Skip to content

Bump minimum CodeQL Bundle version to 2.17.6 #3223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 24, 2025
Merged

Bump minimum CodeQL Bundle version to 2.17.6 #3223

merged 5 commits into from
Oct 24, 2025

Conversation

@henrymercer
Copy link
Contributor

This has been deprecated for some time now and is safe to remove. The PR also removes tool feature flags that are now enabled for all supported CodeQL versions.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

  • Advanced setup - Impacts users who have custom workflows.
  • Default setup - Impacts users who use default setup.
  • Code Scanning - Impacts Code Scanning (i.e. analysis-kinds: code-scanning).
  • Code Quality - Impacts Code Quality (i.e. analysis-kinds: code-quality).
  • Third-party analyses - Impacts third-party analyses (i.e. upload-sarif).
  • GHES - Impacts GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

Copilot AI review requested due to automatic review settings October 22, 2025 11:28
@henrymercer henrymercer requested a review from a team as a code owner October 22, 2025 11:28
@github-actions github-actions bot added the size/M Should be of average difficulty to review label Oct 22, 2025
Copilot AI reviewed Oct 22, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR bumps the minimum supported CodeQL Bundle version from 2.16.6 to 2.17.6 and removes code that handled backward compatibility for older versions. The change cleans up deprecated functionality that is no longer needed.

  • Updates the minimum CodeQL version constant from 2.16.6 to 2.17.6
  • Removes deprecated tool feature flags for SARIF merging and analysis summary V2
  • Eliminates backward compatibility code for handling unsupported features in older CodeQL versions

Reviewed Changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Version bump to 4.31.0
CHANGELOG.md Documents the minimum CodeQL version change
src/codeql.ts Updates minimum version constant and removes backward compatibility check for analysis summary flag
src/upload-lib.ts Removes SARIF merge compatibility code and related import
src/tools-features.ts Removes deprecated feature flags for analysis summary V2 and SARIF merging
src/codeql.test.ts Removes test cases for deprecated analysis summary flag behavior
lib/*.js Generated JavaScript files reflecting the TypeScript changes

mbg
mbg reviewed Oct 24, 2025
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Provisionally LGTM. I expect that there may be a conflict with #3222 in upload-lib.ts once that is merged

@henrymercer henrymercer merged commit e576807 into main Oct 24, 2025
243 checks passed
@henrymercer henrymercer deleted the henrymercer/bump-minimum branch October 24, 2025 14:11
This was referenced Oct 24, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

No one assigned

Labels

size/M Should be of average difficulty to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@henrymercer @mbg