Skip to content

ci(codeql): bump codeql-action v3 → v4#864

Merged
jrusso1020 merged 1 commit into
mainfrom
05-15-ci_codeql_bump_codeql-action_v3_v4_to_address_deprecation
May 15, 2026
Merged

ci(codeql): bump codeql-action v3 → v4#864
jrusso1020 merged 1 commit into
mainfrom
05-15-ci_codeql_bump_codeql-action_v3_v4_to_address_deprecation

Conversation

@jrusso1020
Copy link
Copy Markdown
Collaborator

@jrusso1020 jrusso1020 commented May 15, 2026

What

Bump pinned SHA for github/codeql-action/{init,analyze} from v3 → v4 in .github/workflows/codeql.yml.

Both init and analyze now point at 9e0d7b8d25671d64c341c19c0152d693099fb5ba (v4 tag tip, resolved via gh api repos/github/codeql-action/git/refs/tags/v4).

Why

GitHub's deprecation notice landed in the live CodeQL run logs:

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4.

github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3

v4's other big change is Node.js 24 (v3 still runs on Node 20, which has its own deprecation timer starting June 2026). Bumping now clears both.

Test plan

  • Pinned SHA resolved from the canonical github/codeql-action v4 annotated tag at the time of this commit.
  • Next push/PR run of .github/workflows/codeql.yml succeeds and no longer emits the v3 deprecation warning.

🤖 Generated with Claude Code

@jrusso1020 jrusso1020 merged commit 4bc2406 into main May 15, 2026
29 checks passed
@jrusso1020 jrusso1020 deleted the 05-15-ci_codeql_bump_codeql-action_v3_v4_to_address_deprecation branch May 15, 2026 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miguel-heygen miguel-heygen miguel-heygen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jrusso1020 @miguel-heygen