From 0d0f0ef80ee09bea09bf140a1bf2727ad8d58ff5 Mon Sep 17 00:00:00 2001
From: Robin Neatherway <rneatherway@github.com>
Date: Thu, 15 Jul 2021 17:20:13 +0100
Subject: [PATCH 01/10] Suggest limiting push/pull_request triggers

Bring the template in line with the one used by the UI.
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 62b5fbce9c..b7b3a0e9b4 100644
--- a/README.md
+++ b/README.md
@@ -21,8 +21,8 @@ To get code scanning results from CodeQL analysis on your repo you can use the f
 name: "Code Scanning - Action"
 
 on:
-  push:
-  pull_request:
+  push: [main]
+  pull_request: [main]
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │  ┌───────────── hour (0 - 23)

From 2a20b15eca35e52f082a7082cb7384bce13f825b Mon Sep 17 00:00:00 2001
From: Robin Neatherway <rneatherway@github.com>
Date: Fri, 16 Jul 2021 10:08:37 +0100
Subject: [PATCH 02/10] Update README.md

Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b7b3a0e9b4..f1bfdcaf82 100644
--- a/README.md
+++ b/README.md
@@ -21,8 +21,10 @@ To get code scanning results from CodeQL analysis on your repo you can use the f
 name: "Code Scanning - Action"
 
 on:
-  push: [main]
-  pull_request: [main]
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │  ┌───────────── hour (0 - 23)

From bf54da2db0b58b467215afc11e881e633eea7706 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions@github.com>
Date: Wed, 21 Jul 2021 14:22:29 +0000
Subject: [PATCH 03/10] Update changelog and version after v1.0.7

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7689fa302..6c76949d7b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CodeQL Action and CodeQL Runner Changelog
 
+## [UNRELEASED]
+
+No user facing changes.
+
 ## 1.0.7 - 21 Jul 2021
 
 No user facing changes.

From 63603427efe0c718180e12c77f970146dc75b32f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions@github.com>
Date: Wed, 21 Jul 2021 14:22:34 +0000
Subject: [PATCH 04/10] 1.0.8

---
 package-lock.json        | 2 +-
 package.json             | 2 +-
 runner/package-lock.json | 2 +-
 runner/package.json      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ad90919565..8bbafa10fe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
diff --git a/package.json b/package.json
index 83026a73a4..036656ab57 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
diff --git a/runner/package-lock.json b/runner/package-lock.json
index 9034aa1e11..b0eda5d79f 100644
--- a/runner/package-lock.json
+++ b/runner/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql-runner",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/runner/package.json b/runner/package.json
index fcc26e6e1c..6eed60b91c 100644
--- a/runner/package.json
+++ b/runner/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql-runner",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "private": true,
   "description": "CodeQL runner",
   "scripts": {

From e145aa414e3d4113718827f753e1873dc51e9ffb Mon Sep 17 00:00:00 2001
From: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Date: Mon, 26 Jul 2021 09:49:42 +0100
Subject: [PATCH 05/10] Enable dependabot automatic updates

---
 .github/depandabot.yml                    |  9 ++++++
 .github/workflows/update-dependencies.yml | 37 +++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 .github/depandabot.yml
 create mode 100644 .github/workflows/update-dependencies.yml

diff --git a/.github/depandabot.yml b/.github/depandabot.yml
new file mode 100644
index 0000000000..bd13bc61ec
--- /dev/null
+++ b/.github/depandabot.yml
@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "thursday" # Gives us a working day to merge this before our typical release
+    labels:
+      - "Update dependencies"
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
new file mode 100644
index 0000000000..ddf76a98ec
--- /dev/null
+++ b/.github/workflows/update-dependencies.yml
@@ -0,0 +1,37 @@
+name: Update dependencies
+on:
+  pull_request:
+
+jobs:
+  update:
+    name: Update dependencies
+    runs-on: macos-latest
+    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies')
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Remove PR label
+      env:
+        REPOSITORY: '${{ github.repository }}'
+        PR_NUMBER: '${{ github.event.pull_request.number }}'
+        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+      run: |
+        gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE
+
+    - name: Push updated dependencies
+      env:
+        BRANCH: '${{ github.head_ref }}'
+      run: |
+        git fetch
+        git checkout $BRANCH
+        sudo npm install --force -g npm@latest
+        npm install
+        npm ci
+        npm run removeNPMAbsolutePaths
+        git config --global user.email "github-actions@github.com"
+        git config --global user.name "github-actions[bot]"
+        git add node_modules
+        git commit -am "Update checked-in dependencies"
+        git push
+

From 934fb86c580816d8f762fb2bf9c0904086054516 Mon Sep 17 00:00:00 2001
From: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Date: Mon, 26 Jul 2021 13:46:10 +0100
Subject: [PATCH 06/10] Address PR comments from @robertbrignull

---
 .github/workflows/pr-checks.yml                |  2 +-
 .github/workflows/script/check-node-modules.sh |  1 +
 .github/workflows/update-dependencies.yml      | 10 +++++++---
 node_modules/.package-lock.json                |  6 +-----
 package-lock.json                              |  6 +-----
 5 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index ff4911c054..18ae979141 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -27,7 +27,7 @@ jobs:
       run: .github/workflows/script/check-js.sh
 
   check-node-modules:
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
 
     steps:
     - uses: actions/checkout@v2
diff --git a/.github/workflows/script/check-node-modules.sh b/.github/workflows/script/check-node-modules.sh
index 45e4385102..47d92ec2d1 100755
--- a/.github/workflows/script/check-node-modules.sh
+++ b/.github/workflows/script/check-node-modules.sh
@@ -7,6 +7,7 @@ if [ ! -z "$(git status --porcelain)" ]; then
     >&2 echo "Failed: Repo should be clean before testing!"
     exit 1
 fi
+sudo npm install --force -g npm@latest
 # Reinstall modules and then clean to remove absolute paths
 # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
 npm ci
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
index ddf76a98ec..4391cd2d56 100644
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -1,6 +1,7 @@
 name: Update dependencies
 on:
-  pull_request:
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled]
 
 jobs:
   update:
@@ -32,6 +33,9 @@ jobs:
         git config --global user.email "github-actions@github.com"
         git config --global user.name "github-actions[bot]"
         git add node_modules
-        git commit -am "Update checked-in dependencies"
-        git push
+        if ! git commit -am "Update checked-in dependencies" ; then
+          echo "No changes detected, skipping pushing..."
+          exit 0
+        fi
+        git push origin "$BRANCH"
 
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index 58f070d32e..692758e8d6 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
@@ -1243,7 +1243,6 @@
       "dependencies": {
         "anymatch": "~3.1.1",
         "braces": "~3.0.2",
-        "fsevents": "~2.1.2",
         "glob-parent": "~5.1.0",
         "is-binary-path": "~2.1.0",
         "is-glob": "~4.0.1",
@@ -3220,9 +3219,6 @@
     "node_modules/jsonfile": {
       "version": "4.0.0",
       "license": "MIT",
-      "dependencies": {
-        "graceful-fs": "^4.1.6"
-      },
       "optionalDependencies": {
         "graceful-fs": "^4.1.6"
       }
diff --git a/package-lock.json b/package-lock.json
index 8bbafa10fe..2bdee415aa 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,7 +6,7 @@
   "packages": {
     "": {
       "name": "codeql",
-      "version": "1.0.6",
+      "version": "1.0.8",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^0.5.1",
@@ -1297,7 +1297,6 @@
       "dependencies": {
         "anymatch": "~3.1.1",
         "braces": "~3.0.2",
-        "fsevents": "~2.1.2",
         "glob-parent": "~5.1.0",
         "is-binary-path": "~2.1.0",
         "is-glob": "~4.0.1",
@@ -3274,9 +3273,6 @@
     "node_modules/jsonfile": {
       "version": "4.0.0",
       "license": "MIT",
-      "dependencies": {
-        "graceful-fs": "^4.1.6"
-      },
       "optionalDependencies": {
         "graceful-fs": "^4.1.6"
       }

From 554f1b3765e67ae4fe99e71026b1f4322177ab56 Mon Sep 17 00:00:00 2001
From: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Date: Mon, 26 Jul 2021 15:14:35 +0100
Subject: [PATCH 07/10] Address further PR comment

---
 .github/workflows/update-dependencies.yml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
index 4391cd2d56..afd20effb8 100644
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -30,12 +30,10 @@ jobs:
         npm install
         npm ci
         npm run removeNPMAbsolutePaths
-        git config --global user.email "github-actions@github.com"
-        git config --global user.name "github-actions[bot]"
-        git add node_modules
-        if ! git commit -am "Update checked-in dependencies" ; then
-          echo "No changes detected, skipping pushing..."
-          exit 0
+        if [ ! -z "$(git status --porcelain)" ]; then
+          git config --global user.email "github-actions@github.com"
+          git config --global user.name "github-actions[bot]"
+          git add node_modules
+          git commit -am "Update checked-in dependencies"
+          git push origin "$BRANCH"
         fi
-        git push origin "$BRANCH"
-

From fb8602423dd15dfe8778d6e4320c3822aafbe2a1 Mon Sep 17 00:00:00 2001
From: alexet <alexet@semmle.com>
Date: Mon, 26 Jul 2021 18:07:55 +0100
Subject: [PATCH 08/10] Update codeql bunde to 20210726 / 2.5.8

---
 lib/defaults.json | 2 +-
 src/defaults.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/defaults.json b/lib/defaults.json
index 941ed9f010..57056c17db 100644
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20210702"
+    "bundleVersion": "codeql-bundle-20210726"
 }
diff --git a/src/defaults.json b/src/defaults.json
index 3d2d955c62..77c5fcd070 100644
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,3 +1,3 @@
 {
-	"bundleVersion": "codeql-bundle-20210702"
+	"bundleVersion": "codeql-bundle-20210726"
 }

From dd1c95359bfd57020ba6b8e7af3daebd7eb37945 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions@github.com>
Date: Mon, 26 Jul 2021 23:09:46 +0000
Subject: [PATCH 09/10] 1.0.8

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c76949d7b..779718d36d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # CodeQL Action and CodeQL Runner Changelog
 
-## [UNRELEASED]
+## 1.0.8 - 26 Jul 2021
 
 No user facing changes.
 

From 57a865e201710d57ef8f7188071faf55db81e491 Mon Sep 17 00:00:00 2001
From: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
Date: Mon, 26 Jul 2021 16:19:22 -0700
Subject: [PATCH 10/10] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 779718d36d..fd6a403813 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## 1.0.8 - 26 Jul 2021
 
-No user facing changes.
+- Update default CodeQL bundle version to 2.5.8. [#631](https://github.com/github/codeql-action/pull/631)
 
 ## 1.0.7 - 21 Jul 2021
 

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/github/codeql-action/pull/633.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/github/codeql-action/pull/633.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/github/codeql-action/pull/633.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/github/codeql-action/pull/633.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>