Skip to content

Merge releases/v4 into releases/v3 #3324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
redsun82 merged 44 commits into from
Nov 24, 2025
Merged

Merge releases/v4 into releases/v3 #3324

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
11889c2
Return keys of restored caches from `downloadDependencyCaches`
mbg Nov 14, 2025
594c0cc
Store restored keys in action state
mbg Nov 14, 2025
51c9af3
Don't try to upload cache if we have restored a cache with the same key
mbg Nov 14, 2025
1ed85b4
Add test coverage for `uploadDependencyCaches`
mbg Nov 14, 2025
3b63581
Bump the npm-minor group with 2 updates
dependabot[bot] Nov 17, 2025
01577d4
Bump @eslint/compat from 1.4.1 to 2.0.0
dependabot[bot] Nov 17, 2025
cd808e1
Bump @types/sinon from 17.0.4 to 21.0.0
dependabot[bot] Nov 17, 2025
d4a7ccd
Rebuild
github-actions[bot] Nov 17, 2025
4f39cef
Rebuild
github-actions[bot] Nov 17, 2025
b595847
Rebuild
github-actions[bot] Nov 17, 2025
4f746e4
Overlay: Fall back to full analysis if runner disk space is low
kaspersv Nov 18, 2025
726a2a0
Overlay: Increase disk storage threshold to 20GB
kaspersv Nov 18, 2025
249458a
Merge pull request #3296 from github/mbg/dependency-caching/skip-uplo…
mbg Nov 18, 2025
fea2500
Update changelog and version after v4.31.4
github-actions[bot] Nov 18, 2025
28f4a61
Merge remote-tracking branch 'origin/main' into mergeback/v4.31.4-to-…
github-actions[bot] Nov 18, 2025
ce9b526
Rebuild
github-actions[bot] Nov 18, 2025
e24190a
Remove unused dependencies
henrymercer Nov 18, 2025
cac5926
Delete unused exports
henrymercer Nov 18, 2025
5da2098
Add feature flag for uploading overlay DBs to API
henrymercer Nov 18, 2025
31042e9
Rename function calls to make destructive operation clearer
henrymercer Nov 18, 2025
c649c59
Upload overlay base DB to API behind FF
henrymercer Nov 18, 2025
378219c
Merge pull request #3313 from github/mergeback/v4.31.4-to-main-e12f0178
henrymercer Nov 18, 2025
ed80d6e
Overlay: Reorder available disk space check
kaspersv Nov 19, 2025
4eccb37
Overlay: Round available disk space in MB
kaspersv Nov 19, 2025
86d2aa5
Merge pull request #3316 from github/henrymercer/upload-overlay-to-api
henrymercer Nov 19, 2025
ce07e7d
Merge pull request #3310 from github/kaspersv/overlay-disk-available-…
kaspersv Nov 19, 2025
de74d76
Overlay: Increase minimum CLI version
kaspersv Nov 19, 2025
a102014
Merge pull request #3317 from github/kaspersv/bump-minimum-overlay-ve…
kaspersv Nov 19, 2025
90871e1
Merge pull request #3304 from github/dependabot/npm_and_yarn/npm-mino…
mbg Nov 19, 2025
e818008
Merge pull request #3305 from github/dependabot/npm_and_yarn/eslint/c…
mbg Nov 19, 2025
0b43179
Merge pull request #3306 from github/dependabot/npm_and_yarn/types/si…
mbg Nov 19, 2025
112cd07
Merge branch 'main' into henrymercer/dead-code-elimination
henrymercer Nov 19, 2025
ac359aa
Add return type
henrymercer Nov 19, 2025
ce729e4
Merge pull request #3315 from github/henrymercer/dead-code-elimination
henrymercer Nov 19, 2025
1d2a238
Update default bundle to codeql-bundle-v2.23.6
github-actions[bot] Nov 24, 2025
ecc8787
Add changelog note
github-actions[bot] Nov 24, 2025
ec2ee57
Merge pull request #3321 from github/update-bundle/codeql-bundle-v2.23.6
redsun82 Nov 24, 2025
81f6d64
Update changelog for v4.31.5
github-actions[bot] Nov 24, 2025
fdbfb4d
Merge pull request #3322 from github/update-v4.31.5-ec2ee575c
redsun82 Nov 24, 2025
1c715a7
Revert "Update version and changelog for v3.31.4"
github-actions[bot] Nov 24, 2025
801a18b
Revert "Rebuild"
github-actions[bot] Nov 24, 2025
e2cca77
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31…
github-actions[bot] Nov 24, 2025
2e2a1cf
Update version and changelog for v3.31.5
github-actions[bot] Nov 24, 2025
c12d7c1
Rebuild
github-actions[bot] Nov 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update version and changelog for v3.31.5
  • Loading branch information
@github-actions
github-actions[bot] committed Nov 24, 2025
commit 2e2a1cf1efa1744505b377816c8e7d648c93ff8e
27 changes: 10 additions & 17 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,44 +2,44 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 4.31.5 - 24 Nov 2025
## 3.31.5 - 24 Nov 2025

- Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321)

## 4.31.4 - 18 Nov 2025
## 3.31.4 - 18 Nov 2025

No user facing changes.

## 4.31.3 - 13 Nov 2025
## 3.31.3 - 13 Nov 2025

- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
- Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288)

## 4.31.2 - 30 Oct 2025
## 3.31.2 - 30 Oct 2025

No user facing changes.

## 4.31.1 - 30 Oct 2025
## 3.31.1 - 30 Oct 2025

- The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

## 4.31.0 - 24 Oct 2025
## 3.31.0 - 24 Oct 2025

- Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223)
- When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222)

## 4.30.9 - 17 Oct 2025
## 3.30.9 - 17 Oct 2025

- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)

## 4.30.8 - 10 Oct 2025
## 3.30.8 - 10 Oct 2025

No user facing changes.

## 4.30.7 - 06 Oct 2025
## 3.30.7 - 06 Oct 2025

- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)
No user facing changes.

## 3.30.6 - 02 Oct 2025

Expand Down Expand Up @@ -275,17 +275,13 @@ No user facing changes.
## 3.26.12 - 07 Oct 2024

- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520)

- If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

- Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

## 3.26.11 - 03 Oct 2024

- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.

Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.

This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
- Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)

Expand Down Expand Up @@ -408,12 +404,9 @@ No user facing changes.
## 3.25.0 - 15 Apr 2024

- The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)

As a result, the following inputs and environment variables are now ignored:

- The `setup-python-dependencies` input to the `init` Action
- The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable

We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
- Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
- Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "4.31.5",
"version": "3.31.5",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down
Loading