Bump the upstream-libs group with 2 updates #157

	# For most projects, this workflow file will not need changing; you simply need
	# to commit it to your repository.
	#
	# You may wish to alter this file to override the set of languages analyzed,
	# or to provide custom queries or build logic.
	#
	# ****** NOTE ******
	# We have attempted to detect the languages in your repository. Please check
	# the `language` matrix defined below to confirm you have the correct set of
	# supported CodeQL languages.
	#
	name: "CodeQL"

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '28 10 * * 4'

	jobs:
	analyze:
	name: Analyze
	if: ${{ !(github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, '[maven-release-plugin]')) }}

	runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') \|\| 'ubuntu-latest' }}
	timeout-minutes: ${{ (matrix.language == 'swift' && 120) \|\| 360 }}
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'java-kotlin' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}

	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: 'temurin'
	cache: 'maven'

	- name: Build
	run: mvn -B clean package -DskipTests

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:${{matrix.language}}"

Provide feedback