Merge pull request #119 from advanced-security/s-samadi/dependency-up…

…dates Dependency Updates
advanced-security · Dec 9, 2024 · 3478381 · 3478381
2 parents 9e8b8a1 + d78c536
commit 3478381
Show file tree

Hide file tree

Showing 14 changed files with 33,664 additions and 15,354 deletions.
diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
@@ -21,10 +21,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set Node.js 16.x
-        uses: actions/setup-node@v3.6.0
+        uses: actions/setup-node@v4.1.0
         with:
           node-version: 16.x
 
@@ -46,7 +46,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,11 +38,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           source-root: src
@@ -54,7 +54,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dismiss-alerts-test.yml b/.github/workflows/dismiss-alerts-test.yml
@@ -15,10 +15,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           packs: advanced-security-demo/${{ matrix.language }}-alert-suppression
@@ -43,7 +43,7 @@ jobs:
  
       - name: Perform CodeQL Analysis
         id: analyze
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
         with:
           output: ${{ matrix.language }}-sarif-results
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ jobs:
   build: # make sure build/ci work properly
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: |
           npm ci
       - run: |

diff --git a/.node-version b/.node-version
@@ -0,0 +1 @@
+22.11.0
diff --git a/README.md b/README.md
@@ -17,41 +17,43 @@ CodeQL populates the `suppression` property in its SARIF output based on the res
 ### Example - CodeQL 
 
 ```yaml
-name: "CodeQL"
+name: "CodeQL Advanced"
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
-
+    branches: [main]
+  schedule:
+    - cron: "31 7 * * 3"
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze (${{ matrix.language }})
     runs-on: ubuntu-latest
     permissions:
+      security-events: write
+      packages: read
       actions: read
       contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ "java" ]
+        include:
+        - language: java-kotlin
+          build-mode: none
+          query: codeql/java-queries:AlertSuppression.ql        
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        # run an 'alert-suppression' query
-        packs: "codeql/${{ matrix.language }}-queries:AlertSuppression.ql"
-
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+        build-mode: ${{ matrix.build-mode }}
+        packs: ${{ matrix.query }}
 
     - name: Perform CodeQL Analysis
       # define an 'id' for the analysis step
@@ -61,12 +63,12 @@ jobs:
         category: "/language:${{matrix.language}}"
         # define the output folder for SARIF files
         output: sarif-results
-
+        
     - name: Dismiss alerts
       if: github.ref == 'refs/heads/main'
-      uses: advanced-security/dismiss-alerts@v1
+      uses: advanced-security/dismiss-alerts@v2
       with:
-        # specify a 'sarif-id' and 'sarif-file'
+         # specify a 'sarif-id' and 'sarif-file'
         sarif-id: ${{ steps.analyze.outputs.sarif-id }}
         sarif-file: sarif-results/${{ matrix.language }}.sarif
       env:

diff --git a/action.yml b/action.yml
@@ -8,5 +8,5 @@ inputs:
     description: "Path to the input SARIF file"
     required: true
 runs:
-  using: "node16"
+  using: "node20"
   main: "dist/index.js"