[v4] Upgrade Node.js runtime from v20 to v24 #3169
Conversation
This requires creating a new major-version (v4) of codeql-action.
I got ahead of myself; v4 hasn't been tagged yet.
mario-campos
force-pushed
the
mario-campos/node24
branch
from
1a2ce7a to
d4b5380
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the CodeQL Action's Node.js runtime from v20 to v24 for the upcoming v4 release. This represents a major runtime upgrade to modernize the action's execution environment.
Key changes:
- Updated all action.yml files to use Node.js v24 runtime instead of v20
- Updated package.json and build configuration to target Node.js v24
- Updated test fixtures and documentation to reference v4 instead of v3
- Modified CI workflows to test on both Node.js 20 and 24 versions
Reviewed Changes
Copilot reviewed 30 out of 32 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| action.yml files | Updated runtime specification from node20 to node24 for all actions |
| package.json | Updated version to 4.30.6 and @types/node to v24.5.2 |
| lib/*.js files | Generated JavaScript files updated with new version and Node.js target |
| test files | Updated test fixtures to use v4 action references instead of v3 |
| build.mjs | Updated esbuild target from node20 to node24 |
| workflow files | Updated CI to test on both Node.js 20 and 24 versions |
| documentation | Updated README and CONTRIBUTING to reflect v4 support and Node.js 24 requirement |
Files not reviewed (1)
- package-lock.json: Language not supported
There was a problem hiding this comment.
Looks great! I only have a very minor suggested change to the README.
Before merging this, we'll need to update the set of required checks — there's instructions on how to do that here: https://github.com/github/codeql-action/blob/main/CONTRIBUTING.md#keeping-the-pr-checks-up-to-date-admin-access-required
Co-authored-by: Henry Mercer <[email protected]>
|
Also, it looks like there are a couple of merge conflicts to solve. You'll probably need a re-approval after fixing them. |
|
Weirdly, I don't see those merge conflicts: mario-campos@G49XGKM6FH ~/codeql-action (mario-campos/node24)> git status
On branch mario-campos/node24
Your branch is up to date with 'origin/mario-campos/node24'.
nothing to commit, working tree clean |
|
@mario-campos Have you run |
# Conflicts: # lib/analyze-action-post.js # lib/analyze-action.js # lib/autobuild-action.js # lib/init-action-post.js # lib/init-action.js # lib/resolve-environment-action.js # lib/start-proxy-action-post.js # lib/start-proxy-action.js # lib/upload-lib.js # lib/upload-sarif-action-post.js # lib/upload-sarif-action.js # package-lock.json # package.json
|
I think we're good to update the required checks (see these instructions) and kick off a release. Once the v4 release is merged, the release automation should open a backport from v4 to v3. That backport will bring in all the changes from v4, including the bump to |
Risk assessment
For internal use only. Please select the risk level of this change:
v4tag, once it's released;v3should continue to work as-is.Merge / deployment checklist