You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2022/06/28 23:22:20 UTC

[cxf] branch 3.6.x-fixes updated: Bump actions/setup-java from 2 to 3 (#966)

This is an automated email from the ASF dual-hosted git repository.

reta pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.6.x-fixes by this push:
     new 84b398442f Bump actions/setup-java from 2 to 3 (#966)
84b398442f is described below

commit 84b398442fa4e576423a8dce2a47ae766ca975d4
Author: dependabot[bot] <49...@users.noreply.github.com>
AuthorDate: Mon Jun 27 10:24:10 2022 -0400

    Bump actions/setup-java from 2 to 3 (#966)
    
    Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.
    - [Release notes](https://github.com/actions/setup-java/releases)
    - [Commits](https://github.com/actions/setup-java/compare/v2...v3)
    
    ---
    updated-dependencies:
    - dependency-name: actions/setup-java
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <su...@github.com>
    
    Co-authored-by: dependabot[bot] <49...@users.noreply.github.com>
---
 .github/workflows/codeql-analysis.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 06438b87e2..6408e98701 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,8 +14,15 @@ on:
   #schedule:
     #- cron: '0 18 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/analyze to upload SARIF results
     name: Analyze
     runs-on: ubuntu-latest
 
@@ -30,13 +37,13 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
     - name: Cache local Maven repository
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -49,7 +56,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         #config-file: ./.github/codeql/codeql-cxf-config.yml
@@ -77,4 +84,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2