Skip to content

Merge releases/v4 into releases/v3 #3237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: Releases/v3
merged 90 commits into from
Oct 24, 2025
Merged

Merge releases/v4 into releases/v3 #3237

merged 90 commits into from
Oct 24, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Oct 24, 2025
edited by mbg
Loading

Merging 4e94bd1 into releases/v3.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
  • Wait for the "Rebuild" workflow to push a commit updating the distribution files.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

mbg and others added 30 commits October 14, 2025 19:49
@mbg
Use uploadSarif rather than uploadFiles in analyze action
2ade8a0
@mbg
Add and use parseUserConfig
66df0bc 
- Throws a `ConfigurationError` if parsing the YAML fails
- Add a couple of tests for it
@mbg
Add and validate UserConfig schema
ac922ab
@mbg
Add additional regex to CliConfigErrorCategory.PackCannotBeFound
4f14649
@mbg
Add checkExpectedLogMessages function to testing-utils
913cd47
@mbg
Log validation errors
0822fb1
@mbg
Include first 10 errors in exception message
d7a8ae5
@mbg
Add FF for config validation
2c8f489
@mbg
Make schema for QueryFilter less strict
9ce56a2
@github-actions
Update changelog and version after v4.30.9
b03dcd5
@github-actions
Rebuild
aa0f6ea
@henrymercer
Merge pull request #3215 from github/mergeback/v4.30.9-to-main-16140ae1
d88a554 
Mergeback v4.30.9 refs/heads/releases/v4 into main
@henrymercer
Handle HTTP errors with httpStatusCode property
c64c407
@henrymercer
Wrap API configuration errors when setting up CodeQL
a6b9514
@henrymercer
Add experimental functionality for labelling PRs by their size
8c324fe
@henrymercer
Update workflow name
519594f
@henrymercer
Update .github/sizeup.yml
08e53be 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@henrymercer
Add score for XL
f2f52d0
@henrymercer
Bump sizes a bit
c13672e
@henrymercer @mbg
Comment version that is pinned
e9daf5b 
Co-authored-by: Michael B. Gale <mbg@github.com>
@henrymercer
Merge pull request #3218 from github/henrymercer/pr-sizes
6562050 
Add experimental functionality for labelling PRs by their size
@dependabot
Bump the npm-minor group with 5 updates
a3ff966 
Bumps the npm-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [octokit](https://github.com/octokit/octokit.js) | `5.0.3` | `5.0.4` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.38.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.46.0` | `8.46.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.46.0` | `8.46.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.25.10` | `0.25.11` |


Updates `octokit` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](octokit/octokit.js@v5.0.3...v5.0.4)

Updates `@eslint/js` from 9.37.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.38.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/parser)

Updates `esbuild` from 0.25.10 to 0.25.11
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.25.10...v0.25.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@eslint/js"
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: esbuild
  dependency-version: 0.25.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
2357c43
@dependabot
Bump actions/setup-node from 5 to 6 in /.github/workflows
53588c5 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
06f31ec
@mbg
Merge pull request #3220 from github/dependabot/github_actions/dot-gi…
bee06ec 
…thub/workflows/actions/setup-node-6

Bump actions/setup-node from 5 to 6 in /.github/workflows
@mbg
Merge pull request #3219 from github/dependabot/npm_and_yarn/npm-mino…
ffed63a 
…r-5ed6ededba

Bump the npm-minor group with 5 updates
@mbg
Merge pull request #3203 from github/mbg/errors/more-user-errors
9b0ac1c 
Handle user errors for invalid `UserConfig`s and missing query files
@henrymercer
Require message field too
40e2646
@henrymercer
Simplify API error checks
e6e649a
mbg and others added 13 commits October 24, 2025 14:59
@mbg
Merge pull request #3222 from github/mbg/upload-lib/post-process
d75645b 
Perform SARIF post-processing independently of upload
@mbg
Add getOptionalEnvVar function
ad35676 
Also add tests for it and `getRequiredEnvParam`
@henrymercer
Merge pull request #3223 from github/henrymercer/bump-minimum
e576807 
Bump minimum CodeQL Bundle version to 2.17.6
@mbg
Use getOptionalEnvVar in writePostProcessedFiles
1ecd563
@mbg
Merge pull request #3233 from github/mbg/getOptionalEnvVar
b843cbe 
Add `getOptionalEnvVar` helper
@mbg
Add changelog entry for post-processing change
08ada26
@mbg
Merge pull request #3234 from github/mbg/changelog/post-processing
1d36546 
Add changelog entry for post-processing change
@github-actions
Update changelog for v4.31.0
8f11182
@mbg
Merge pull request #3235 from github/update-v4.31.0-1d36546c1
4e94bd1 
Merge main into releases/v4
@github-actions
Revert "Update version and changelog for v3.30.9"
d3019ef 
This reverts commit ba42101.
@github-actions
Revert "Rebuild"
12c6008 
This reverts commit 5f3f316.
@github-actions
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31…
28fc48d 
….0-4e94bd11f
@github-actions
Update version and changelog for v3.31.0
7dd1575
@github-actions github-actions bot added the Rebuild Re-transpile JS & re-generate workflows label Oct 24, 2025
@github-actions github-actions bot added the size/XXL May be extremely hard to review label Oct 24, 2025
@mbg mbg added Rebuild Re-transpile JS & re-generate workflows and removed Rebuild Re-transpile JS & re-generate workflows size/XXL May be extremely hard to review labels Oct 24, 2025
@github-actions github-actions bot added size/XXL May be extremely hard to review and removed Rebuild Re-transpile JS & re-generate workflows labels Oct 24, 2025
@github-actions
Copy link
Contributor Author

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.

@mbg mbg marked this pull request as ready for review October 24, 2025 18:12
@mbg mbg requested a review from a team as a code owner October 24, 2025 18:12
Copilot AI review requested due to automatic review settings October 24, 2025 18:12
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This is a release-PR merging changes from releases/v4 into releases/v3. The primary purpose is to backport changes from version 4 to version 3, including bumping the minimum CodeQL version to 2.17.6 and modifying the SARIF file post-processing behavior to always occur regardless of upload settings.

Key changes:

  • Minimum CodeQL bundle version increased from 2.16.6 to 2.17.6
  • SARIF post-processing now always occurs, not just when uploading
  • New post-processed-sarif-path input added to the analyze action to optionally save post-processed SARIF files

Reviewed Changes

Copilot reviewed 63 out of 66 changed files in this pull request and generated no comments.

Show a summary per file
File Description
CHANGELOG.md Documents the new 3.31.0 release with key changes
package.json Version bump to 3.31.0 and dependency updates
src/codeql.ts Updates minimum CodeQL version constant and error handling improvements
src/upload-lib.ts Refactors upload logic to separate post-processing from uploading
src/upload-sarif.ts Renames function and adds support for conditional uploading
src/util.ts Adds new utility functions for environment variables and HTTP error handling
analyze/action.yml Adds new post-processed-sarif-path input parameter
lib/*.js Generated JavaScript files from TypeScript sources

@mbg mbg merged commit d198d2f into releases/v3 Oct 24, 2025
238 checks passed
@mbg mbg deleted the backport-v3.31.0-4e94bd11f branch October 24, 2025 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

size/XXL May be extremely hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @henrymercer @kaspersv