Bump github/codeql-action from 3.28.16 to 3.28.18 (#619)

dependabot[bot] · web-flow · commit e8c2e30f1957 · 2025-06-02T20:50:02.000-07:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,78 +1,78 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-#
-# http://go.microsoft.com/fwlink/?LinkId=248926
-
-name: "CodeQL"
-
-on:
-  push:
-    branches: "main"
-    paths-ignore:
-      - '*.md'
-      - LICENSE
-      - '.azuredevops/**'
-      - '.nuget/*'
-      - build/*.cmd
-      - build/*.json
-      - build/*.props
-      - build/*.ps1
-      - build/*.targets
-      - build/*.xvd
-  pull_request:
-    branches: "main"
-    paths-ignore:
-      - '*.md'
-      - LICENSE
-      - '.azuredevops/**'
-      - '.nuget/*'
-      - build/*.cmd
-      - build/*.json
-      - build/*.props
-      - build/*.ps1
-      - build/*.targets
-      - build/*.xvd
-  schedule:
-    - cron: '43 3 * * 3'
-
-permissions:
-  contents: read
-
-jobs:
-  analyze:
-    name: Analyze (C/C++)
-    runs-on: windows-latest
-    timeout-minutes: 360
-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-      packages: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: 'Install Ninja'
-        run: choco install ninja
-
-      - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
-        with:
-          languages: c-cpp
-          build-mode: manual
-
-      - name: 'Configure CMake'
-        working-directory: ${{ github.workspace }}
-        run: cmake --preset=x64-Debug
-
-      - name: 'Build'
-        working-directory: ${{ github.workspace }}
-        run: cmake --build out\build\x64-Debug
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
-        with:
-          category: "/language:c-cpp"
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+#
+# http://go.microsoft.com/fwlink/?LinkId=248926
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: "main"
+    paths-ignore:
+      - '*.md'
+      - LICENSE
+      - '.azuredevops/**'
+      - '.nuget/*'
+      - build/*.cmd
+      - build/*.json
+      - build/*.props
+      - build/*.ps1
+      - build/*.targets
+      - build/*.xvd
+  pull_request:
+    branches: "main"
+    paths-ignore:
+      - '*.md'
+      - LICENSE
+      - '.azuredevops/**'
+      - '.nuget/*'
+      - build/*.cmd
+      - build/*.json
+      - build/*.props
+      - build/*.ps1
+      - build/*.targets
+      - build/*.xvd
+  schedule:
+    - cron: '43 3 * * 3'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze (C/C++)
+    runs-on: windows-latest
+    timeout-minutes: 360
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
+      packages: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Install Ninja'
+        run: choco install ninja
+
+      - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        with:
+          languages: c-cpp
+          build-mode: manual
+
+      - name: 'Configure CMake'
+        working-directory: ${{ github.workspace }}
+        run: cmake --preset=x64-Debug
+
+      - name: 'Build'
+        working-directory: ${{ github.workspace }}
+        run: cmake --build out\build\x64-Debug
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        with:
+          category: "/language:c-cpp"
diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml
@@ -1,88 +1,88 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-#
-# http://go.microsoft.com/fwlink/?LinkId=248926
-
-name: Microsoft C++ Code Analysis
-
-on:
-  push:
-    branches: "main"
-    paths-ignore:
-      - '*.md'
-      - LICENSE
-      - '.azuredevops/**'
-      - '.nuget/*'
-      - build/*.cmd
-      - build/*.json
-      - build/*.props
-      - build/*.ps1
-      - build/*.targets
-      - build/*.xvd
-  pull_request:
-    branches: "main"
-    paths-ignore:
-      - '*.md'
-      - LICENSE
-      - '.azuredevops/**'
-      - '.nuget/*'
-      - build/*.cmd
-      - build/*.json
-      - build/*.props
-      - build/*.ps1
-      - build/*.targets
-      - build/*.xvd
-  schedule:
-    - cron: '41 16 * * 1'
-
-permissions:
-  contents: read
-
-jobs:
-  analyze:
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    name: Analyze
-    runs-on: windows-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
-        with:
-          arch: amd64
-
-      - name: Configure CMake
-        working-directory: ${{ github.workspace }}
-        run: cmake -B out -DCMAKE_DISABLE_PRECOMPILE_HEADERS=ON
-
-      - name: 'Build Shaders (BC)'
-        shell: cmd
-        working-directory: ./DirectXTex/Shaders
-        run: CompileShaders.cmd
-        env:
-          CompileShadersOutput: ${{ github.workspace }}/out/Shaders/Compiled
-
-      - name: 'Build Shaders (DDSVIEW)'
-        shell: cmd
-        working-directory: ./DDSView
-        run: hlsl.cmd
-        env:
-          CompileShadersOutput: ${{ github.workspace }}/out/Shaders/Compiled
-
-      - name: Initialize MSVC Code Analysis
-        uses: microsoft/msvc-code-analysis-action@24c285ab36952c9e9182f4b78dfafbac38a7e5ee # v0.1.1
-        id: run-analysis
-        with:
-          cmakeBuildDirectory: ./out
-          buildConfiguration: Debug
-          ruleset: NativeRecommendedRules.ruleset
-
-      # Upload SARIF file to GitHub Code Scanning Alerts
-      - name: Upload SARIF to GitHub
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
-        with:
-          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+#
+# http://go.microsoft.com/fwlink/?LinkId=248926
+
+name: Microsoft C++ Code Analysis
+
+on:
+  push:
+    branches: "main"
+    paths-ignore:
+      - '*.md'
+      - LICENSE
+      - '.azuredevops/**'
+      - '.nuget/*'
+      - build/*.cmd
+      - build/*.json
+      - build/*.props
+      - build/*.ps1
+      - build/*.targets
+      - build/*.xvd
+  pull_request:
+    branches: "main"
+    paths-ignore:
+      - '*.md'
+      - LICENSE
+      - '.azuredevops/**'
+      - '.nuget/*'
+      - build/*.cmd
+      - build/*.json
+      - build/*.props
+      - build/*.ps1
+      - build/*.targets
+      - build/*.xvd
+  schedule:
+    - cron: '41 16 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Analyze
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
+        with:
+          arch: amd64
+
+      - name: Configure CMake
+        working-directory: ${{ github.workspace }}
+        run: cmake -B out -DCMAKE_DISABLE_PRECOMPILE_HEADERS=ON
+
+      - name: 'Build Shaders (BC)'
+        shell: cmd
+        working-directory: ./DirectXTex/Shaders
+        run: CompileShaders.cmd
+        env:
+          CompileShadersOutput: ${{ github.workspace }}/out/Shaders/Compiled
+
+      - name: 'Build Shaders (DDSVIEW)'
+        shell: cmd
+        working-directory: ./DDSView
+        run: hlsl.cmd
+        env:
+          CompileShadersOutput: ${{ github.workspace }}/out/Shaders/Compiled
+
+      - name: Initialize MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@24c285ab36952c9e9182f4b78dfafbac38a7e5ee # v0.1.1
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ./out
+          buildConfiguration: Debug
+          ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
