Skip to content

Merge releases/v4 into releases/v3 #3338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 50 commits into from
Dec 1, 2025
Merged

Merge releases/v4 into releases/v3 #3338

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
cf8b7a6
Refactor C# cache content paths into a function
mbg Nov 12, 2025
d854ba6
Pass `FeatureEnablement` to `getDependencyPaths`
mbg Nov 12, 2025
a47d04c
Add FF for extra C# cache contents
mbg Nov 12, 2025
ecaa6db
Include `getCsharpTempDependencyDir` in C# caches if FF is enabled
mbg Nov 13, 2025
f5f9571
Configure temp dependency dir for C# extractor when FF is enabled
mbg Nov 13, 2025
29e11fd
Update changelog and version after v4.31.5
github-actions[bot] Nov 24, 2025
4783501
Rebuild
github-actions[bot] Nov 24, 2025
52f930e
Merge pull request #3323 from github/mergeback/v4.31.5-to-main-fdbfb4d2
redsun82 Nov 24, 2025
e2a623d
Bump the npm-minor group with 3 updates
dependabot[bot] Nov 24, 2025
5142791
Rebuild
github-actions[bot] Nov 24, 2025
6feac2b
Bump actions/create-github-app-token
dependabot[bot] Nov 24, 2025
5bd8069
Bump actions/checkout from 5 to 6 in /.github/workflows
dependabot[bot] Nov 24, 2025
8484f54
Rebuild
github-actions[bot] Nov 24, 2025
62e9052
Merge pull request #3327 from github/dependabot/github_actions/dot-gi…
mbg Nov 25, 2025
0e52774
Merge pull request #3326 from github/dependabot/github_actions/dot-gi…
mbg Nov 25, 2025
6b7e963
Update supported GitHub Enterprise Server versions
github-actions[bot] Nov 26, 2025
0155561
Merge branch 'main' into mbg/csharp/more-cache-locations
mbg Nov 26, 2025
99d80b4
Merge pull request #3328 from github/update-supported-enterprise-serv…
henrymercer Nov 26, 2025
d8e497a
Update version in package.json too
henrymercer Nov 26, 2025
85fd3e5
Merge remote-tracking branch 'origin/main' into dependabot/npm_and_ya…
github-actions[bot] Nov 26, 2025
510d25f
Rebuild
github-actions[bot] Nov 26, 2025
a690945
Remove `push` triggers from workflow collections
mbg Nov 26, 2025
c370017
Merge pull request #3325 from github/dependabot/npm_and_yarn/npm-mino…
henrymercer Nov 26, 2025
7850b1c
Merge pull request #3330 from github/mbg/ci/remove-push-from-groups
mbg Nov 26, 2025
3e93966
Merge branch 'main' into mbg/csharp/more-cache-locations
henrymercer Nov 26, 2025
59ce4c1
Merge pull request #3286 from github/mbg/csharp/more-cache-locations
mbg Nov 26, 2025
0c204fc
Bump node-forge from 1.3.1 to 1.3.2
dependabot[bot] Nov 26, 2025
4822f93
Rebuild
github-actions[bot] Nov 26, 2025
bd30e75
Simplify getOverlayDatabaseMode
kaspersv Nov 27, 2025
bd8d26b
Overlay: Fall back to full analysis if memory flag is low
kaspersv Nov 27, 2025
1ffb7dd
Overlay: Add feature flag to skip resource checks
kaspersv Nov 27, 2025
d29b979
Merge pull request #3331 from github/dependabot/npm_and_yarn/node-for…
henrymercer Nov 27, 2025
c178e03
Merge pull request #3332 from github/kaspersv/overlay-memory-limit
kaspersv Nov 27, 2025
2f3bbce
Overlay: Introduce overlay memory limit constant
kaspersv Nov 27, 2025
8d91fa1
Rename getMemoryFlagValue
kaspersv Nov 27, 2025
b02fa13
Order feature flags alphabetically
kaspersv Nov 27, 2025
58c5954
Add comment to runnerSupportsOverlayAnalysis
kaspersv Nov 27, 2025
f036b1c
Merge branch 'main' into kaspersv/overlay-no-resource-checks-option
kaspersv Nov 28, 2025
75b2f49
Merge pull request #3333 from github/kaspersv/overlay-no-resource-che…
kaspersv Nov 28, 2025
32ada5e
Merge branch 'main' into kaspersv/overlay-minor-comments
kaspersv Nov 28, 2025
f7abc74
Remove branch filter for PR event in CodeQL workflow
mbg Nov 28, 2025
23da732
Merge pull request #3334 from github/kaspersv/overlay-minor-comments
kaspersv Nov 28, 2025
ecec1f8
Merge pull request #3335 from github/mbg/ci/run-codeql-on-all-prs
mbg Nov 28, 2025
88c2ab5
Update changelog for v4.31.6
github-actions[bot] Dec 1, 2025
fe4161a
Merge pull request #3336 from github/update-v4.31.6-ecec1f887
mbg Dec 1, 2025
249860e
Revert "Update version and changelog for v3.31.5"
github-actions[bot] Dec 1, 2025
e439418
Revert "Rebuild"
github-actions[bot] Dec 1, 2025
5af51f4
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31…
github-actions[bot] Dec 1, 2025
dbf6819
Update version and changelog for v3.31.6
github-actions[bot] Dec 1, 2025
89cb79a
Rebuild
github-actions[bot] Dec 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "Update version and changelog for v3.31.5" 
This reverts commit 2e2a1cf.
  • Loading branch information
@github-actions
github-actions[bot] committed Dec 1, 2025
commit 249860e3235e6bdecea3b8b67c9e81e09014e6c1
27 changes: 17 additions & 10 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,44 +2,44 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 3.31.5 - 24 Nov 2025
## 4.31.5 - 24 Nov 2025

- Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321)

## 3.31.4 - 18 Nov 2025
## 4.31.4 - 18 Nov 2025

No user facing changes.

## 3.31.3 - 13 Nov 2025
## 4.31.3 - 13 Nov 2025

- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
- Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288)

## 3.31.2 - 30 Oct 2025
## 4.31.2 - 30 Oct 2025

No user facing changes.

## 3.31.1 - 30 Oct 2025
## 4.31.1 - 30 Oct 2025

- The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

## 3.31.0 - 24 Oct 2025
## 4.31.0 - 24 Oct 2025

- Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223)
- When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222)

## 3.30.9 - 17 Oct 2025
## 4.30.9 - 17 Oct 2025

- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)

## 3.30.8 - 10 Oct 2025
## 4.30.8 - 10 Oct 2025

No user facing changes.

## 3.30.7 - 06 Oct 2025
## 4.30.7 - 06 Oct 2025

No user facing changes.
- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)

## 3.30.6 - 02 Oct 2025

Expand Down Expand Up @@ -275,13 +275,17 @@ No user facing changes.
## 3.26.12 - 07 Oct 2024

- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520)

- If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

- Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

## 3.26.11 - 03 Oct 2024

- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.

Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.

This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
- Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)

Expand Down Expand Up @@ -404,9 +408,12 @@ No user facing changes.
## 3.25.0 - 15 Apr 2024

- The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)

As a result, the following inputs and environment variables are now ignored:

- The `setup-python-dependencies` input to the `init` Action
- The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable

We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
- Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
- Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.31.5",
"version": "4.31.5",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down