Merge pull request #1346 from github/mergeback/v2.1.31-to-main-c3b6fce4

Mergeback v2.1.31 refs/heads/releases/v2 into main
github · Nov 7, 2022 · 8aff97f · 8aff97f
2 parents a8cabaf + 31a2afe
commit 8aff97f
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 No user facing changes.
 
+## 2.1.31 - 04 Nov 2022
+
+- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)
+
 ## 2.1.30 - 02 Nov 2022
 
 - Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)

diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.31",
+  "version": "2.1.32",
   "private": true,
   "description": "CodeQL action",
   "scripts": {