6...fcd3cdd216acf5b78449ae6c05da1c789f5ef76c">compare view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v2.3.3</h2>
<blockquote>
<p>[!NOTE]<br />
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag</p>
</blockquote>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1366">ossf/scorecard-action#1366</a></li>
<li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1374">ossf/scorecard-action#1374</a></li>
<li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1377">ossf/scorecard-action#1377</a></li>
</ul>
<p>For a full changelist of what these include, see the <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1">v5.0.0-rc1</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2">v5.0.0-rc2</a> release notes.</p>
<h3>Documentation</h3>
<ul>
<li>:book: Move token discussion out of main README. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1279">ossf/scorecard-action#1279</a></li>
<li>:book: link to <code>ossf/scorecard</code> workflow instead of maintaining an example by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1352">ossf/scorecard-action#1352</a></li>
<li>:book: update api links to new scorecard.dev site by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1376">ossf/scorecard-action#1376</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3">https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ossf/scorecard-action/commit/dc50aa9510b46c811795eb24b2f1ba02a914e534"><code>dc50aa9</code></a> :seedling: Bump docker tag for v2.3.3 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1368">#1368</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/8ff570017382a0ef795f21f71e519b27a9b5f29e"><code>8ff5700</code></a> :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/8ba5e73d11a5fd0917494d02ab01dfd7866d2191"><code>8ba5e73</code></a> update api links to new scorecard.dev site (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1376">#1376</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/92ddde3eaffd7e147638317c023642a6adc8a874"><code>92ddde3</code></a> Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1374">#1374</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/6c55905542a1ce814c7ec177a96904f5bc74aab5"><code>6c55905</code></a> :seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1373">#1373</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/09bb953b6a0e34c84fb453985435a07cc2baa3a3"><code>09bb953</code></a> :seedling: Bump distroless/base in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1372">#1372</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/1511e1305b9d7e51245388421563264573c77bc7"><code>1511e13</code></a> :seedling: Bump the github-actions group across 1 directory with 6 updates (#...</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/df66cd8fd834fab4483ac0031b8d8ff819b62422"><code>df66cd8</code></a> :seedling: Bump the docker-images group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1370">#1370</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/fad9a3cc533bb069b1f01f272f1f630895cd690a"><code>fad9a3c</code></a> :seedling: Bump distroless/base in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1364">#1364</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/1e01a309c1de65b6221c25768bcfc322bac8ccee"><code>1e01a30</code></a> :seedling: Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1365">#1365</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534">compare view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.25.3 to 3.25.7
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<p>Note that the only difference between <code>v2</code> and <code>v3</code> of the CodeQL Action is the node version they support, with <code>v3</code> running on node 20 while we continue to release <code>v2</code> to support running on node 16. For example <code>3.22.11</code> was the first <code>v3</code> release and is functionally identical to <code>2.22.11</code>. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.7 - 31 May 2024</h2>
<ul>
<li>We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. <a href="https://redirect.github.com/github/codeql-action/pull/2306">#2306</a></li>
</ul>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a href="https://redirect.github.com/github/codeql-action/pull/2295">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the <a href="https://github.com/github/codeql-action/blob/main/README.md">https://github.com/github/codeql-action/blob/main/README.md</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2273">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code> trigger when the CodeQL Action is triggered via a <code>workflow_call</code> event. <a href="https://redirect.github.com/github/codeql-action/pull/2274">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action has been renamed to <code>tools: linked</code>. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. <a href="https://redirect.github.com/github/codeql-action/pull/2281">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a href="https://redirect.github.com/github/codeql-action/pull/2270">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as <code>macos-12</code>. ARM machines with SIP disabled, including the newest <code>macos-latest</code> image, are unsupported for CLI versions before 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the <code>autobuild</code> <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build mode</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if <code>--overwrite</code> was specified in <code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python analysis has been removed. <a href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the <code>init</code> Action</li>
<li>The <code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code> environment variable</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/f079b8493333aace61c81488f8bd40919487bd9f"><code>f079b84</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2317">#2317</a> from github/update-v3.25.7-a095bf2a1</li>
<li><a href="https://github.com/github/codeql-action/commit/e1a42688dbe6ce54cc33e2b6b65fc02abdb09762"><code>e1a4268</code></a> Update changelog for v3.25.7</li>
<li><a href="https://github.com/github/codeql-action/commit/a095bf2a16b83cb3b52e6adba696c70f41e82864"><code>a095bf2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2313">#2313</a> from github/revert-2312-update-bundle/codeql-bundle-...</li>
<li><a href="https://github.com/github/codeql-action/commit/bbd4e19f51d83bb98b025b83b255e44eaa1a1e7f"><code>bbd4e19</code></a> Revert &quot;Update default bundle to 2.17.4&quot;</li>
<li><a href="https://github.com/github/codeql-action/commit/9ab5d16a3df4885b74bb18ab349bcc6c253ee3e0"><code>9ab5d16</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2312">#2312</a> from github/update-bundle/codeql-bundle-v2.17.4</li>
<li><a href="https://github.com/github/codeql-action/commit/028346e1ff2c03a735c6527b84f0a3179f2092b0"><code>028346e</code></a> Add changelog note</li>
<li><a href="https://github.com/github/codeql-action/commit/5fe08473f8b98c47563f401bed5134a59ce06dee"><code>5fe0847</code></a> Update default bundle to codeql-bundle-v2.17.4</li>
<li><a href="https://github.com/github/codeql-action/commit/9550da953dd3b29aedf76cd635101e48eae5eebd"><code>9550da9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2311">#2311</a> from github/henrymercer/pack-missing-auth-config-error</li>
<li><a href="https://github.com/github/codeql-action/commit/6548a4d65ce2414afca98f8368cabfff0541ba18"><code>6548a4d</code></a> Add configuration error for missing auth to package registry</li>
<li><a href="https://github.com/github/codeql-action/commit/7927df07e268eafe499c344cd19f8bf82f4f19f7"><code>7927df0</code></a> Bump micromatch from 4.0.5 to 4.0.7 in the npm group (<a href="https://redirect.github.com/github/codeql-action/issues/2310">#2310</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/d39d31e687223d841ef683f52467bd88e9b21c14...f079b8493333aace61c81488f8bd40919487bd9f">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions

</details>

Closes #22605.

PiperOrigin-RevId: 640172972
Change-Id: Ia9efb1ea38e992dceaa75d8ba9263ab59c0042df