Skip to content

Merge releases/v4 into releases/v3 #3869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 93 commits into from
May 1, 2026
Merged

Merge releases/v4 into releases/v3 #3869

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
bad0a74
Store all built-in languages
henrymercer Apr 10, 2026
e6c21da
Refactoring: Rename `KnownLanguage` to `BuiltInLanguage`
henrymercer Apr 10, 2026
97bcdd8
Move script to `pr-checks` directory
henrymercer Apr 13, 2026
8cf2dc5
Fix casing mismatch
henrymercer Apr 13, 2026
130ab2d
Improve JSDoc
henrymercer Apr 13, 2026
7c9e131
Add constant for builtin languages file path
henrymercer Apr 13, 2026
cb52ba6
Refactoring: Split up script
henrymercer Apr 13, 2026
1aef4ed
Exclude new TypeScript code from package tests
henrymercer Apr 13, 2026
90d7616
Merge branch 'main' into henrymercer/record-all-builtin-languages
henrymercer Apr 13, 2026
f8b6213
Include experimental languages
henrymercer Apr 14, 2026
8d9c36a
Update changelog and version after v4.35.2
github-actions[bot] Apr 15, 2026
ca7d6d3
Rebuild
github-actions[bot] Apr 15, 2026
f820c80
Merge pull request #3825 from github/mergeback/v4.35.2-to-main-95e58e9a
henrymercer Apr 15, 2026
6847a42
Bump follow-redirects from 1.15.11 to 1.16.0
dependabot[bot] Apr 15, 2026
9df9e91
Rebuild
github-actions[bot] Apr 15, 2026
e2d518d
Merge pull request #3827 from github/dependabot/npm_and_yarn/follow-r…
henrymercer Apr 15, 2026
9f95de4
Add workflow to rerun potentially transient failures
henrymercer Apr 15, 2026
3b3a775
Rename job
henrymercer Apr 15, 2026
79f9c05
Merge remote-tracking branch 'origin/main' into henrymercer/record-al…
henrymercer Apr 15, 2026
6777c89
Merge pull request #3811 from github/henrymercer/record-all-builtin-l…
henrymercer Apr 15, 2026
d64d81d
Bump the npm-minor group across 1 directory with 2 updates
dependabot[bot] Apr 15, 2026
5019ed0
Bump eslint-import-resolver-typescript from 3.8.7 to 4.4.4
dependabot[bot] Apr 15, 2026
0ac8596
Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-f46f1f14d7
henrymercer Apr 16, 2026
0b7b740
Merge pull request #3831 from github/dependabot/npm_and_yarn/npm-mino…
henrymercer Apr 16, 2026
1dcdb94
Merge pull request #3830 from github/henrymercer/deflake
henrymercer Apr 21, 2026
f6a5638
Escape "+"s in `on.workflow_run.workflows`
henrymercer Apr 22, 2026
4cbe7be
Merge pull request #3839 from github/henrymercer/workflow-run-triggers
henrymercer Apr 22, 2026
c2574ef
Bump the npm-minor group across 1 directory with 3 updates
dependabot[bot] Apr 22, 2026
4fb8483
Merge pull request #3835 from github/dependabot/npm_and_yarn/eslint-i…
henrymercer Apr 22, 2026
860353f
Merge pull request #3840 from github/dependabot/npm_and_yarn/npm-mino…
henrymercer Apr 22, 2026
f0e6490
Bump uuid from 13.0.0 to 14.0.0
dependabot[bot] Apr 22, 2026
365478c
Bump fast-xml-parser from 5.5.7 to 5.7.1
dependabot[bot] Apr 22, 2026
c486cac
Rebuild
github-actions[bot] Apr 22, 2026
6c35f86
Rebuild
github-actions[bot] Apr 22, 2026
59aede2
Merge pull request #3847 from github/dependabot/npm_and_yarn/uuid-14.0.0
henrymercer Apr 22, 2026
c60c755
Merge pull request #3848 from github/dependabot/npm_and_yarn/fast-xml…
henrymercer Apr 22, 2026
858a614
Simplify `writeDiffRangeDataExtensionPack` interface
henrymercer Apr 23, 2026
19b3a84
Merge pull request #3849 from github/henrymercer/simplify-diff-range-…
henrymercer Apr 23, 2026
243c274
Add simple JSON schema / validation helpers
mbg Apr 25, 2026
0752451
Use schema/validation for existing OIDC config types
mbg Apr 25, 2026
c8e26e2
Move `getAuthConfig` out of `start-proxy.ts`
mbg Apr 25, 2026
bc4097b
Simplify credential cloning in `getAuthConfig`
mbg Apr 25, 2026
d2a54a4
Add schemas for basic credential types
mbg Apr 25, 2026
2acf819
Add tests for `getAuthConfig`
mbg Apr 25, 2026
530fcb3
Group OIDC schemas into an array
mbg Apr 25, 2026
70b2658
Validate Cloudsmith OIDC configurations
mbg Apr 25, 2026
4d2c7c6
Validate GCP OIDC configurations
mbg Apr 25, 2026
efdcb31
Accept `replaces-base` option
mbg Apr 25, 2026
0ed734b
Ignore test files
mbg Apr 25, 2026
6153577
Switch from `HEAD` to `GET` requests
mbg Apr 28, 2026
cdb655d
Add random suffix when writing diagnostics to avoid filename collisions
henrymercer Apr 28, 2026
e73c940
Defensively sanitize timestamp
henrymercer Apr 28, 2026
c109008
Add changelog note
henrymercer Apr 28, 2026
245f682
Use a counter instead of Math.random for diagnostic filename suffix
henrymercer Apr 28, 2026
7c5585e
Merge pull request #3852 from github/henrymercer/avoid-diagnostic-col…
henrymercer Apr 28, 2026
30e0f43
Use `/v3/index.json` for NuGet feed check
mbg Apr 28, 2026
7a818e6
Log disclaimer about connection tests, with link to docs
mbg Apr 28, 2026
de303a9
Update supported GitHub Enterprise Server versions
github-actions[bot] Apr 17, 2026
97be3af
Deprecate CodeQL versions 2.19.3 and earlier
henrymercer Apr 28, 2026
0a63608
Add GHES 3.21 to supported versions table
henrymercer Apr 28, 2026
56733fb
Add log group for downloading overlay-base DB
henrymercer Apr 28, 2026
4fe9b1e
Merge pull request #3856 from github/henrymercer/overlay-add-log-group
henrymercer Apr 29, 2026
7108503
Bump @ava/typescript from 6.0.0 to 7.0.0
dependabot[bot] Apr 29, 2026
5145c11
Bump ruby/setup-ruby
dependabot[bot] Apr 29, 2026
f073360
Rebuild
github-actions[bot] Apr 29, 2026
1517969
Merge pull request #3837 from github/update-supported-enterprise-serv…
henrymercer Apr 30, 2026
bac7fda
Fix linter error
mbg Apr 30, 2026
35715ef
Improve typing of `cloneCredential`
mbg Apr 30, 2026
91fbc51
Improve `validateSchema` comment
mbg Apr 30, 2026
7a6ed56
Modify `FromSchema` so that optional properties are actually optional
mbg Apr 30, 2026
549683c
Make it clearer what the expectations for `isUsernamePassword` are
mbg Apr 30, 2026
1fed3e9
Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-7.0.0
henrymercer Apr 30, 2026
fcf29e3
Merge pull request #3862 from github/dependabot/github_actions/dot-gi…
henrymercer Apr 30, 2026
b779832
Fix `permutations` comment
mbg Apr 30, 2026
facd53f
Merge pull request #3859 from github/dependabot/npm_and_yarn/ava/type…
henrymercer Apr 30, 2026
d1edf2e
Improve `replaces-base` validation and add tests
mbg Apr 30, 2026
0a4d574
Add changelog entry
mbg Apr 30, 2026
022ff3c
Merge remote-tracking branch 'origin/main' into mbg/private-registry/…
mbg Apr 30, 2026
a6109b1
Merge pull request #3853 from github/mbg/start-proxy/improved-checks
mbg Apr 30, 2026
262a15f
Add generic non-printable chars test for OIDC configs
mbg Apr 30, 2026
7851e55
Merge pull request #3850 from github/mbg/private-registry/cloudsmith-gcp
mbg Apr 30, 2026
2bb2095
Update default bundle to codeql-bundle-v2.25.3
github-actions[bot] Apr 30, 2026
7190983
Add changelog note
github-actions[bot] Apr 30, 2026
8c6e48d
Merge pull request #3865 from github/update-bundle/codeql-bundle-v2.25.3
henrymercer Apr 30, 2026
ec298da
Update changelog for v4.35.3
github-actions[bot] May 1, 2026
24e0bb0
Reorder changelog entries
mbg May 1, 2026
b73d1d1
Add changelog entry for #3853
mbg May 1, 2026
e46ed2c
Merge pull request #3867 from github/update-v4.35.3-8c6e48dbe
mbg May 1, 2026
50052a2
Revert "Update version and changelog for v3.35.2"
github-actions[bot] May 1, 2026
e511c7b
Revert "Rebuild"
github-actions[bot] May 1, 2026
8280251
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.35…
github-actions[bot] May 1, 2026
3530cdd
Update version and changelog for v3.35.3
github-actions[bot] May 1, 2026
30f0c9d
Rebuild
github-actions[bot] May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/codeql/codeql-config-javascript.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: "CodeQL config"
queries:
queries:
- name: Run custom queries
uses: ./queries
# Run all extra query suites, both because we want to
Expand All @@ -13,3 +13,5 @@ queries:
paths-ignore:
- lib
- tests
- "**/*.test.ts"
- "**/testing-util.ts"
2 changes: 1 addition & 1 deletion .github/workflows/__rubocop-multi-language.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

106 changes: 106 additions & 0 deletions .github/workflows/deflake.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# Workflow runs on main, on a release branch, and that were triggered as part of a merge group have
# already passed CI before being merged. Therefore if they fail, we should make sure that there
# wasn't a transient failure by rerunning the failed jobs once before investigating further.
name: Deflake

on:
workflow_run:
types: [completed]
# Exclude workflows that have significant side effects, like publishing releases. It's OK to
# retry CodeQL analysis.
workflows:
- Check Expected Release Files
- Code-Scanning config CLI tests
- CodeQL action
- Manual Check - go
- "PR Check - All-platform bundle"
- "PR Check - Analysis kinds"
- "PR Check - Analyze: 'ref' and 'sha' from inputs"
- "PR Check - autobuild-action"
- "PR Check - Autobuild direct tracing (custom working directory)"
- "PR Check - Autobuild working directory"
- "PR Check - Build mode autobuild"
- "PR Check - Build mode manual"
- "PR Check - Build mode none"
- "PR Check - Build mode rollback"
- "PR Check - Bundle: Caching checks"
- "PR Check - Bundle: From nightly"
- "PR Check - Bundle: From toolcache"
- "PR Check - Bundle: Zstandard checks"
- "PR Check - C/C\\+\\+: autoinstalling dependencies (Linux)"
- "PR Check - C/C\\+\\+: autoinstalling dependencies is skipped (macOS)"
- "PR Check - C/C\\+\\+: disabling autoinstalling dependencies (Linux)"
- "PR Check - Clean up database cluster directory"
- "PR Check - CodeQL Bundle All"
- "PR Check - Config export"
- "PR Check - Config input"
- "PR Check - Custom source root"
- "PR Check - Debug artifact upload"
- "PR Check - Debug artifacts after failure"
- "PR Check - Diagnostic export"
- "PR Check - Export file baseline information"
- "PR Check - Extractor ram and threads options test"
- "PR Check - Go: Custom queries"
- "PR Check - Go: diagnostic when Go is changed after init step"
- "PR Check - Go: diagnostic when `file` is not installed"
- "PR Check - Go: tracing with autobuilder step"
- "PR Check - Go: tracing with custom build steps"
- "PR Check - Go: tracing with legacy workflow"
- "PR Check - Go: workaround for indirect tracing"
- "PR Check - Job run UUID added to SARIF"
- "PR Check - Language aliases"
- "PR Check - Local CodeQL bundle"
- "PR Check - Multi-language repository"
- "PR Check - Overlay database init fallback"
- "PR Check - Packaging: Action input"
- "PR Check - Packaging: Config and input"
- "PR Check - Packaging: Config and input passed to the CLI"
- "PR Check - Packaging: Config file"
- "PR Check - Packaging: Download using registries"
- "PR Check - Proxy test"
- "PR Check - Remote config file"
- "PR Check - Resolve environment"
- "PR Check - RuboCop multi-language"
- "PR Check - Ruby analysis"
- "PR Check - Rust analysis"
- "PR Check - Split workflow"
- "PR Check - Start proxy"
- "PR Check - Submit SARIF after failure"
- "PR Check - Swift analysis using a custom build command"
- "PR Check - Swift analysis using autobuild"
- "PR Check - Test different uses of `upload-sarif`"
- "PR Check - Test unsetting environment variables"
- "PR Check - Upload-sarif: ref and sha from inputs"
- "PR Check - Use a custom `checkout_path`"
- PR Checks
- Query filters tests
- Test that the workaround for python 3.12 on windows works

jobs:
rerun-on-failure:
name: Rerun failed jobs
if: >-
github.event.workflow_run.conclusion == 'failure' &&
github.event.workflow_run.run_attempt == 1 &&
(
github.event.workflow_run.head_branch == 'main' ||
startsWith(github.event.workflow_run.head_branch, 'releases/') ||
github.event.workflow_run.event == 'merge_group'
)
runs-on: ubuntu-slim
permissions:
actions: write
steps:
- name: Rerun failed jobs in ${{ github.event.workflow_run.name }}
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.repository }}
RUN_ID: ${{ github.event.workflow_run.id }}
RUN_NAME: ${{ github.event.workflow_run.name }}
RUN_URL: ${{ github.event.workflow_run.html_url }}
run: |
echo "Rerunning failed jobs for workflow run ${RUN_ID}"
gh run rerun "${RUN_ID}" --failed
echo "### Reran failed jobs :recycle:" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "Workflow: [${RUN_NAME}](${RUN_URL})" >> "$GITHUB_STEP_SUMMARY"
7 changes: 2 additions & 5 deletions .github/workflows/update-bundle.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,10 @@ jobs:
with:
tools: https://github.com/github/codeql-action/releases/download/${{ github.event.release.tag_name }}/codeql-bundle-linux64.tar.gz

- name: Update language aliases
- name: Update built-in languages
run: npx tsx pr-checks/update-builtin-languages.ts "$CODEQL_PATH"
env:
CODEQL_PATH: ${{ steps.setup-codeql.outputs.codeql-path }}
run: |
"$CODEQL_PATH" resolve languages --format=betterjson --extractor-include-aliases \
| jq -S '.aliases // {}' \
> src/known-language-aliases.json

- name: Bump Action minor version if new CodeQL minor version series
id: bump-action-version
Expand Down
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 3.35.3 - 01 May 2026

- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837)
- Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://github.com/github/codeql-action/pull/3850)
- Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://github.com/github/codeql-action/pull/3853)
- Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://github.com/github/codeql-action/pull/3852)
- Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://github.com/github/codeql-action/pull/3865)

## 3.35.2 - 15 Apr 2026

- The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://github.com/github/codeql-action/pull/3795)
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n

| Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
|-----------------------|-------------------------------|--------------------|-------|
| `v4.33.0` | `2.24.3` | Enterprise Server 3.21 | |
| `v4.31.10` | `2.23.9` | Enterprise Server 3.20 | |
| `v3.29.11` | `2.22.4` | Enterprise Server 3.19 | |
| `v3.28.21` | `2.21.3` | Enterprise Server 3.18 | |
Expand Down
Loading
Loading