Skip to content

Merge main into releases/v3 #3149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 179 commits into from
Sep 25, 2025
Merged

Merge main into releases/v3 #3149

merged 179 commits into from
Sep 25, 2025

Conversation

github-actions[bot]
Copy link
Contributor

Merging e4b85ab into releases/v3.

Conductor for this PR is @igfoo.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

henrymercer and others added 30 commits September 5, 2025 16:17
@henrymercer
Resolve supported languages using CodeQL CLI
f8fb310
@henrymercer
Add log for supported languages
d981505
@henrymercer
Enable feature in CI for testing
71410c6
@redsun82
Override brace-expansion from 2.0.1 to 2.0.2
f11caf4
@redsun82
Merge branch 'main' into redsun82/update-brace-expansion
16f15bc
@redsun82
Build
d42097d
@dependabot
Bump the actions group with 4 updates
1a80c9b 
Bumps the actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/github-script](https://github.com/actions/github-script), [actions/setup-node](https://github.com/actions/setup-node) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@redsun82
Set shell: bash by default on all workflows
1b8f0ff
@redsun82
Sort out windows CRLF mess
0c065fa
@redsun82
fix codeql.yml codeql invocation on windows
c778749
@henrymercer
Alphabetically order ToolsFeature
ed9d73b
@Copilot
Initial plan
436471d
@mbg
Merge branch 'main' into redsun82/fix-windows-ci
3bf58bb
@Copilot @henrymercer
Add sync-back automation for Dependabot action version updates
8d31b53 
Co-authored-by: henrymercer <[email protected]>
@mbg
Validate workflow to check that all codeql-action versions are the …
bb98ff4 
…same
@mbg
Store and check action version in Config
4f56152
@mbg
Simplify step.uses condition
754f2e1
@mbg @Copilot
Update src/config-utils.test.ts
0487de3 
Co-authored-by: Copilot <[email protected]>
@Copilot @henrymercer
Improve sync-back automation with automatic action detection, comment…
f77ed60 
… preservation, and tests

Co-authored-by: henrymercer <[email protected]>
@Copilot @henrymercer
Remove regular workflow file updates from sync-back script
5d79536 
Co-authored-by: henrymercer <[email protected]>
@Copilot @henrymercer
Add sync-back script execution to rebuild workflow
f537110 
Co-authored-by: henrymercer <[email protected]>
@henrymercer
Rename script for consistency
d9bc711
@henrymercer
Run test script in CI
d08f929
@henrymercer
Run sync back script separately
cde0d79
@henrymercer
Remove unused imports
1343eba
@henrymercer
Simplify import
d0f02ad
@henrymercer
Use more generic regexp for sync.py changes
c9d2739
@github-actions
Update changelog and version after v3.30.3
191d3de
@github-actions
Rebuild
25c3218
@cklin
Merge pull request #3105 from github/mergeback/v3.30.3-to-main-192325c8
25e54df 
Mergeback v3.30.3 refs/heads/releases/v3 into main
henrymercer and others added 22 commits September 23, 2025 14:11
@henrymercer
Merge pull request #3138 from github/dependabot/github_actions/action…
d92eef9 
…s-a14fb9fd22

Bump the actions group across 1 directory with 2 updates
@igfoo
Merge pull request #3118 from github/update-bundle/codeql-bundle-v2.23.1
c6e30a2 
Update default bundle to 2.23.1
@henrymercer
Merge pull request #3140 from github/henrymercer/dependabot-rebuild-a…
0890b56 
…ctions

 Trigger sync back script automatically
@dependabot
Bump the npm group with 3 updates
c6674f9 
Bumps the npm group with 3 updates: [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `@eslint/compat` from 1.3.2 to 1.4.0
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v1.4.0/packages/compat)

Updates `@typescript-eslint/eslint-plugin` from 8.44.0 to 8.44.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.44.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.44.0 to 8.44.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.44.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.44.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.44.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
f54c1c0
@henrymercer
Merge pull request #3143 from github/dependabot/npm_and_yarn/npm-1a46…
a8eeef9 
…694d8a

Bump the npm group with 3 updates
@henrymercer
Update Dependabot configuration for GitHub Actions
86de17c
@mbg
Skip PR checks for events triggered by Dependabot
cec0b17
@mbg
Refactor assembling Authorization header value into its own function
efcf614
@mbg
Set Authorization header for downloading update-job-proxy
d43f46c
@mbg
Skip non-generated workflows for Dependabot
3183e6b
@mbg
Merge pull request #3145 from github/mbg/ci/skip-checks-for-dependabot
5a9c44b 
Skip PR checks for events triggered by Dependabot
@mbg
Apply review feedback
4e820a4
@henrymercer
Merge pull request #3144 from github/henrymercer/dependabot
8e25b34 
Update Dependabot configuration for GitHub Actions
@dependabot
Bump @actions/cache from 4.0.5 to 4.1.0 in the npm group
50a31df 
Bumps the npm group with 1 update: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache).


Updates `@actions/cache` from 4.0.5 to 4.1.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

---
updated-dependencies:
- dependency-name: "@actions/cache"
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
f134e09
@henrymercer
Merge pull request #3147 from github/dependabot/npm_and_yarn/npm-76d2…
435f474 
…ab1078

Bump @actions/cache from 4.0.5 to 4.1.0 in the npm group
@mbg
Remove url from log messages
6ccec2a
@mbg
Merge pull request #3146 from github/mbg/start-proxy/authenticate
39842d8 
Provide `Authorization` header when downloading `update-job-proxy`
@cklin
build: use --serial in 'just test_file'
1e72556 
Some tests require the --serial flag to pass.
@cklin
Merge pull request #3148 from github/cklin/just-test_file-serial
e4b85ab 
build: use --serial in 'just test_file'
@github-actions
Update changelog for v3.30.4
333a673
@igfoo igfoo marked this pull request as ready for review September 25, 2025 10:00
@igfoo igfoo requested a review from a team as a code owner September 25, 2025 10:00
@Copilot Copilot AI review requested due to automatic review settings September 25, 2025 10:00
Copilot
Copilot AI reviewed Sep 25, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request merges changes from the main branch into releases/v3, containing 36 individual pull requests with various improvements and fixes to the CodeQL Action.

Key changes include:

  • Version bump from 3.30.3 to 3.30.4
  • Support for CodeQL nightly tools downloads via "nightly" and "nightly-latest" inputs
  • Enhanced upload-sarif action with new sarif-ids output and improved error handling
  • Various dependency updates and bug fixes

Reviewed Changes

Copilot reviewed 175 out of 179 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Version bump to 3.30.4 and dependency updates
src/defaults.json Updates CodeQL CLI version to 2.23.1
src/upload-sarif-action.ts Restructured SARIF file handling with new sarif-ids output
upload-sarif/action.yml Updated action description and added new sarif-ids output
src/setup-codeql.ts Added support for downloading nightly CodeQL CLI builds
src/workflow.ts Added check for inconsistent CodeQL Action versions
Multiple test files New test coverage for various features
PR check files Updated action versions and removed redundant shell declarations
Files not reviewed (1)
  • package-lock.json: Language not supported

@igfoo igfoo merged commit 303c0ae into releases/v3 Sep 25, 2025
296 checks passed
@igfoo igfoo deleted the update-v3.30.4-e4b85ab65 branch September 25, 2025 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@igfoo igfoo igfoo approved these changes

Assignees

@igfoo igfoo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@igfoo @henrymercer @redsun82 @Copilot @mbg @cklin @nickrolfe @felickz @kaspersv