From 9c39f0afb0dccf4d000a85846771d81ecc2330a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 18:05:01 +0000 Subject: [PATCH 01/11] Bump actions/download-artifact from 5 to 6 in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/debug-artifacts-failure-safe.yml | 2 +- .github/workflows/debug-artifacts-safe.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index c938c51e65..1a09b3d9ee 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -79,7 +79,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 - name: Check expected artifacts exist run: | LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 3e7282f820..ea513521f1 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 - name: Check expected artifacts exist run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" From cbcb06a3ae83559ce90331dbf8b09f234510f99d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:29:22 +0000 Subject: [PATCH 02/11] Update changelog and version after v4.31.1 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e735715116..6fd372f5b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. diff --git a/package-lock.json b/package-lock.json index 9cd43e5bd1..a73a977b94 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", diff --git a/package.json b/package.json index 29e60bd283..229c06c091 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.1", + "version": "4.31.2", "private": true, "description": "CodeQL action", "scripts": { From e7811794d39c880497f5558166d3fe734ee53415 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:31:33 +0000 Subject: [PATCH 03/11] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index af20c51195..241ec35192 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index dfc96b28dc..9e01d6458d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ad1fc68ba2..97ffbac165 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 64c083f5c9..366d0503d1 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index ad215ae92f..f1d765d77f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 2a92abf57d..71675b68fd 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index be67a6114d..2b51df5ad8 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 7e29c19084..2b57a99ff4 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 503bd0956a..f034966f67 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45004,7 +45004,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 7780bc4db5..b1316738df 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27765,7 +27765,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 652e31a9cc..4bed7f1cc3 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc691f8097..f3b857596a 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.1", + version: "4.31.2", private: true, description: "CodeQL action", scripts: { From b2bffa615da2c5ae026beb862b3ff730793c319f Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 30 Oct 2025 10:40:23 +0000 Subject: [PATCH 04/11] Remove unused `console-log-level` dependency This was added back by a bad merge. --- lib/analyze-action-post.js | 2 -- lib/analyze-action.js | 2 -- lib/autobuild-action.js | 2 -- lib/init-action-post.js | 2 -- lib/init-action.js | 2 -- lib/resolve-environment-action.js | 2 -- lib/setup-codeql-action.js | 2 -- lib/start-proxy-action-post.js | 2 -- lib/start-proxy-action.js | 2 -- lib/upload-lib.js | 2 -- lib/upload-sarif-action-post.js | 2 -- lib/upload-sarif-action.js | 2 -- package-lock.json | 13 ------------- package.json | 2 -- 14 files changed, 39 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index af20c51195..a5b494631a 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index dfc96b28dc..a1f7ad16f6 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ad1fc68ba2..fccf20bcfd 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 64c083f5c9..6f14749a50 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/init-action.js b/lib/init-action.js index ad215ae92f..4f3628da05 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 2a92abf57d..1fb13b9015 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index be67a6114d..1e3701774e 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 7e29c19084..be2505180e 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 503bd0956a..7ecc8df954 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45042,7 +45042,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -45062,7 +45061,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 7780bc4db5..606b772027 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27803,7 +27803,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -27823,7 +27822,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 652e31a9cc..6b6d1583b2 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc691f8097..e1de1cd0c7 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26506,7 +26506,6 @@ var require_package = __commonJS({ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -26526,7 +26525,6 @@ var require_package = __commonJS({ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", diff --git a/package-lock.json b/package-lock.json index 9cd43e5bd1..9c3057fbea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,6 @@ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -43,7 +42,6 @@ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", @@ -2486,11 +2484,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@types/console-log-level": { - "version": "1.4.5", - "dev": true, - "license": "MIT" - }, "node_modules/@types/estree": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", @@ -4506,12 +4499,6 @@ "node": "^14.18.0 || >=16.10.0" } }, - "node_modules/console-log-level": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/console-log-level/-/console-log-level-1.4.1.tgz", - "integrity": "sha512-VZzbIORbP+PPcN/gg3DXClTLPLg5Slwd5fL2MIc+o1qZ4BXBvWyc6QxPk6T/Mkr6IVjRpoAGf32XxP3ZWMVRcQ==", - "license": "MIT" - }, "node_modules/convert-to-spaces": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/convert-to-spaces/-/convert-to-spaces-2.0.1.tgz", diff --git a/package.json b/package.json index 29e60bd283..601b3b1f54 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,6 @@ "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", - "console-log-level": "^1.4.1", "fast-deep-equal": "^3.1.3", "follow-redirects": "^1.15.11", "get-folder-size": "^5.0.0", @@ -58,7 +57,6 @@ "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.1", "@types/archiver": "^6.0.4", - "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", "@types/node": "20.19.9", From 2a3599c52055e7a5443d3fef8981a4d543586dde Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 30 Oct 2025 11:25:32 +0000 Subject: [PATCH 05/11] Run lightweight workflows on `ubuntu-slim` --- .github/workflows/check-expected-release-files.yml | 2 +- .github/workflows/label-pr-size.yml | 2 +- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/prepare-release.yml | 2 +- .github/workflows/publish-immutable-action.yml | 2 +- .github/workflows/update-bundle.yml | 2 +- .github/workflows/update-release-branch.yml | 4 ++-- .../workflows/update-supported-enterprise-server-versions.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index edcc499dc8..a066cbde55 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -15,7 +15,7 @@ defaults: jobs: check-expected-release-files: - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: read diff --git a/.github/workflows/label-pr-size.yml b/.github/workflows/label-pr-size.yml index 83ec360f57..965a4a8587 100644 --- a/.github/workflows/label-pr-size.yml +++ b/.github/workflows/label-pr-size.yml @@ -16,7 +16,7 @@ permissions: jobs: sizeup: name: Label PR with size - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Run sizeup diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index b5c0f27b54..c59e6c8890 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -24,7 +24,7 @@ defaults: jobs: merge-back: - runs-on: ubuntu-latest + runs-on: ubuntu-slim environment: Automation if: github.repository == 'github/codeql-action' env: diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 82fa18e3b8..dad6fce39a 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -29,7 +29,7 @@ defaults: jobs: prepare: name: "Prepare release" - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.repository == 'github/codeql-action' permissions: diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index effe2255a2..9350bf2b28 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -10,7 +10,7 @@ defaults: jobs: publish: - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: read id-token: write diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 8c0f8274e7..f2c3cd40cb 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -20,7 +20,7 @@ defaults: jobs: update-bundle: if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: write # needed to push commits pull-requests: write # needed to create pull requests diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 69700a35f6..830ed7c2a5 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -26,7 +26,7 @@ jobs: update: timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.event_name == 'workflow_dispatch' needs: [prepare] env: @@ -77,7 +77,7 @@ jobs: backport: timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim environment: Automation needs: [prepare] if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml index 35d4ba01f4..b6cbe01510 100644 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ b/.github/workflows/update-supported-enterprise-server-versions.yml @@ -9,7 +9,7 @@ jobs: update-supported-enterprise-server-versions: name: Update Supported Enterprise Server Versions timeout-minutes: 45 - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: github.repository == 'github/codeql-action' permissions: contents: write # needed to push commits From f0e9bf07f44488f7e3adf5ff01d04e6392b60b3b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 30 Oct 2025 11:37:07 +0000 Subject: [PATCH 06/11] Make `isEnablementError` case-insensitive --- lib/analyze-action.js | 6 ++--- lib/init-action-post.js | 6 ++--- lib/init-action.js | 6 ++--- lib/setup-codeql-action.js | 6 ++--- lib/upload-lib.js | 6 ++--- lib/upload-sarif-action.js | 6 ++--- src/api-client.test.ts | 53 +++++++++++++++++--------------------- src/api-client.ts | 6 ++--- 8 files changed, 44 insertions(+), 51 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fc21c87b7d..982a7ca917 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -83615,9 +83615,9 @@ async function deleteActionsCache(id) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 967bc2747a..5ca41fbfb4 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -116758,9 +116758,9 @@ async function listActionsCaches(key, ref) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/init-action.js b/lib/init-action.js index 8ef22ae0f7..b1d8e0d5f2 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -80926,9 +80926,9 @@ async function getRepositoryProperties(repositoryNwo) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 00ea84b6e8..48838e3fb8 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -79275,9 +79275,9 @@ async function getAnalysisKey() { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 84865dc375..2de497bf4a 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -82146,9 +82146,9 @@ function computeAutomationID(analysis_key, environment) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ddfb90fbe9..08d2232267 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -82191,9 +82191,9 @@ function computeAutomationID(analysis_key, environment) { } function isEnablementError(msg) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/ + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i ].some((pattern) => pattern.test(msg)); } function getFeatureEnablementError(message) { diff --git a/src/api-client.test.ts b/src/api-client.test.ts index 29e3ef852e..d3a5ce2bca 100644 --- a/src/api-client.test.ts +++ b/src/api-client.test.ts @@ -171,37 +171,30 @@ test("wrapApiConfigurationError correctly wraps specific configuration errors", ); // Enablement errors. - const codeSecurityNotEnabledError = new util.HTTPError( + const enablementErrorMessages = [ "Code Security must be enabled for this repository to use code scanning", - 403, - ); - res = api.wrapApiConfigurationError(codeSecurityNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(codeSecurityNotEnabledError.message), - ), - ); - const advancedSecurityNotEnabledError = new util.HTTPError( "Advanced Security must be enabled for this repository to use code scanning", - 403, - ); - res = api.wrapApiConfigurationError(advancedSecurityNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(advancedSecurityNotEnabledError.message), - ), - ); - const codeScanningNotEnabledError = new util.HTTPError( "Code Scanning is not enabled for this repository. Please enable code scanning in the repository settings.", - 403, - ); - res = api.wrapApiConfigurationError(codeScanningNotEnabledError); - t.deepEqual( - res, - new util.ConfigurationError( - api.getFeatureEnablementError(codeScanningNotEnabledError.message), - ), - ); + ]; + const transforms = [ + (msg: string) => msg, + (msg: string) => msg.toLowerCase(), + (msg: string) => msg.toLocaleUpperCase(), + ]; + + for (const enablementErrorMessage of enablementErrorMessages) { + for (const transform of transforms) { + const enablementError = new util.HTTPError( + transform(enablementErrorMessage), + 403, + ); + res = api.wrapApiConfigurationError(enablementError); + t.deepEqual( + res, + new util.ConfigurationError( + api.getFeatureEnablementError(enablementError.message), + ), + ); + } + } }); diff --git a/src/api-client.ts b/src/api-client.ts index f271c27910..e14048337f 100644 --- a/src/api-client.ts +++ b/src/api-client.ts @@ -285,9 +285,9 @@ export async function getRepositoryProperties(repositoryNwo: RepositoryNwo) { function isEnablementError(msg: string) { return [ - /Code Security must be enabled/, - /Advanced Security must be enabled/, - /Code Scanning is not enabled/, + /Code Security must be enabled/i, + /Advanced Security must be enabled/i, + /Code Scanning is not enabled/i, ].some((pattern) => pattern.test(msg)); } From 752a642cb25304f2aaae33cfcc3911673bf65aca Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:27:33 +0000 Subject: [PATCH 07/11] Update changelog for v4.31.2 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fd372f5b6..63a04fe4fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.31.2 - 30 Oct 2025 No user facing changes. From eb80a79ccdd5138c708f356ad3fb9b75622d6613 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:52:16 +0000 Subject: [PATCH 08/11] Revert "Update version and changelog for v3.31.1" This reverts commit c0d3370b54b1d61ac9b7d9ffa01654b0eefad02a. --- CHANGELOG.md | 19 +++++++++++++------ package.json | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 834e7ef701..e735715116 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,27 +2,27 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## 3.31.1 - 30 Oct 2025 +## 4.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. -## 3.31.0 - 24 Oct 2025 +## 4.31.0 - 24 Oct 2025 - Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223) - When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222) -## 3.30.9 - 17 Oct 2025 +## 4.30.9 - 17 Oct 2025 - Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205) - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204) -## 3.30.8 - 10 Oct 2025 +## 4.30.8 - 10 Oct 2025 No user facing changes. -## 3.30.7 - 06 Oct 2025 +## 4.30.7 - 06 Oct 2025 -No user facing changes. +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.6 - 02 Oct 2025 @@ -258,13 +258,17 @@ No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520) + - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. + - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. + Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then. + This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519) @@ -387,9 +391,12 @@ No user facing changes. ## 3.25.0 - 15 Apr 2024 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224) + As a result, the following inputs and environment variables are now ignored: + - The `setup-python-dependencies` input to the `init` Action - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable + We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0. - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229) - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232) diff --git a/package.json b/package.json index fd48191ec3..29e60bd283 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.31.1", + "version": "4.31.1", "private": true, "description": "CodeQL action", "scripts": { From d149012a97318c091ab809fcbce9b45ae0625e14 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:52:16 +0000 Subject: [PATCH 09/11] Revert "Rebuild" This reverts commit c2805e0a04f80928b6d325723827bb5391a13333. --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 05cb4071df..af20c51195 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index b63a2bbd32..dfc96b28dc 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index c71d2ee533..ad1fc68ba2 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 5747f2b80a..64c083f5c9 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index 377490f0b2..ad215ae92f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 523b6f76ab..2a92abf57d 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6d15211e0b..be67a6114d 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 124b72b57b..7e29c19084 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 428d6bb201..503bd0956a 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45004,7 +45004,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index cca934f1c5..7780bc4db5 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27765,7 +27765,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 9afc814e0c..652e31a9cc 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index dadf6548f0..cc691f8097 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.31.1", + version: "4.31.1", private: true, description: "CodeQL action", scripts: { From e56b5eeb3ca1e25ef6cd4b2cb49843bc3f45f50e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:52:18 +0000 Subject: [PATCH 10/11] Update version and changelog for v3.31.2 --- CHANGELOG.md | 21 +++++++-------------- package.json | 2 +- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 63a04fe4fd..a193a99516 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,31 +2,31 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## 4.31.2 - 30 Oct 2025 +## 3.31.2 - 30 Oct 2025 No user facing changes. -## 4.31.1 - 30 Oct 2025 +## 3.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. -## 4.31.0 - 24 Oct 2025 +## 3.31.0 - 24 Oct 2025 - Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223) - When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222) -## 4.30.9 - 17 Oct 2025 +## 3.30.9 - 17 Oct 2025 - Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205) - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204) -## 4.30.8 - 10 Oct 2025 +## 3.30.8 - 10 Oct 2025 No user facing changes. -## 4.30.7 - 06 Oct 2025 +## 3.30.7 - 06 Oct 2025 -- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) +No user facing changes. ## 3.30.6 - 02 Oct 2025 @@ -262,17 +262,13 @@ No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520) - - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. - - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. - Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then. - This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519) @@ -395,12 +391,9 @@ No user facing changes. ## 3.25.0 - 15 Apr 2024 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224) - As a result, the following inputs and environment variables are now ignored: - - The `setup-python-dependencies` input to the `init` Action - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable - We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0. - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229) - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232) diff --git a/package.json b/package.json index 0e67815c47..ad767956b3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.2", + "version": "3.31.2", "private": true, "description": "CodeQL action", "scripts": { From 3741885711777b4c494482ff3e1b92331fdd8b9a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:55:38 +0000 Subject: [PATCH 11/11] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index b99c7565d2..d99d2e7492 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 982a7ca917..b4673d364b 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 25593c2480..9b63e25db9 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 5ca41fbfb4..166355c0c3 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index b1d8e0d5f2..90a8e1a295 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index c911f949f0..f8deb4f5f7 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 48838e3fb8..c90441d7db 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 738ce2142e..51d7e05b5a 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 38491dac4d..272feaf97d 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45004,7 +45004,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 2de497bf4a..6564d32246 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27765,7 +27765,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index c5defad27f..70270b6b75 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 08d2232267..e19dfe8c3c 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26468,7 +26468,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.2", + version: "3.31.2", private: true, description: "CodeQL action", scripts: {