mirror of
https://github.com/gradle/actions.git
synced 2026-06-12 14:40:39 +00:00
483fcf682f81eb360aca0c708a67238cc629e9f5
684 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Daz DeBoer
|
8b6cdb5f58 |
CI: add requireable aggregate/no-op checks for branch protection (#984)
Prepares CI so a small, stable set of **required status checks** can be enabled (which in turn unlocks auto-merge), instead of having to list every fanned-out matrix job. GitHub required checks match by exact name — no wildcards — so this reduces the surface to a handful of high-level checks. ## Changes - **`ci-integ-test.yml`**: add an aggregate gate job `integ-test-success` that `needs:` all four top-level jobs (the three suite jobs each wrap a reusable workflow that fans out into many nested checks) and fails if any did not succeed. `if: always()` ensures it reports even when a dependency fails. This collapses dozens of nested integ-test checks into a single requireable check. - **`ci-init-script-check.yml`**: remove the workflow-level `pull_request.paths` filter so the workflow runs on every PR and always reports a status check (previously it was absent on most PRs, which would deadlock a required check). Relevant-change detection moves into the job via `tj-actions/changed-files` (same pinned action already used by `ci-check-no-dist-update.yml`). On a PR the Java/Gradle/test steps run only when init-script files changed; otherwise the job is a fast no-op that still succeeds. Push and `workflow_dispatch` runs execute fully as before. ## Suggested required-check set (all run on every PR, none can deadlock) - `CI-check-and-unit-test / check-format-and-unit-test` - `ci-validate-typings.yml / validate-typings` - `CI-validate-wrappers / validation` - `CI-codeql / Analyze (javascript-typescript)` - `CI-integ-test / integ-test-success` - `CI-init-script-check / test-init-scripts` `ci-check-no-dist-update` is intentionally **omitted** — it only runs on `dist/**` edits and is designed to fail, so it shouldn't be a required gate. > Confirm the exact check names from the list GitHub shows after this branch runs once. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
Daz DeBoer
|
e473973a5b |
Scope CI-integ-test concurrency groups per-branch
The concurrency groups used fixed names spanning all branches, so a push
to main could cancel a pending PR run (and vice versa), leaving PRs not
fully tested.
Append ${{ github.ref }} to each group so runs only supersede pending
runs on the same branch, while different branches run in parallel. Also
drop the `queue: max` key, which is not a valid GitHub Actions
concurrency option and was ignored.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
||
|
Daz DeBoer
|
35a4a3f355 | Queue up integ-test runs | ||
|
Daz DeBoer
|
9d6bacde37 |
Update @actions/cache and @actions/artifact, stop ignoring them in Dependabot (#978)
## What - Bumps `@actions/cache` 6.0.0 → 6.0.1 - Bumps `@actions/artifact` 6.1.0 → 6.2.1 - Removes the Dependabot `ignore` rules for both so they're maintained automatically going forward ## Why Both deps were excluded from Dependabot's automatic updates: `*actions/cache*` was fully ignored, and `*actions/artifact*` had major/minor bumps ignored. Neither restriction is necessary. The `cache` ignore existed out of concern for keeping versions aligned with the vendored `gradle-actions-caching` library. That alignment isn't required: - The vendored bundle (`sources/vendor/gradle-actions-caching/index.js`) **inlines** its own (patched) `@actions/cache` and exposes a type-clean API (`restore`/`save`) that never leaks `@actions/cache` types across the boundary. - This repo's own direct `@actions/cache` usage is a **separate, unpatched copy** consumed via the stock string-returning API (`cache-service-basic.ts`, `provision.ts`), with no `patch-package`/`postinstall` in this repo. So there's no cross-repo sync requirement — these can be updated like any other dependency. ## Verification - `npm install --package-lock-only` regenerated the lockfile (resolves cache 6.0.1, artifact 6.2.1) - `./build` passes clean The root `dist/` directory is intentionally left for the CI workflow to update. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
Bot Githubaction
|
f37016fb25 |
Bump references to Develocity Gradle plugin from 4.4.0 to 4.4.2 (#973)
This PR bumps references to Develocity Gradle plugin from 4.4.0 to 4.4.2. |
||
|
dependabot[bot]
|
8499b50242 |
Bump the github-actions group across 2 directories with 8 updates (#976)
Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [gradle/actions](https://github.com/gradle/actions) | `6.0.1` | `6.1.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.5` | `47.0.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | Bumps the github-actions group with 2 updates in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 6.0.2 to 6.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.3</h2> <h2>What's Changed</h2> <ul> <li>Update changelog by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yaananth"><code>@yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a> Update changelog for v6.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a> Fix checkout init for SHA-256 repositories (<a href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li> <li><a href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a> fix: expand merge commit SHA regex and add SHA-256 test cases (<a href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li> <li><a href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a> Update changelog (<a href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-node` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Dependency updates:</h3> <ul> <li>Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> <li>Update Node.js versions in versions.yml and bump package to v6.4.0 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1533">actions/setup-node#1533</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.4.0">https://github.com/actions/setup-node/compare/v6...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"><code>48b55a0</code></a> Update Node.js versions in versions.yml and bump package to v6.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1533">#1533</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9"><code>ab72c7e</code></a> Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies (<a href="https://redirect.github.com/actions/setup-node/issues/1525">#1525</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e">compare view</a></li> </ul> </details> <br /> Updates `gradle/actions` from 6.0.1 to 6.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>New: Basic Cache Provider</h2> <p>A new MIT-licensed <strong>Basic Caching</strong> provider is now available as an alternative to the proprietary <strong>Enhanced Caching</strong> provided by <code>gradle-actions-caching</code>. Choose Basic Caching by setting <code>cache-provider: basic</code> on <code>setup-gradle</code> or <code>dependency-submission</code> actions.</p> <ul> <li>Built on <code>@actions/cache</code> -- fully open source</li> <li>Caches <code>~/.gradle/caches</code> and <code>~/.gradle/wrapper</code> directories</li> <li>Cache key derived from build files (<code>*.gradle*</code>, <code>gradle-wrapper.properties</code>, etc.)</li> <li>Clean cache on build file changes (no restore keys, preventing stale entry accumulation)</li> </ul> <p><strong>Limitations vs Enhanced Caching:</strong> No cache cleanup, no deduplication of cached content, cached content is fixed unless build files change.</p> <h2>Revamped Licensing & Distribution Documentation</h2> <ul> <li>New <strong>DISTRIBUTION.md</strong> documents the licensing of each component (particularly Basic Caching vs Enhanced Caching)</li> <li>Simplified licensing notices in README, docs, and runtime log output</li> <li>Clear usage tiers: Enhanced Caching is free for public repos and in Free Preview for private repos</li> </ul> <h2>What's Changed</h2> <ul> <li>Use a unique cache entry for wrapper-validation test by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/921">gradle/actions#921</a></li> <li>Update Dependencies by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/922">gradle/actions#922</a></li> <li>Update dependencies and resolve npm vulnerabilities by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/933">gradle/actions#933</a></li> <li>Add open-source 'basic' cache provider and revamp licensing documentation by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/930">gradle/actions#930</a></li> <li>Restructure caching documentation for basic and enhanced providers by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/934">gradle/actions#934</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v6.0.1...v6.1.0">https://github.com/gradle/actions/compare/v6.0.1...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/50e97c2cd7a37755bbfafc9c5b7cafaece252f6e"><code>50e97c2</code></a> Link to docs for caching providers</li> <li><a href="https://github.com/gradle/actions/commit/f2e6298504c4b1f20294637059e1d0d89422409a"><code>f2e6298</code></a> Restructure caching documentation for basic and enhanced providers (<a href="https://redirect.github.com/gradle/actions/issues/934">#934</a>)</li> <li><a href="https://github.com/gradle/actions/commit/b294b1e2dbcf270bfe835590dedbbc7e2024618c"><code>b294b1e</code></a> Really fix integ-test-full</li> <li><a href="https://github.com/gradle/actions/commit/83d3189aae3332f1b2235b42d8804258f2348213"><code>83d3189</code></a> Revise license details for gradle-actions-caching</li> <li><a href="https://github.com/gradle/actions/commit/1d5db06d2662829845876553d61cf3df3cf997d1"><code>1d5db06</code></a> Update license link for gradle-actions-caching component</li> <li><a href="https://github.com/gradle/actions/commit/1c809615505fae9768e2610dc6dbecdc3a796443"><code>1c80961</code></a> Fix license link for Enhanced Caching component</li> <li><a href="https://github.com/gradle/actions/commit/9e99920b14b9dc5a9bf8c72e94ba47ebf5bbaee6"><code>9e99920</code></a> Fix integ-test-full workflow</li> <li><a href="https://github.com/gradle/actions/commit/bb8aaaf9d56f25afd4a90925425facf294f31fcf"><code>bb8aaaf</code></a> Fix workflow permissions</li> <li><a href="https://github.com/gradle/actions/commit/f5dfb43fc8c99c758ebf2324d102118e5faf6cb6"><code>f5dfb43</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/ff9ae24c39252301b448088d2c7d9f0a2d8066dd"><code>ff9ae24</code></a> Add open-source 'basic' cache provider and revamp licensing documentation (<a href="https://redirect.github.com/gradle/actions/issues/930">#930</a>)</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f...50e97c2cd7a37755bbfafc9c5b7cafaece252f6e">compare view</a></li> </ul> </details> <br /> Updates `tj-actions/changed-files` from 47.0.5 to 47.0.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v47.0.6</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v47.0.5 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2816">tj-actions/changed-files#2816</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2817">tj-actions/changed-files#2817</a></li> <li>chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2818">tj-actions/changed-files#2818</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.3 to 25.3.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2820">tj-actions/changed-files#2820</a></li> <li>chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2819">tj-actions/changed-files#2819</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.5 to 25.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2825">tj-actions/changed-files#2825</a></li> <li>chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2824">tj-actions/changed-files#2824</a></li> <li>chore(deps): bump github/codeql-action from 4.32.6 to 4.35.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2834">tj-actions/changed-files#2834</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2831">tj-actions/changed-files#2831</a></li> <li>chore(deps): bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2830">tj-actions/changed-files#2830</a></li> <li>chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2829">tj-actions/changed-files#2829</a></li> <li>chore(deps-dev): bump jest from 30.2.0 to 30.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2822">tj-actions/changed-files#2822</a></li> <li>chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2849">tj-actions/changed-files#2849</a></li> <li>chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2848">tj-actions/changed-files#2848</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.5.0 to 25.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2846">tj-actions/changed-files#2846</a></li> <li>chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2844">tj-actions/changed-files#2844</a></li> <li>chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2843">tj-actions/changed-files#2843</a></li> <li>chore(deps): bump lodash from 4.17.23 to 4.18.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2837">tj-actions/changed-files#2837</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">47.0.6</a> - (2026-04-18)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2817">#2817</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/c23d52ba6ff8c67273c61e097615eafe88cb8650">c23d52b</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Bump lodash from 4.17.23 to 4.18.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2837">#2837</a>) (<a href="https://github.com/tj-actions/changed-files/commit/9426d40962ed5378910ee2e21d5f8c6fcbf2dd96">9426d40</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2843">#2843</a>) (<a href="https://github.com/tj-actions/changed-files/commit/32de080616d8c84d89622770d26b0857f4ce8b49">32de080</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2844">#2844</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2487d125c6ecf3457228762d50599297a8c80310">2487d12</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.5.0 to 25.6.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2846">#2846</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cef85a3eab76d9db9f294de4915d6a31b1dcbfda">cef85a3</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump prettier from 3.8.1 to 3.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2848">#2848</a>) (<a href="https://github.com/tj-actions/changed-files/commit/7b082dee30a6f42592f70940c0f0a26a72af452c">7b082de</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.35.1 to 4.35.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2849">#2849</a>) (<a href="https://github.com/tj-actions/changed-files/commit/07224cab5986b4ce28c5080f4a804e5573422714">07224ca</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump jest from 30.2.0 to 30.3.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2822">#2822</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2bb135777322059ee3a3c9239999b159ff49febc">2bb1357</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2829">#2829</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cc98117d3993777f3babaccc496514b4a65652a9">cc98117</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump yaml from 2.8.2 to 2.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2830">#2830</a>) (<a href="https://github.com/tj-actions/changed-files/commit/786e4213eac60d6e2b4492135b46644269fac3db">786e421</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2831">#2831</a>) (<a href="https://github.com/tj-actions/changed-files/commit/726b41bbed783a50de97829de6d977cd665831f7">726b41b</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.6 to 4.35.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2834">#2834</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2c3585e584822ed39e27c6c471225dde37991778">2c3585e</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2824">#2824</a>) (<a href="https://github.com/tj-actions/changed-files/commit/3d37a7ff08a7ce64b4cab9669eac39b0709cdac9">3d37a7f</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.3.5 to 25.5.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2825">#2825</a>) (<a href="https://github.com/tj-actions/changed-files/commit/445b0eb32849cdd5b22a390bf0568af00ed4ca34">445b0eb</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.5 to 4.32.6 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2819">#2819</a>) (<a href="https://github.com/tj-actions/changed-files/commit/4f892cd56345d721bac7139000c4b4a22c8f138f">4f892cd</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.3.3 to 25.3.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2820">#2820</a>) (<a href="https://github.com/tj-actions/changed-files/commit/611865116d9f223a0ca640071aec29292c81978f">6118651</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/setup-node from 6.2.0 to 6.3.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2818">#2818</a>) (<a href="https://github.com/tj-actions/changed-files/commit/e517d7a5ca34a5d08bbe5c949e59381bd6d7cce2">e517d7a</a>) - (dependabot[bot])</li> </ul> <h2><!-- raw HTML omitted -->⬆️ Upgrades</h2> <ul> <li>Upgraded to v47.0.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2816">#2816</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/4750530ff4e020eafc769c56c2fa8376ca8ad8e9">4750530</a>) - (github-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">47.0.5</a> - (2026-03-03)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2805">#2805</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> (<a href="https://github.com/tj-actions/changed-files/commit/35dace0375d89e25e78db5f0a44127b61f4e5c20">35dace0</a>) - (github-actions[bot])</p> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2803">#2803</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/9ee99eb5bda5d6a67fedcd50ecd24fb10add2f41">9ee99eb</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/9426d40962ed5378910ee2e21d5f8c6fcbf2dd96"><code>9426d40</code></a> chore(deps): bump lodash from 4.17.23 to 4.18.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2837">#2837</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/32de080616d8c84d89622770d26b0857f4ce8b49"><code>32de080</code></a> chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2843">#2843</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/2487d125c6ecf3457228762d50599297a8c80310"><code>2487d12</code></a> chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2844">#2844</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cef85a3eab76d9db9f294de4915d6a31b1dcbfda"><code>cef85a3</code></a> chore(deps-dev): bump <code>@types/node</code> from 25.5.0 to 25.6.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2846">#2846</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/7b082dee30a6f42592f70940c0f0a26a72af452c"><code>7b082de</code></a> chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2848">#2848</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/07224cab5986b4ce28c5080f4a804e5573422714"><code>07224ca</code></a> chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2849">#2849</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/2bb135777322059ee3a3c9239999b159ff49febc"><code>2bb1357</code></a> chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2822">#2822</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cc98117d3993777f3babaccc496514b4a65652a9"><code>cc98117</code></a> chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2829">#2829</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/786e4213eac60d6e2b4492135b46644269fac3db"><code>786e421</code></a> chore(deps): bump yaml from 2.8.2 to 2.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2830">#2830</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/726b41bbed783a50de97829de6d977cd665831f7"><code>726b41b</code></a> chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2831">#2831</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tj-actions/changed-files/compare/22103cc46bda19c2b464ffe86db46df6922fd323...9426d40962ed5378910ee2e21d5f8c6fcbf2dd96">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 4.35.1 to 4.36.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.36.2</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>v4.36.1</h2> <p>No user facing changes.</p> <h2>v4.36.0</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>v4.35.5</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>v4.35.4</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>v4.35.3</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>v4.35.2</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>4.35.2 - 15 Apr 2026</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e"><code>8aad20d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3949">#3949</a> from github/update-v4.36.2-dcb947ce1</li> <li><a href="https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a"><code>f521b08</code></a> Add additional changelog notes</li> <li><a href="https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08"><code>8aeff0f</code></a> Update changelog for v4.36.2</li> <li><a href="https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c"><code>dcb947c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3948">#3948</a> from github/update-bundle/codeql-bundle-v2.25.6</li> <li><a href="https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9"><code>c251bce</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c"><code>62953c1</code></a> Update default bundle to codeql-bundle-v2.25.6</li> <li><a href="https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37"><code>423b570</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3946">#3946</a> from github/dependabot/npm_and_yarn/npm-minor-5d507a...</li> <li><a href="https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496"><code>c35d1b1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3947">#3947</a> from github/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd"><code>cb1a588</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3937">#3937</a> from github/robertbrignull/waitForProcessing_backoff</li> <li><a href="https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206"><code>ba47406</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3943">#3943</a> from github/henrymercer/cache-cli-version-info</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...8aad20d150bbac5944a9f9d289da16a4b0d87c1e">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update the readme with direct upload details by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li> <li>Readme: bump all the example versions to v7 by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li> <li>Include changes in typespec/ts-http-runtime 0.3.5 by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"><code>043fb46</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a> from actions/yacaovsnc/update-dependency</li> <li><a href="https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94"><code>634250c</code></a> Include changes in typespec/ts-http-runtime 0.3.5</li> <li><a href="https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8"><code>e454baa</code></a> Readme: bump all the example versions to v7 (<a href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e"><code>74fad66</code></a> Update the readme with direct upload details (<a href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a">compare view</a></li> </ul> </details> <br /> Updates `actions/github-script` from 8.0.0 to 9.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3">compare view</a></li> </ul> </details> <br /> Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v8.1.1</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump the npm group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4305">peter-evans/create-pull-request#4305</a></li> <li>build(deps): bump minimatch by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4311">peter-evans/create-pull-request#4311</a></li> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4316">peter-evans/create-pull-request#4316</a></li> <li>build(deps): bump <code>@tootallnate/once</code> and jest-environment-jsdom by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4323">peter-evans/create-pull-request#4323</a></li> <li>build(deps-dev): bump undici from 6.23.0 to 6.24.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4328">peter-evans/create-pull-request#4328</a></li> <li>build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4334">peter-evans/create-pull-request#4334</a></li> <li>build(deps): bump picomatch by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4339">peter-evans/create-pull-request#4339</a></li> <li>build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4344">peter-evans/create-pull-request#4344</a></li> <li>build(deps-dev): bump the npm group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4349">peter-evans/create-pull-request#4349</a></li> <li>fix: retry post-creation API calls on 422 eventual consistency errors by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4356">peter-evans/create-pull-request#4356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1">https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/5f6978faf089d4d20b00c7766989d076bb2fc7f1"><code>5f6978f</code></a> fix: retry post-creation API calls on 422 eventual consistency errors (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4356">#4356</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/d32e88dac789dcc7906e7d26f69f24116fa9c97d"><code>d32e88d</code></a> build(deps-dev): bump the npm group with 3 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4349">#4349</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/8170bccad11c0df62542c04dcaefe36d342dfd39"><code>8170bcc</code></a> build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4344">#4344</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/00418193b417f888dbf1d993c5c0d31d27fdc7de"><code>0041819</code></a> build(deps): bump picomatch (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4339">#4339</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b993918c8536b6d44706130734d5456879762b27"><code>b993918</code></a> build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4334">#4334</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/36d7c8468b48f9c2f8f29e260e82f10d4b90d2bd"><code>36d7c84</code></a> build(deps-dev): bump undici from 6.23.0 to 6.24.0 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4328">#4328</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a45d1fb447fcaf601166e405fd4f335cde1a8aa8"><code>a45d1fb</code></a> build(deps): bump <code>@tootallnate/once</code> and jest-environment-jsdom (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4323">#4323</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/3499eb61835cc0015c0b786e203d74b1e8f55e43"><code>3499eb6</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4316">#4316</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f"><code>3f3b473</code></a> build(deps): bump minimatch (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4311">#4311</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/6699836a213cf8b28c4f0408a404a6ac79d4458a"><code>6699836</code></a> build(deps-dev): bump the npm group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4305">#4305</a>)</li> <li>See full diff in <a href="https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-node` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Dependency updates:</h3> <ul> <li>Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> <li>Update Node.js versions in versions.yml and bump package to v6.4.0 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1533">actions/setup-node#1533</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.4.0">https://github.com/actions/setup-node/compare/v6...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"><code>48b55a0</code></a> Update Node.js versions in versions.yml and bump package to v6.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1533">#1533</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9"><code>ab72c7e</code></a> Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies (<a href="https://redirect.github.com/actions/setup-node/issues/1525">#1525</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update the readme with direct upload details by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li> <li>Readme: bump all the example versions to v7 by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></... _Description has been truncated_ Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jérôme Prinet <jprinet@gradle.com> |
||
|
Bot Githubaction
|
6959d5a1db |
Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/kotlin-dsl (#965)
Bump Gradle Wrapper from 9.4.1 to 9.5.1. Release notes of Gradle 9.5.1 can be found here: https://docs.gradle.org/9.5.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
Bot Githubaction
|
139f652ee4 |
Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/java-toolchain (#964)
Bump Gradle Wrapper from 9.4.1 to 9.5.1. Release notes of Gradle 9.5.1 can be found here: https://docs.gradle.org/9.5.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
Bot Githubaction
|
77818a6789 |
Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/groovy-dsl (#963)
Bump Gradle Wrapper from 9.4.1 to 9.5.1. Release notes of Gradle 9.5.1 can be found here: https://docs.gradle.org/9.5.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
Bot Githubaction
|
d0dd67506b |
Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/gradle-plugin (#962)
Bump Gradle Wrapper from 9.4.1 to 9.5.1. Release notes of Gradle 9.5.1 can be found here: https://docs.gradle.org/9.5.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
Daz DeBoer
|
b294b1e2db | Really fix integ-test-full | ||
|
Daz DeBoer
|
9e99920b14 | Fix integ-test-full workflow | ||
|
Daz DeBoer
|
bb8aaaf9d5 | Fix workflow permissions | ||
|
Daz DeBoer
|
ff9ae24c39 |
Add open-source 'basic' cache provider and revamp licensing documentation (#930)
## Summary
- **New `basic` cache provider**: Adds an open-source (MIT-licensed)
caching implementation built on `@actions/cache` as an alternative to
the proprietary Enhanced Caching. Users can opt in with `cache-provider:
basic` on both `setup-gradle` and `dependency-submission` actions.
- **Revamped licensing & distribution docs**: Replaces the verbose
licensing notice block (previously shown in README, docs, and logs) with
a friendlier callout and a new dedicated
[DISTRIBUTION.md](./DISTRIBUTION.md) covering component licensing, usage
tiers, data privacy ("Safe Harbor"), and opt-out instructions.
- **Improved messaging**: Enhanced Caching and Basic Caching each
display concise, informative log messages and job summary notes instead
of the previous wall-of-text license warning.
- **New integration tests**: Adds `integ-test-basic-cache-provider.yml`
workflow that seeds and verifies the basic cache provider across
platforms, plus unit tests for `BasicCacheService` and `getCacheService`
selection logic.
- **CI workflow reorganization**: Dependency-submission integration
tests extracted into their own reusable suite
(`suite-integ-test-dependency-submission.yml`); sample project tests
moved into the caching suite.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|
Daz DeBoer
|
f333b2d34b |
Update dependencies and resolve npm vulnerabilities (#933)
This pull request includes dependency updates, a minor bug fix, and a workflow update. The most significant changes are grouped below: Dependency Updates: * Updated several development dependencies in `sources/package.json`, including `@typescript-eslint/eslint-plugin` to 8.58.0, `esbuild` to 0.28.0, and `ts-jest` to 29.4.9, to keep the project up to date with the latest features and bug fixes. Bug Fix: * Fixed a typo in the import statement for `deprecation-collector` in `sources/src/configuration.ts`, correcting the import from `de cator` to `deprecator`. CI/CD Workflow Update: * Updated the commit hashes for the `github/codeql-action/init` and `github/codeql-action/analyze` steps in `.github/workflows/ci-codeql.yml` to use a newer commit, ensuring the workflow uses the latest patches for these actions. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5f8d454165 |
Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [gradle/actions](https://github.com/gradle/actions) and [github/codeql-action](https://github.com/github/codeql-action). Updates `gradle/actions` from 5.0.2 to 6.0.1 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/0723195856401067f7a2779048b490ace7a47d7c...39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f) Updates `github/codeql-action` from 4.33.0 to 4.34.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b1bff81932f5cdfc8695c7752dcee935dcd061c8...38697555549f1db7851b81482ff19f1fa5c4fedc) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
bot-githubaction
|
00c71e737e | Bump references to Develocity Gradle plugin from 4.3.2 to 4.4.0 | ||
|
Daz DeBoer
|
0b8fa27eb1 |
Use a unique cache entry for wrapper-validation test (#921)
This is necessary to avoid loading a cache entry from a different test, where the allowed wrapper checksums might have been cached, causing the wrapper validation to unexpectedly succeed. |
||
|
Daz DeBoer
|
f64284c333 |
Mute license warning when terms are accepted (#911)
With licensing changes in v6, a license warning was added to the logs and job summary. Now, accepting the Build Scan Terms of Use or providing a Develocity Access Key will mute this warning. |
||
|
Daz DeBoer
|
3d0e2a88da | Pin version for github actions | ||
|
Daz DeBoer
|
f663ed9f3d | Ignore internal action files for type validation | ||
|
Leonard Brünings
|
9e6b5adc6e |
Add typing information for use by typesafegithub (#814)
Introduces type descriptor YAML files for GitHub Actions in the repository, improving type safety and documentation for action inputs and outputs. It also adds a new GitHub Actions workflow to validate these typings automatically on pushes and pull requests. The changes are grouped into the addition of type descriptor files for various actions and the automation of their validation. https://github.com/typesafegithub/github-actions-typing **Type descriptor files for GitHub Actions:** * Added `action-types.yml` files to `setup-gradle`, `dependency-submission`, and `wrapper-validation` actions, specifying input and output types for each action to improve type safety and documentation. [[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171) [[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146) [[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17) **Automation and validation:** * Introduced a new GitHub Actions workflow `.github/workflows/ci-validate-typings.yml` to automatically validate action typings on pushes to `main` and `release/**` branches, as well as on pull requests. This uses the `github-actions-typing` action for validation. |
||
|
Daz DeBoer
|
dd0829a494 | Add cache-disabled example to demo workflow | ||
|
bot-githubaction
|
51a7f13c39 |
Bump Gradle Wrapper from 9.4.0 to 9.4.1.
Release notes of Gradle 9.4.1 can be found here: https://docs.gradle.org/9.4.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
dependabot[bot]
|
2c1f55600d |
Bump github/codeql-action in the github-actions group across 1 directory
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.32.6 to 4.33.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...b1bff81932f5cdfc8695c7752dcee935dcd061c8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
Daz DeBoer
|
25454f526a |
Avoid windows shutdown bug (#900)
* Avoid windows shutdown bug with shutdown delay * Use a separate concurrency group for integ-test-full |
||
|
Daz DeBoer
|
2cab5e3c71 | Fix path for running full-integ-test | ||
|
Daz DeBoer
|
56227c19fe | Run only one integ-test suite at a time | ||
|
Daz DeBoer
|
b99ed96fc6 | Fix branch name for update PR | ||
|
Daz DeBoer
|
9becd650e8 | Run integ-test-full for gradle-actions-caching updates | ||
|
Daz DeBoer
|
a0ee12f71e |
Extract caching logic into a separate gradle-actions-caching component (#885)
With this change, the caching functionality of `setup-gradle` and `dependency-submission` is now provided by `gradle-actions-caching`, a closed-source library distributed under our [Terms of Use](https://gradle.com/legal/terms-of-use/). The rest of the action implementation remains open source. Using `setup-gradle` or `dependency-submission` with caching enabled involves loading and using the `gradle-actions-caching` component, requiring acceptance of the [Terms of Use](https://gradle.com/legal/terms-of-use/). There are no functional changes to caching provided by these actions: all workflows will continue to function as before. The non-caching aspects of action implementation remain open source. By running these actions with caching disabled they can be used without ever loading `gradle-actions-caching` or accepting the license terms. Supporting the caching infrastructure in this project requires a substantial engineering investment by Gradle Technologies, which we can sustain thanks to Develocity, our commercial offering. Caching technologies are a core part of the Develocity offering, and the caching in `setup-gradle` fits squarely in that space. This licensing change lets us continue to build advanced capabilities that go beyond what we would offer as open source. Proper production-ready Configuration Cache support will be the first capability. Improving build performance for self-hosted runners will follow. We may introduce functionality restrictions in future updates. However, caching functionality will remain free for public repositories. We have a long-standing commitment to open source, as maintainers of Gradle Build Tool, and by [sponsoring the open source community](https://gradle.com/oss-sponsored-by-develocity/) with free Develocity licenses. Public repositories are primarily used by open source projects, and we remain committed to supporting them. - Implementation of caching logic to save and restore Gradle User Home content has been removed, replaced by the `gradle-actions-caching` component. - The `@actions/caching` library is still used to cache Gradle distributions that are downloaded and provisioned by `setup-gradle`. This PR updates to the latest version of `@actions/caching`, and removes the patch that is no longer required. - License notices are now displayed in documentation, logs and the generated Job Summary. |
||
|
Daz DeBoer
|
c999154b1f |
Remove configuration-cache support (#884)
Removes support for configuration-cache extraction and restore from the caching workflow and related source code. Configuration-cache support only worked for a limited set of projects (gradle/actions#21), and we plan to reimplement this properly as part of the `gradle-actions-caching` project. The main impact is simplification of the caching logic, focusing only on common Gradle artifacts. The `ConfigurationCacheEntryExtractor` class and related logic were deleted from `sources/src/caching/gradle-home-extry-extractor.ts`. |
||
|
dependabot[bot]
|
03ee1e1693 |
Bump the github-actions group across 3 directories with 5 updates (#880)
Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.3.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.4` | `47.0.5` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.32.6` | | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6.3.0` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f) Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/7dee1b0c1557f278e5c7dc244927139d78c0e22a...22103cc46bda19c2b464ffe86db46df6922fd323) Updates `github/codeql-action` from 4.32.4 to 4.32.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...0d579ffd059c29b07949a3cce3983f0780820c98) Updates `crazy-max/ghaction-import-gpg` from 6.3.0 to 7.0.0 - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/e89d40939c28e39f97cf32126055eeae86ba74ec...2dc316deee8e90f13e1a351ab510b4d5bc0c82cd) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jérôme Prinet <jprinet@gradle.com> |
||
|
Daz DeBoer
|
a3dd0763dc |
Dependency updates (#876)
* Bump Gradle Wrapper from 9.3.1 to 9.4.0. Release notes of Gradle 9.4.0 can be found here: https://docs.gradle.org/9.4.0/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> * Bump the github-actions group across 3 directories with 3 updates Bumps the github-actions group with 3 updates in the / directory: [gradle/actions](https://github.com/gradle/actions), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `gradle/actions` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/f29f5a9d7b09a7c6b29859002d29d24e1674c884...0723195856401067f7a2779048b490ace7a47d7c) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) Updates `actions/download-artifact` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) Updates `actions/download-artifact` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the npm-dependencies group in /sources with 3 updates Bumps the npm-dependencies group in /sources with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [dedent](https://github.com/dmnd/dedent) and [globals](https://github.com/sindresorhus/globals). Updates `@types/node` from 25.3.2 to 25.3.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `dedent` from 1.7.1 to 1.7.2 - [Release notes](https://github.com/dmnd/dedent/releases) - [Changelog](https://github.com/dmnd/dedent/blob/main/CHANGELOG.md) - [Commits](https://github.com/dmnd/dedent/compare/v1.7.1...v1.7.2) Updates `globals` from 17.3.0 to 17.4.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](https://github.com/sindresorhus/globals/compare/v17.3.0...v17.4.0) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: dedent dependency-version: 1.7.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: globals dependency-version: 17.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: bot-githubaction <bot-githubaction@gradle.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0723195856 |
Bump github/codeql-action in the github-actions group across 1 directory (#864)
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...89a39a4e59826350b863aa6b6252a07ad50cf83e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
a51c1c2093 |
Bump the github-actions group across 1 directory with 2 updates (#860)
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action). Updates `tj-actions/changed-files` from 47.0.1 to 47.0.4 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/e0021407031f5be11a464abee9a0776171c79891...7dee1b0c1557f278e5c7dc244927139d78c0e22a) Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...9e907b5e64f6b83e7804b09294d44122997950d6) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: 47.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Daz DeBoer
|
78f7dee633 |
Workflow fixes (#856)
* Fix cache key for cleanup check in workflow * Rename job for custom report submission in workflow |
||
|
Daz DeBoer
|
1f0a4bb10f | Install DV agent for ci-update-dist workflow | ||
|
Daz DeBoer
|
d9d9739be8 | Use recommended DV config for npm | ||
|
dependabot[bot]
|
88d177f2ef |
Bump the github-actions group across 2 directories with 3 updates
Bumps the github-actions group with 2 updates in the / directory: [gradle/actions](https://github.com/gradle/actions) and [github/codeql-action](https://github.com/github/codeql-action). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java). Updates `gradle/actions` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2...f29f5a9d7b09a7c6b29859002d29d24e1674c884) Updates `github/codeql-action` from 4.32.0 to 4.32.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2) Updates `actions/setup-java` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/f2beeb24e141e01a676f977032f5a29d81c9e27e...be666c2fcd27ec809703dec50e508c2fdc7f6654) Updates `actions/setup-java` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/f2beeb24e141e01a676f977032f5a29d81c9e27e...be666c2fcd27ec809703dec50e508c2fdc7f6654) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
bot-githubaction
|
7d36419f83 |
Bump Gradle Wrapper from 9.3.0 to 9.3.1.
Release notes of Gradle 9.3.1 can be found here: https://docs.gradle.org/9.3.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
bot-githubaction
|
9d5155435d | Bump references to Develocity Gradle plugin from 4.3.1 to 4.3.2 | ||
|
Daz DeBoer
|
f29f5a9d7b | Attempt to fix flaky caching tests (#836) | ||
|
dependabot[bot]
|
00660c8721 |
Bump github/codeql-action from 4.31.10 to 4.32.0 in the github-actions group across 1 directory (#835)
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.31.10 to 4.32.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.32.0</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li> </ul> <h2>v4.31.11</h2> <ul> <li>When running a Default Setup workflow with <a href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions debugging enabled</a>, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. <a href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li> <li>Improved error handling throughout the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li> <li>Added experimental support for automatically excluding <a href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated files</a> from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li> <li>The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. <a href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.32.0 - 26 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li> </ul> <h2>4.31.11 - 23 Jan 2026</h2> <ul> <li>When running a Default Setup workflow with <a href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions debugging enabled</a>, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. <a href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li> <li>Improved error handling throughout the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li> <li>Added experimental support for automatically excluding <a href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated files</a> from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li> <li>The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. <a href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li> </ul> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30"><code>b20883b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3428">#3428</a> from github/update-v4.32.0-e3b8227a2</li> <li><a href="https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b"><code>c9aa45d</code></a> Update changelog for v4.32.0</li> <li><a href="https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634"><code>e3b8227</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3427">#3427</a> from github/henrymercer/bump-for-new-minor-series</li> <li><a href="https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064"><code>8a01181</code></a> Compare minor version number</li> <li><a href="https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae"><code>80e1425</code></a> Bump minor version for CLI v2.24.0</li> <li><a href="https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a"><code>b748848</code></a> Bump the Action minor version number on new CodeQL minor version series</li> <li><a href="https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18"><code>5e767ef</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3425">#3425</a> from github/update-bundle/codeql-bundle-v2.24.0</li> <li><a href="https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86"><code>9752869</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e"><code>c62c214</code></a> Update default bundle to codeql-bundle-v2.24.0</li> <li><a href="https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490"><code>25a224b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3423">#3423</a> from github/mbg/ci/yq-windows</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/cdefb33c0f6224e58673d9004f47f7cb3e328b89...b20883b0cd1f46c72ae0ba6d1090936928f9fa30">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
baabf402fa |
Bump the github-actions group across 2 directories with 5 updates
Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.31.10` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.1.0` | `5.2.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.0` | Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) Updates `github/codeql-action` from 4.31.9 to 4.31.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...cdefb33c0f6224e58673d9004f47f7cb3e328b89) Updates `actions/setup-java` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/f2beeb24e141e01a676f977032f5a29d81c9e27e...be666c2fcd27ec809703dec50e508c2fdc7f6654) Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/98357b18bf14b5342f975ff684046ec3b2a07725...c0f553fe549906ede9cf27b5156039d195d2ece0) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
bot-githubaction
|
b2bdcb9213 |
Bump Gradle Wrapper from 9.2.1 to 9.3.0.
Release notes of Gradle 9.3.0 can be found here: https://docs.gradle.org/9.3.0/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
bot-githubaction
|
4211840687 | Bump references to Develocity Gradle plugin from 4.3 to 4.3.1 | ||
|
dependabot[bot]
|
342bf5a6b8 |
Bump stefanzweifel/git-auto-commit-action
Bumps the github-actions group with 1 update in the / directory: [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action). Updates `stefanzweifel/git-auto-commit-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/28e16e81777b558cc906c8750092100bbb34c5e3...04702edda442b2e678b25b537cec683a1493fcb9) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
dependabot[bot]
|
030fdb2d3d |
Bump the npm-dependencies group in /sources with 3 updates (#804)
Bumps the npm-dependencies group in /sources with 3 updates: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [dedent](https://github.com/dmnd/dedent). Updates `@actions/cache` from 4.0.5 to 4.1.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md"><code>@actions/cache</code>'s changelog</a>.</em></p> <blockquote> <h3>4.1.0</h3> <ul> <li>Remove client side 10GiB cache size limit check & update twirp client <a href="https://redirect.github.com/actions/toolkit/pull/2118">#2118</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/actions/toolkit/commits/HEAD/packages/cache">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 25.0.2 to 25.0.3 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `dedent` from 1.7.0 to 1.7.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/dmnd/dedent/commits">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | @types/node | [>= 22.a, < 23] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jerome Prinet <jprinet@gradle.com> |
||
|
dependabot[bot]
|
077b923404 |
Bump github/codeql-action from 4.31.8 to 4.31.9 in the github-actions group across 1 directory (#805)
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.31.8 to 4.31.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <ul> <li>Bump minimum CodeQL bundle version to 2.17.6. <a href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li> <li>When SARIF files are uploaded by the <code>analyze</code> or <code>upload-sarif</code> actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the <code>upload-sarif</code> action. For <code>analyze</code>, this may affect Advanced Setup for CodeQL users who specify a value other than <code>always</code> for the <code>upload</code> input. <a href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7"><code>5d4e8d1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3371">#3371</a> from github/update-v4.31.9-998798e34</li> <li><a href="https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83"><code>1dc115f</code></a> Update changelog for v4.31.9</li> <li><a href="https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6"><code>998798e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3352">#3352</a> from github/nickrolfe/jar-min-ff-cleanup</li> <li><a href="https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90"><code>5eb7519</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3358">#3358</a> from github/henrymercer/database-upload-telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc"><code>d29eddb</code></a> Extract version number to constant</li> <li><a href="https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6"><code>e962687</code></a> Merge branch 'main' into henrymercer/database-upload-telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b"><code>19c7f96</code></a> Rename <code>isOverlayBase</code></li> <li><a href="https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf"><code>ae5de9a</code></a> Use <code>getErrorMessage</code> in log too</li> <li><a href="https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954"><code>0cb8633</code></a> Prefer <code>performance.now()</code></li> <li><a href="https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec"><code>c07cc0d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3351">#3351</a> from github/henrymercer/ghec-dr-determine-tools-vers...</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/1b168cd39490f61582a9beae412bb7057a6b2c4e...5d4e8d1aca955e8d8589aabd499c5cae939e33c7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |