From 2bbfe979c31de306d6424f250161ff168cc52f8f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:31:34 +0000
Subject: [PATCH 1/3] Update default bundle to codeql-bundle-v2.23.1

---
 lib/analyze-action.js      | 4 ++--
 lib/autobuild-action.js    | 4 ++--
 lib/defaults.json          | 8 ++++----
 lib/init-action-post.js    | 4 ++--
 lib/init-action.js         | 4 ++--
 lib/start-proxy-action.js  | 4 ++--
 lib/upload-lib.js          | 4 ++--
 lib/upload-sarif-action.js | 4 ++--
 src/defaults.json          | 8 ++++----
 9 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/lib/analyze-action.js b/lib/analyze-action.js
index 9ec4e5c9a9..40f7662f34 100644
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -90587,8 +90587,8 @@ var path8 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var crypto = __toESM(require("crypto"));
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
index cbb0348779..7ebf6a9182 100644
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -78256,8 +78256,8 @@ var path3 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var fs2 = __toESM(require("fs"));
diff --git a/lib/defaults.json b/lib/defaults.json
index 712efc19fe..dbc0d5e258 100644
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.0",
-  "cliVersion": "2.23.0",
-  "priorBundleVersion": "codeql-bundle-v2.22.4",
-  "priorCliVersion": "2.22.4"
+  "bundleVersion": "codeql-bundle-v2.23.1",
+  "cliVersion": "2.23.1",
+  "priorBundleVersion": "codeql-bundle-v2.23.0",
+  "priorCliVersion": "2.23.0"
 }
diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index 9f5ee320db..893fbc0b44 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -128793,8 +128793,8 @@ var path8 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var fs6 = __toESM(require("fs"));
diff --git a/lib/init-action.js b/lib/init-action.js
index 0794a537d3..31084d8e88 100644
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -86516,8 +86516,8 @@ var path9 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var crypto = __toESM(require("crypto"));
diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index c9aa76f792..4dbafc2211 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -49393,8 +49393,8 @@ function getApiClient() {
 }
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/languages.ts
 var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
index 712684630f..710c4d3e3e 100644
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -88902,8 +88902,8 @@ var path8 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var fs5 = __toESM(require("fs"));
diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
index 6e83644638..2f6e5c0abd 100644
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -88885,8 +88885,8 @@ var path8 = __toESM(require("path"));
 var semver3 = __toESM(require_semver2());
 
 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.0";
-var cliVersion = "2.23.0";
+var bundleVersion = "codeql-bundle-v2.23.1";
+var cliVersion = "2.23.1";
 
 // src/overlay-database-utils.ts
 var fs5 = __toESM(require("fs"));
diff --git a/src/defaults.json b/src/defaults.json
index 712efc19fe..dbc0d5e258 100644
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.0",
-  "cliVersion": "2.23.0",
-  "priorBundleVersion": "codeql-bundle-v2.22.4",
-  "priorCliVersion": "2.22.4"
+  "bundleVersion": "codeql-bundle-v2.23.1",
+  "cliVersion": "2.23.1",
+  "priorBundleVersion": "codeql-bundle-v2.23.0",
+  "priorCliVersion": "2.23.0"
 }

From e8921f7effe5b69a3acc1781912db7c9fe1f3335 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:31:43 +0000
Subject: [PATCH 2/3] Add changelog note

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3cae4a75f7..3c84102a42 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 - We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the `codeql-action/init` step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the `codeql-action/init` step. [#3099](https://github.com/github/codeql-action/pull/3099) and [#3100](https://github.com/github/codeql-action/pull/3100)
 - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://github.com/github/codeql-action/pull/3107)
 - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://github.com/github/codeql-action/pull/3130)
+- Update default CodeQL bundle version to 2.23.1. [#3118](https://github.com/github/codeql-action/pull/3118)
 
 ## 3.30.3 - 10 Sep 2025
 

From eb05da905dde2311f814bcef836fecf6bb74f81a Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Wed, 17 Sep 2025 17:06:58 +0100
Subject: [PATCH 3/3] Specify `Accept` header for `toolcache.downloadTool`

---
 lib/start-proxy-action.js | 9 ++++++++-
 src/start-proxy-action.ts | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index 4dbafc2211..3a5a85c6b1 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -49682,7 +49682,14 @@ async function getProxyBinaryPath(logger) {
   const proxyInfo = await getDownloadUrl(logger);
   let proxyBin = toolcache.find(proxyFileName, proxyInfo.version);
   if (!proxyBin) {
-    const temp = await toolcache.downloadTool(proxyInfo.url);
+    const temp = await toolcache.downloadTool(
+      proxyInfo.url,
+      void 0,
+      void 0,
+      {
+        accept: "application/octet-stream"
+      }
+    );
     const extracted = await toolcache.extractTar(temp);
     proxyBin = await toolcache.cacheDir(
       extracted,
diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts
index 6ce3b70ff4..c0a8d3c7f9 100644
--- a/src/start-proxy-action.ts
+++ b/src/start-proxy-action.ts
@@ -192,7 +192,14 @@ async function getProxyBinaryPath(logger: Logger): Promise<string> {
 
   let proxyBin = toolcache.find(proxyFileName, proxyInfo.version);
   if (!proxyBin) {
-    const temp = await toolcache.downloadTool(proxyInfo.url);
+    const temp = await toolcache.downloadTool(
+      proxyInfo.url,
+      undefined,
+      undefined,
+      {
+        accept: "application/octet-stream",
+      },
+    );
     const extracted = await toolcache.extractTar(temp);
     proxyBin = await toolcache.cacheDir(
       extracted,