Skip to content

Merge main into releases/v4 #3252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 55 commits into from
Oct 30, 2025
Merged

Merge main into releases/v4 #3252

merged 55 commits into from
Oct 30, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Oct 30, 2025
edited by mbg
Loading

Merging 777daa0 into releases/v4.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

cklin and others added 30 commits October 24, 2025 10:47
@cklin @kaspersv
Add overlay-base database cache key tests
c4b7372
@kaspersv
Ensure uniqueness of overlay-base database cache keys
b4ce335
@kaspersv
Reorder components of overlay-base cache key postfix
cbcae45
@kaspersv
Improve error handling for overlay-base cache key creation
66759e5
@github-actions
Update changelog and version after v4.31.0
fa46f22
@github-actions
Rebuild
dd565f3
@mbg
Merge pull request #3236 from github/mergeback/v4.31.0-to-main-4e94bd11
ae78991 
Mergeback v4.31.0 refs/heads/releases/v4 into main
@kaspersv
Merge pull request #3232 from github/kaspersv/unique-overlay-base-keys
4e0b2cd 
Ensure uniqueness of overlay-base database cache keys
@kaspersv
Move diff-range computation into utils for reuse
91ec0ed
@kaspersv
Move diff-range computation tests
cc17bed
@mbg
Remove add-snippets input
db47d17
@kaspersv
Merge pull request #3238 from github/kaspersv/extract-diff-range-comp…
8d77149 
…utation

Move diff-range computation into utils
@mbg
Add environment variable for skipping workflow validation
127851b
@mbg
Move workflow check to a function in init.ts and add tests
06fbd89
@mbg
Also skip workflow validation for dynamic workflows
5060176
@mbg
Move checkWorkflow to workflow.ts
55c0837
@mbg
Downgrade log message from warning to debug level
52cec41
@dependabot
Bump actions/upload-artifact from 4 to 5 in /.github/workflows
42f957b 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
714962e
@dependabot
Bump the npm-minor group with 4 updates
c9d47e2 
Bumps the npm-minor group with 4 updates: [@octokit/types](https://github.com/octokit/types.ts), [@types/archiver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/archiver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `@octokit/types` from 15.0.0 to 15.0.1
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](octokit/types.ts@v15.0.0...v15.0.1)

Updates `@types/archiver` from 6.0.3 to 6.0.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/archiver)

Updates `@typescript-eslint/eslint-plugin` from 8.46.1 to 8.46.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.46.1 to 8.46.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@octokit/types"
  dependency-version: 15.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@types/archiver"
  dependency-version: 6.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.46.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
df9e49e
@dependabot
Bump @actions/artifact from 2.3.1 to 4.0.0
f9eed03 
Bumps [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) from 2.3.1 to 4.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/@actions/[email protected]/packages/artifact)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
723a946
@dependabot
Bump ruby/setup-ruby
b5bbb5a 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.265.0 to 1.267.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@ab177d4...d5126b9)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.267.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
fcc1377
@henrymercer
Check disk usage using Node.js API
239e305 
This was introduced in Node.js 18
@mbg
Merge pull request #3240 from github/mbg/allow-skip-workflow-validation
ad8ad98 
Support skipping workflow validation
@henrymercer
Build: Run npm install when package-lock.json out of date
20900ee
@henrymercer
Use Actions logger in API client
8b1e55d 
This allows us to remove the `console-log-level` dependency.
@henrymercer
Disable SIP disablement check
57c7b6a
henrymercer and others added 20 commits October 28, 2025 13:12
@henrymercer
Merge pull request #3243 from github/dependabot/npm_and_yarn/actions/…
a53e78e 
…artifact-4.0.0

Bump @actions/artifact from 2.3.1 to 4.0.0
@henrymercer
Merge pull request #3241 from github/dependabot/github_actions/dot-gi…
284bf9b 
…thub/workflows/actions/upload-artifact-5

Bump actions/upload-artifact from 4 to 5 in /.github/workflows
@henrymercer
Merge pull request #3242 from github/dependabot/npm_and_yarn/npm-mino…
311fc42 
…r-75b724c14c

Bump the npm-minor group with 4 updates
@henrymercer
Merge pull request #3244 from github/dependabot/github_actions/dot-gi…
1af9394 
…thub/workflows/actions-minor-b11285d543

Bump ruby/setup-ruby from 1.265.0 to 1.267.0 in /.github/workflows in the actions-minor group across 1 directory
@henrymercer
Apply suggestion
66459ea
@henrymercer
Merge branch 'main' into henrymercer/disk-usage-node-api
4256e2e
@henrymercer
Merge pull request #3247 from github/henrymercer/disk-usage-node-api
e1c8976 
Check disk usage using Node.js API
@henrymercer
Merge branch 'main' into henrymercer/prefer-fs-delete
ea5cb4a
@henrymercer
Merge pull request #3250 from github/henrymercer/prefer-fs-delete
8cc18ac 
Use Node `fs` APIs instead of `del`
@henrymercer
Pass minimal copy of core
3d988b2
@henrymercer
Merge branch 'main' into henrymercer/api-logging
d49e837
@henrymercer
Merge pull request #3249 from github/henrymercer/api-logging
ac9aeee 
Use Actions logger in API client
@mbg
Turn enablement errors into configuration errors
53acf0b
@mbg
Make error message tests less brittle
194ba0e
@mbg
Check for 403 status
52a7bd7
@mbg
Warn if the add-snippets input is used
4ae68af
@mbg
Merge pull request #3251 from github/mbg/user-error/enablement
34c50c1 
Turn enablement errors into configuration errors
@mbg @esbena
Update analyze/action.yml
74c8748 
Co-authored-by: Esben Sparre Andreasen <[email protected]>
@mbg
Merge pull request #3239 from github/mbg/remove/add-snippets
777daa0 
Remove `add-snippets` input
@github-actions
Update changelog for v4.31.1
237497c
@github-actions github-actions bot added the size/XXL May be extremely hard to review label Oct 30, 2025
@mbg mbg marked this pull request as ready for review October 30, 2025 09:49
@mbg mbg requested a review from a team as a code owner October 30, 2025 09:49
Copilot AI review requested due to automatic review settings October 30, 2025 09:49
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges changes from the main branch into the releases/v4 branch for version 4.31.1 of the CodeQL Action. The release focuses on removing deprecated functionality, upgrading dependencies, and improving code maintainability.

Key changes include:

  • Removal of the deprecated add-snippets input from the analyze action
  • Replacement of external dependencies (del, check-disk-space, console-log-level) with native Node.js implementations
  • Introduction of a new checkWorkflow function to encapsulate workflow validation logic
  • Updates to dependency versions in package.json and workflow files

Reviewed Changes

Copilot reviewed 41 out of 54 changed files in this pull request and generated no comments.

Show a summary per file
File Description
CHANGELOG.md Documents removal of add-snippets input in version 4.31.1
package.json Updates version to 4.31.1 and upgrades dependencies
analyze/action.yml Marks add-snippets input as removed
src/workflow.ts Introduces checkWorkflow wrapper function and makes validateWorkflow internal
src/workflow.test.ts Adds comprehensive tests for checkWorkflow function
src/util.ts Replaces del and check-disk-space with native fs.promises APIs
src/util.test.ts Removes tests for deleted getAddSnippetsFlag function and adds disk usage test
src/overlay-database-utils.ts Adds run ID and attempt ID to cache keys; exports previously internal functions
src/overlay-database-utils.test.ts Adds test to verify cache key stability
src/diff-informed-analysis-utils.ts Moves diff range calculation functions from analyze.ts
src/diff-informed-analysis-utils.test.ts Adds tests for diff range calculation
src/analyze.ts Removes diff range calculation logic (moved to diff-informed-analysis-utils.ts) and add-snippets parameter
src/analyze.test.ts Removes diff range tests (moved to diff-informed-analysis-utils.test.ts)
src/analyze-action.ts Adds warning for deprecated add-snippets input and removes its usage
src/codeql.ts Removes addSnippetsFlag parameter from databaseRunQueries
src/api-client.ts Replaces console-log-level with direct core function references and adds enablement error handling
src/logging.ts Returns explicit object instead of direct core reference
src/init-action.ts Uses new checkWorkflow function
Multiple workflow files Updates upload-artifact and setup-ruby action versions

@henrymercer henrymercer merged commit 5fe9434 into releases/v4 Oct 30, 2025
241 checks passed
@henrymercer henrymercer deleted the update-v4.31.1-777daa0c7 branch October 30, 2025 10:28
@github-actions github-actions bot mentioned this pull request Oct 30, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

size/XXL May be extremely hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mbg @arsenvardnayan-prog @henrymercer @cklin @kaspersv