Skip to content

Merge releases/v4 into releases/v3 #3237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 90 commits into from
Oct 24, 2025
Merged

Merge releases/v4 into releases/v3 #3237

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
90 commits
Select commit Hold shift + click to select a range
2ade8a0
Use `uploadSarif` rather than `uploadFiles` in `analyze` action
mbg Oct 14, 2025
66df0bc
Add and use `parseUserConfig`
mbg Oct 12, 2025
ac922ab
Add and validate `UserConfig` schema
mbg Oct 12, 2025
4f14649
Add additional regex to `CliConfigErrorCategory.PackCannotBeFound`
mbg Oct 12, 2025
913cd47
Add `checkExpectedLogMessages` function to `testing-utils`
mbg Oct 14, 2025
0822fb1
Log validation errors
mbg Oct 14, 2025
d7a8ae5
Include first 10 errors in exception message
mbg Oct 14, 2025
2c8f489
Add FF for config validation
mbg Oct 17, 2025
9ce56a2
Make schema for `QueryFilter` less strict
mbg Oct 17, 2025
b03dcd5
Update changelog and version after v4.30.9
github-actions[bot] Oct 17, 2025
aa0f6ea
Rebuild
github-actions[bot] Oct 17, 2025
d88a554
Merge pull request #3215 from github/mergeback/v4.30.9-to-main-16140ae1
henrymercer Oct 17, 2025
c64c407
Handle HTTP errors with `httpStatusCode` property
henrymercer Oct 20, 2025
a6b9514
Wrap API configuration errors when setting up CodeQL
henrymercer Oct 20, 2025
8c324fe
Add experimental functionality for labelling PRs by their size
henrymercer Oct 20, 2025
519594f
Update workflow name
henrymercer Oct 20, 2025
08e53be
Update .github/sizeup.yml
henrymercer Oct 20, 2025
f2f52d0
Add score for XL
henrymercer Oct 20, 2025
c13672e
Bump sizes a bit
henrymercer Oct 20, 2025
e9daf5b
Comment version that is pinned
henrymercer Oct 20, 2025
6562050
Merge pull request #3218 from github/henrymercer/pr-sizes
henrymercer Oct 20, 2025
a3ff966
Bump the npm-minor group with 5 updates
dependabot[bot] Oct 20, 2025
2357c43
Rebuild
github-actions[bot] Oct 20, 2025
53588c5
Bump actions/setup-node from 5 to 6 in /.github/workflows
dependabot[bot] Oct 20, 2025
06f31ec
Rebuild
github-actions[bot] Oct 20, 2025
bee06ec
Merge pull request #3220 from github/dependabot/github_actions/dot-gi…
mbg Oct 20, 2025
ffed63a
Merge pull request #3219 from github/dependabot/npm_and_yarn/npm-mino…
mbg Oct 20, 2025
9b0ac1c
Merge pull request #3203 from github/mbg/errors/more-user-errors
mbg Oct 20, 2025
40e2646
Require message field too
henrymercer Oct 21, 2025
e6e649a
Simplify API error checks
henrymercer Oct 21, 2025
804fc66
Merge branch 'main' into henrymercer/http-error-handling
henrymercer Oct 21, 2025
8e53c48
Merge pull request #3217 from github/henrymercer/http-error-handling
henrymercer Oct 21, 2025
79ed956
Always skip database upload if `AnalysisKind.CodeScanning` is not ena…
mbg Oct 21, 2025
0c5185d
Merge pull request #3221 from github/mbg/code-quality/skip-db-upload
mbg Oct 21, 2025
aa048ac
Merge branch 'main' into mbg/analyze/use-upload-sarif
mbg Oct 21, 2025
02b2c3a
Fix style inconsistency
mbg Oct 22, 2025
bd5f49c
Bump minimum version to 2.17.6
henrymercer Oct 22, 2025
9924f47
Add changelog note
henrymercer Oct 22, 2025
bab3f2b
Remove `sarifMergeRunsFromEqualCategory` FF
henrymercer Oct 22, 2025
3934593
Remove `analysisSummaryV2Default` FF
henrymercer Oct 22, 2025
3cd3374
Bump minor version number
henrymercer Oct 22, 2025
f88cb01
Add `AnalyzeUseNewUpload` feature
mbg Oct 22, 2025
b7c814c
Gate `uploadSarif` behind FF, use old implementation otherwise
mbg Oct 22, 2025
c98d5a9
Use `checkoutPath` and `category` constants consistently
mbg Oct 22, 2025
e5f165b
Linting: Prefer optional chaining
henrymercer Oct 22, 2025
ebd514f
Address review comments
mbg Oct 22, 2025
4bd7dfe
Merge pull request #3226 from github/henrymercer/prefer-optional-chai…
henrymercer Oct 22, 2025
4264208
Merge pull request #3206 from github/mbg/analyze/use-upload-sarif
mbg Oct 22, 2025
489ed91
Split SARIF post-processing steps from `uploadSpecifiedFiles` into a …
mbg Oct 13, 2025
6fbdd5f
Split SARIF uploading steps from `uploadSpecifiedFiles` into a function
mbg Oct 21, 2025
899bf2f
Use `postProcessSarifFiles` and `uploadProcessedFiles` in `uploadSarif`
mbg Oct 21, 2025
596de7f
Move `UploadKind` check into `uploadSarif`
mbg Oct 21, 2025
14139c9
Add test for `uploadSarif` with `upload: never`
mbg Oct 21, 2025
c2bec36
Add `post-process-output` input to `analyze` action
mbg Oct 21, 2025
12f3cfe
Write processed SARIF files if `post-process-output` input is provided
mbg Oct 21, 2025
def04c1
Add test for `uploadSarif` with output directory
mbg Oct 21, 2025
5e37670
Use `post-process-output` in PR check
mbg Oct 22, 2025
d79c0a1
Fix incomplete comment
mbg Oct 22, 2025
89d3359
Improve test name
mbg Oct 22, 2025
6f0fcbe
Rename `uploadSarif`
mbg Oct 22, 2025
8ff870a
Rename new input to `processed-sarif-path`
mbg Oct 22, 2025
aed27f7
Fix linter issue
mbg Oct 22, 2025
d1b51f0
Update API permissions warning
mbg Oct 23, 2025
e849c56
Update debug message
mbg Oct 23, 2025
40b4cdd
Update status report messages
mbg Oct 23, 2025
f48b54a
Fix fallback not being guarded by `uploadKind` check
mbg Oct 23, 2025
8376af2
Bump timeout for `analyze-action-env` test
mbg Oct 23, 2025
da64a41
Bump timeout for `analyze-action-input` test
mbg Oct 23, 2025
1c3c806
Merge pull request #3228 from github/mbg/test/timeout
mbg Oct 23, 2025
690d276
Merge branch 'main' into mbg/permission-warning
mbg Oct 23, 2025
9625890
Merge pull request #3227 from github/mbg/permission-warning
mbg Oct 23, 2025
22d29ca
Overlay: Lower size limit for overlay base databases
kaspersv Oct 22, 2025
b9cd368
Merge remote-tracking branch 'origin/main' into mbg/upload-lib/post-p…
mbg Oct 24, 2025
956c567
Merge pull request #3231 from github/kaspersv/lower-overlay-base-size…
kaspersv Oct 24, 2025
f0452d5
Consistently use "post-processing"
mbg Oct 24, 2025
710606c
Check that `outputPath` is non-empty
mbg Oct 24, 2025
d75645b
Merge pull request #3222 from github/mbg/upload-lib/post-process
mbg Oct 24, 2025
ad35676
Add `getOptionalEnvVar` function
mbg Oct 24, 2025
e576807
Merge pull request #3223 from github/henrymercer/bump-minimum
henrymercer Oct 24, 2025
1ecd563
Use `getOptionalEnvVar` in `writePostProcessedFiles`
mbg Oct 24, 2025
b843cbe
Merge pull request #3233 from github/mbg/getOptionalEnvVar
mbg Oct 24, 2025
08ada26
Add changelog entry for post-processing change
mbg Oct 24, 2025
1d36546
Merge pull request #3234 from github/mbg/changelog/post-processing
mbg Oct 24, 2025
8f11182
Update changelog for v4.31.0
github-actions[bot] Oct 24, 2025
4e94bd1
Merge pull request #3235 from github/update-v4.31.0-1d36546c1
mbg Oct 24, 2025
d3019ef
Revert "Update version and changelog for v3.30.9"
github-actions[bot] Oct 24, 2025
12c6008
Revert "Rebuild"
github-actions[bot] Oct 24, 2025
28fc48d
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31…
github-actions[bot] Oct 24, 2025
7dd1575
Update version and changelog for v3.31.0
github-actions[bot] Oct 24, 2025
9e3918e
Rebuild
github-actions[bot] Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "Update version and changelog for v3.30.9" 
This reverts commit ba42101.
  • Loading branch information
@github-actions
github-actions[bot] committed Oct 24, 2025
commit d3019effb0ce2b87572a34bd7a046adab0d8ad9f
15 changes: 11 additions & 4 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 3.30.9 - 17 Oct 2025
## 4.30.9 - 17 Oct 2025

- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)

## 3.30.8 - 10 Oct 2025
## 4.30.8 - 10 Oct 2025

No user facing changes.

## 3.30.7 - 06 Oct 2025
## 4.30.7 - 06 Oct 2025

No user facing changes.
- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)

## 3.30.6 - 02 Oct 2025

Expand Down Expand Up @@ -249,13 +249,17 @@ No user facing changes.
## 3.26.12 - 07 Oct 2024

- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520)

- If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

- Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

## 3.26.11 - 03 Oct 2024

- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.

Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.

This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
- Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)

Expand Down Expand Up @@ -378,9 +382,12 @@ No user facing changes.
## 3.25.0 - 15 Apr 2024

- The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)

As a result, the following inputs and environment variables are now ignored:

- The `setup-python-dependencies` input to the `init` Action
- The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable

We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
- Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
- Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.30.9",
"version": "4.30.9",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down