chore(deps): bump github/codeql-action from 3 to 4

[dependabot]

Bumps github/codeql-action from 3 to 4.

Release notes

Sourced from github/codeql-action's releases.

v3.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #3168

See the full CHANGELOG.md for more information.

v3.30.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

v3.30.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

• Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

• Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
• Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

• Update default CodeQL bundle version to 2.22.0. #2925
• Bump minimum CodeQL bundle version to 2.16.6. #2912

3.28.21 - 28 July 2025

No user facing changes.

3.28.20 - 21 July 2025

• Remove support for combining SARIF files from a single upload for GHES 3.18, see the changelog post. #2959

3.28.19 - 03 Jun 2025

• The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview. The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable actions analysis.
• Update default CodeQL bundle version to 2.21.4. #2910

3.28.18 - 16 May 2025

• Update default CodeQL bundle version to 2.21.3. #2893
• Skip validating SARIF produced by CodeQL for improved performance. #2894
• The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

3.28.17 - 02 May 2025

• Update default CodeQL bundle version to 2.21.2. #2872

3.28.16 - 23 Apr 2025

... (truncated)

Commits

• a841c54 Scratch uploadSpecifiedFiles tests, make uploadPayload tests instead
• aeb12f6 Merge branch 'main' into redsun82/skip-sarif-upload-tests
• 6fd4ceb Merge pull request #3189 from github/henrymercer/download-codeql-rate-limit
• 196a3e5 Merge pull request #3188 from github/mbg/telemetry/partial-config
• 98abb87 Add configuration error for rate limited CodeQL download
• bdd2cdf Also include language in error status report for start-proxy, if available
• fb14878 Include languages in start-proxy telemetry
• 2ff418f Parse language before calling getCredentials
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Static analysis report

Lizard report

Listing only functions with cyclomatic complexity >= 15 or NLOC >= 100 or parameters >= 6.

Report about files you didn't modify in this PR

Filename	Start line:end line	Function name	Parameters	NLOC	CCN
src/arkreactor/VM/VM.cpp	493:2020	Ark::VM::safeRun	3	1277	258
src/arkreactor/Compiler/Macros/Processor.cpp	253:637	Ark::internal::MacroProcessor::evaluate	3	354	122
src/arkreactor/Compiler/BytecodeReader.cpp	297:708	Ark::BytecodeReader::display	4	362	110
src/arkreactor/Error/Diagnostics.cpp	43:187	Ark::Diagnostics::makeContext	4	105	43
src/arkreactor/Compiler/Lowerer/ASTLowerer.cpp	563:738	Ark::internal::ASTLowerer::handleCalls	4	133	43
src/arkscript/JsonCompiler.cpp	27:260	JsonCompiler::_compile	1	200	36
src/arkreactor/Compiler/NameResolution/NameResolutionPass.cpp	161:265	Ark::internal::NameResolutionPass::visitKeyword	3	83	33
src/arkreactor/Compiler/AST/Parser.cpp	807:898	Ark::internal::Parser::string	1	88	32
src/arkscript/main.cpp	23:323	main	2	255	29
src/arkreactor/Compiler/AST/Node.cpp	179:277	Ark::internal::Node::repr	0	84	28
src/arkreactor/Compiler/Lowerer/ASTLowerer.cpp	138:241	Ark::internal::ASTLowerer::compileExpression	4	85	27
src/arkreactor/Compiler/Macros/Processor.cpp	102:185	Ark::internal::MacroProcessor::processNode	3	61	27
src/arkreactor/Compiler/AST/Node.cpp	279:352	Ark::internal::Node::debugPrint	1	64	24
src/arkreactor/TypeChecker.cpp	110:194	Ark::types::generateError	5	72	24
src/arkreactor/Compiler/NameResolution/NameResolutionPass.cpp	55:159	Ark::internal::NameResolutionPass::visit	2	83	23
src/arkreactor/Compiler/AST/Parser.cpp	288:416	Ark::internal::Parser::import_	1	98	23
src/arkreactor/Compiler/Lowerer/ASTLowerer.cpp	270:329	Ark::internal::ASTLowerer::compileListInstruction	3	49	22
src/arkreactor/VM/VM.cpp	2139:2243	Ark::VM::backtrace	3	89	22
include/utf8.hpp	138:184	utf8::isValid	1	44	21
src/arkreactor/Compiler/AST/Optimizer.cpp	33:83	Ark::internal::Optimizer::countAndPruneDeadCode	1	42	20
src/arkscript/REPL/Utils.cpp	52:184	Ark::internal::getColorPerKeyword	0	110	19
src/arkreactor/Compiler/NameResolution/StaticScope.cpp	68:109	Ark::internal::NamespaceScope::get	3	32	19
src/arkreactor/VM/Value.cpp	77:140	Ark::Value::toString	1	50	19
src/arkreactor/TypeChecker.cpp	28:108	Ark::types::displayContract	4	70	19
src/arkscript/Formatter.cpp	482:528	Formatter::formatCall	2	42	18
src/arkreactor/Compiler/Macros/Executors/Function.cpp	16:91	Ark::internal::FunctionExecutor::applyMacro	2	55	17
include/Ark/Compiler/AST/Predicates.hpp	132:156	Ark::internal::IsSymbol::operator ( )	1	24	16
src/arkscript/Formatter.cpp	173:229	Formatter::format	3	53	16
src/arkreactor/Compiler/Macros/Processor.cpp	719:758	Ark::internal::MacroProcessor::isConstEval	1	35	16
src/arkscript/Formatter.cpp	279:320	Formatter::formatFunction	2	35	15
src/arkreactor/Compiler/Lowerer/ASTLowerer.cpp	78:94	Ark::internal::ASTLowerer::nodeProducesOutput	1	13	15
src/arkreactor/Compiler/Macros/Executors/Function.cpp	101:158	Ark::internal::FunctionExecutor::unify	5	50	15
src/arkreactor/Compiler/IntermediateRepresentation/IROptimizer.cpp	12:206	Ark::internal::IROptimizer::IROptimizer	1	170	4
src/arkreactor/Error/Diagnostics.cpp	189:202	Ark::Diagnostics::helper	6	13	2

---

CppCheck report

Report files about files you didn't modify in this PR

Filename	Line	Type	Description
include/Ark/VM/VM.inl	253	style	Variable 'maybe_value_ptr' can be declared as pointer to const
src/arkreactor/Compiler/BytecodeReader.cpp	473	style	struct member 'Arg::kind' is never used.
src/arkreactor/Compiler/NameResolution/ScopeResolver.cpp	134	style	Consider using std::find_if algorithm instead of a raw loop.
include/Ark/VM/Future.hpp	50	style	Unused private function: 'Future::deleteSelfViaVM'
src/arkreactor/VM/Future.cpp	23	performance	Variable 'm_value' is assigned in constructor body. Consider performing initialization in initialization list.
src/arkreactor/VM/State.cpp	190	style	Consider using std::any_of, std::all_of, std::none_of algorithm instead of a raw loop.
src/arkreactor/VM/VM.cpp	494	information	Limiting ValueFlow analysis in function 'safeRun' since it is too complex. Please specify --check-level=exhaustive to perform full analysis.
src/arkreactor/VM/VM.cpp	372	error	Iterators of different containers 'm_execution_contexts.emplace_back(std::make_unique())' and 'm_execution_contexts.front()' are used together.

[github-actions]

Fuzzing report

/usr/local/bin/afl-whatsup status check tool for afl-fuzz by Michal Zalewski

Summary stats

    Fuzzers alive : 0
   Dead or remote : 1 (included in stats)
   Total run time : 5 minutes, 0 seconds
      Total execs : 41 thousands
 Cumulative speed : 137 execs/sec
    Pending items : 148 faves, 1236 total
 Coverage reached : 12.06%
    Crashes saved : 0
      Hangs saved : 0

Cycles without finds : 0
Time without finds : 0

[+] Captured 42011 tuples (map size 220896, highest value 255, total values 409996142) in '/dev/null'.
[+] A coverage of 42011 edges were achieved out of 220928 existing (19.02%) with 1245 input files.

[coveralls]

coverage: 90.631%. remained the same
when pulling eb83ea6 on dependabot/github_actions/github/codeql-action-4
into 69f30ce on dev.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.