Skip to content

Merge releases/v4 into releases/v3 #3201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 85 commits into from
Oct 10, 2025
Merged

Merge releases/v4 into releases/v3 #3201

merged 85 commits into from
Oct 10, 2025
+2,511 −917

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 10, 2025
edited by mbg
Loading

Merging 2a6736c into releases/v3.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
  • Wait for the "Rebuild" workflow to push a commit updating the distribution files.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

mbg and others added 30 commits October 3, 2025 14:40
@mbg
Add getLatestToolcacheVersion with tests
297313d
@mbg
Support requesting CLI from toolcache with tools: toolcache
425ef85
@mbg
Accept toolcache as version value for prepare-test
7d468c9
@mbg
Add basic PR check for tools: toolcache
13a3a68
@mbg
Add more questions to the PR template
dd9e24a
@mbg
Remove toolcache option description from action.yml
4d0c164
@mbg
Add isDynamicWorkflow function
43ce7ef
@mbg
Use semver.compare instead of semver.lt
1cc5eb6
@mbg
Restrict when tools: toolcache can be used
726a341
@redsun82
Introduce CODEQL_ACTION_SKIP_SARIF_UPLOAD
e0b9da7 
This triggers a subset of the behavior of `CODEQL_ACTION_TEST_MODE`,
specifically just skipping the SARIF upload step. This is required for
our internal testing where we want the SARIF file (via
`CODEQL_ACTION_DUMP_SARIF_DIR`) but don't want to actually upload it,
but we don't want the rest of the behaviour of `CODEQL_ACTION_TEST_MODE`
that is specific for `codeql-action` own CI checks.
@mbg
Rename upload-quality-sarif.yml workflow
9b3ade9
@mbg
Run upload-sarif check for all analysis-kinds values
6bdf5d3
@mbg
Cover more cases in upload-sarif check
6f964b7
@redsun82 @Copilot
Update src/util.ts
882667e 
Co-authored-by: Copilot <[email protected]>
@redsun82
Clarify comment about SKIP_SARIF_UPLOAD setting
11e4034
@mbg
Include analysis kind in payloadSaveFile path in uploadPayload
22aba57
@redsun82
Specify reason for skipping SARIF upload in logs
680b070
@mbg
Add explicit category values
380e002
@mbg
Fix: Update payload.json path in with-checkout-path test
14c5d77
@mbg
Adjust step names to be clearer
dabf6fc
@redsun82
Revert "Specify reason for skipping SARIF upload in logs"
25c8db9 
This reverts commit 680b070.
@redsun82
Tweak SARIF skipping logs
00a6e13
@dependabot
Bump the npm group with 4 updates
ff23a55 
Bumps the npm group with 4 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@eslint/js` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.44.1 to 8.45.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.44.1 to 8.45.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/parser)

Updates `typescript` from 5.9.2 to 5.9.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](microsoft/TypeScript@v5.9.2...v5.9.3)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
6877465
@henrymercer
Merge pull request #3182 from github/dependabot/npm_and_yarn/npm-b02b…
db562a6 
…6854f6

Bump the npm group with 4 updates
@henrymercer
Merge branch 'main' into mbg/pr-checks/upload-sarif
1491baa
@redsun82
Merge branch 'main' into redsun82/skip-sarif-upload
5dfb610
@redsun82
Remove unneeded comment
86b2ad6
@mbg
Merge pull request #3181 from github/mbg/pr-checks/upload-sarif
239d7b2 
Add more end-to-end tests for `upload-sarif`
@mbg
Merge branch 'main' into mbg/pr-template/tests
7f5db16
mbg and others added 12 commits October 10, 2025 15:09
@mbg
Merge pull request #3193 from github/mbg/ff/tools-toolcache
4e90a42 
Gate `tools: toolcache` behind FF
@henrymercer
Merge pull request #3197 from github/dependabot/github_actions/dot-gi…
f5e53f9 
…thub/workflows/github/codeql-action-4

Bump github/codeql-action from 3 to 4 in /.github/workflows
@henrymercer
Merge pull request #3196 from github/dependabot/github_actions/dot-gi…
f402506 
…thub/workflows/actions-minor-945aab589d

Bump ruby/setup-ruby from 1.263.0 to 1.265.0 in /.github/workflows in the actions-minor group across 1 directory
@henrymercer
Merge pull request #3195 from github/dependabot/npm_and_yarn/npm-mino…
527f0f3 
…r-37415c9066

Bump the npm-minor group with 3 updates
@github-actions
Update changelog for v4.30.8
7a2cb62
@mbg
Merge pull request #3198 from github/update-v4.30.8-527f0f324
f443b60 
Merge main into releases/v4
@henrymercer
Revert "Rebuild" commit rather than "Update dependencies"
c8765c9
@henrymercer
Merge pull request #3200 from github/henrymercer/backport-hotfix
2a6736c 
Revert "Rebuild" commit rather than "Update dependencies"
@github-actions
Revert "Update version and changelog for v3.30.7"
bd1ac56 
This reverts commit b264e15.
@github-actions
Revert "Rebuild"
319796f 
This reverts commit c551c50.
@github-actions
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.30…
ab163cf 
….8-2a6736cca
@github-actions
Update version and changelog for v3.30.8
a37add2
@github-actions github-actions bot added the Rebuild Re-transpile JS & re-generate workflows label Oct 10, 2025
@henrymercer henrymercer added Rebuild Re-transpile JS & re-generate workflows and removed Rebuild Re-transpile JS & re-generate workflows labels Oct 10, 2025
@github-actions github-actions bot removed the Rebuild Re-transpile JS & re-generate workflows label Oct 10, 2025
@github-actions GitHub Actions
Copy link
Contributor Author

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.

@henrymercer henrymercer marked this pull request as ready for review October 10, 2025 16:56
@henrymercer henrymercer requested a review from a team as a code owner October 10, 2025 16:56
@Copilot Copilot AI review requested due to automatic review settings October 10, 2025 16:56
@henrymercer henrymercer assigned henrymercer and mbg and unassigned henrymercer Oct 10, 2025
Copilot
Copilot AI reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges changes from the releases/v4 branch into releases/v3 to prepare version 3.30.8. The primary purpose is to backport improvements and fixes from v4 while maintaining compatibility with the v3 release line.

Key changes include:

  • Added support for tools: toolcache input to use the latest CodeQL CLI from the toolcache in dynamic workflows
  • Improved SARIF upload handling with more granular environment variable controls
  • Enhanced error handling for rate-limited requests during CLI downloads
  • Updated test infrastructure and dependency versions

Reviewed Changes

Copilot reviewed 47 out of 48 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/util.ts Added shouldSkipSarifUpload() function for better SARIF upload control
src/upload-sarif-action.ts Updated to use new SARIF upload control function
src/upload-lib.ts Enhanced payload upload function with better error handling and analysis-specific naming
src/setup-codeql.ts Added toolcache input support and latest version detection functionality
src/start-proxy-action.ts Improved language parameter handling and status reporting
src/codeql.ts Enhanced error handling for RequestError with 429 status codes
package.json Updated to version 3.30.8 and various dependency updates
CHANGELOG.md Added entry for version 3.30.8

@mbg mbg merged commit 755f449 into releases/v3 Oct 10, 2025
235 checks passed
@mbg mbg deleted the backport-v3.30.8-2a6736cca branch October 10, 2025 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mbg @henrymercer @redsun82 @mario-campos @nickrolfe