)]}' { "log": [ { "commit": "2d14d2e76aa7de72404b17078eda15c20a6a0389", "tree": "abf28b5764a7187ea159f90342cffbf9ced665b2", "parents": [ "c6e04520cc3093a4e0cf7ba2817581e279eec3ed" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Fri Apr 03 02:27:35 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 02:27:35 2026" }, "message": "roll deps (#6620)\n\n- **Roll external/googletest/ 015950a93..246174399 (1 commit)**\n- **Roll external/abseil_cpp/ 0093ac6ca..d2910b037 (1 commit)**\n- **Roll external/spirv-headers/ 00898b201..39e5d40a3 (1 commit)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c6e04520cc3093a4e0cf7ba2817581e279eec3ed", "tree": "8470b385e43eb1cde173025b07616081458d9839", "parents": [ "d7ba8c9fc218830544008cb71e4618adb1c56e12" ], "author": { "name": "Arseniy Obolenskiy", "email": "gooddoog@student.su", "time": "Thu Apr 02 14:40:16 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 14:40:16 2026" }, "message": "spirv-val: Add vector support for OpConvertPtrToU/OpConvertUToPtr with SPV_INTEL_masked_gather_scatter extension (#6575)\n\nAdd missing support for vector operands in `OpConvertPtrToU` and\n`OpConvertUToPtr` when\n[SPV_INTEL_masked_gather_scatter](https://github.com/KhronosGroup/SPIRV-Registry/blob/278044a51fee280bfc91322cdb55b51357db5cb8/extensions/INTEL/SPV_INTEL_masked_gather_scatter.asciidoc)\nextension is enabled" }, { "commit": "d7ba8c9fc218830544008cb71e4618adb1c56e12", "tree": "109f116a5c536552c9abfc5d815ae2a6dc6c7579", "parents": [ "2c75d08e3b31a673726ce6be80ab528250247064" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 31 01:03:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 01:03:46 2026" }, "message": "spirv-val: Slightly improve 04965 error message (#6622)\n\nrelated to https://gitlab.khronos.org/vulkan/vulkan/-/issues/4766\n\nmainly wanted to just improve the error message and add the 2 VVL tests\nhere I had" }, { "commit": "2c75d08e3b31a673726ce6be80ab528250247064", "tree": "22014f183e4ad1fe34fc692b3b02c2faea563ac7", "parents": [ "669844c5e47f1d764a90f9117f6c9bba726a942d" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Sat Mar 28 03:44:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 28 03:44:51 2026" }, "message": "Roll external/abseil_cpp/ b7c61d35e..0093ac6ca (2 commits) (#6615)\n\nhttps://github.com/abseil/abseil-cpp/compare/b7c61d35e6c7...0093ac6cac89\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "669844c5e47f1d764a90f9117f6c9bba726a942d", "tree": "bbfddee3ca50b3705cdbe600c5fdbc1c20e82806", "parents": [ "4743e69a64255650ac902d87dc51022b6604c607" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sat Mar 28 00:32:34 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 28 00:32:34 2026" }, "message": "spirv-val: Check DebugLine Line/Column are valid (#5986)\n\nI had to raise issue in Glslang because it would generate\n`Line`/`Column` that didn\u0027t actually point to any valid spot in the\n`DebugSource`\u0027s text\n\nThis adds some validation where if there is a `DebugSource` with `Text`\nthen any `Line`/`Column` must be correct, otherwise every other consume\ntool (like Validation Layers) need to do this before trying to print out\nthe snippet in the source code" }, { "commit": "4743e69a64255650ac902d87dc51022b6604c607", "tree": "5a0120b6b0df98e3faa4d6c06fa48843daf94f5a", "parents": [ "7e4606da87931662d66c8e3ac425eec087d17053" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Mar 26 18:04:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 26 18:04:01 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 3 updates (#6610)\n\nBumps the github-actions group with 3 updates in the / directory:\n[actions/cache](https://github.com/actions/cache),\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.3 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not\ncontain permissions by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by\n\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca\nhref\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca\nhref\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made\ntheir first contribution in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made\ntheir first contribution in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e\nwith the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e\nsection.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by\nupdating the \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e\nfile with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed\nand merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e\nuse the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you\nmade in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca\nhref\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version\nnumber.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags\nfor this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar\npatterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb\nprotection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e\nfrom actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e\nUpdate RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e\nAdd licenses\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e\nUpdate dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e\nfrom RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e\nFix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b\"\u003e\u003ccode\u003eb7e8d49\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1701\"\u003e#1701\u003c/a\u003e\nfrom actions/Link-/fix-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1\"\u003e\u003ccode\u003e984a21b\u003c/code\u003e\u003c/a\u003e\nAdd traffic sanity check step\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba\"\u003e\u003ccode\u003eacf2f1f\u003c/code\u003e\u003c/a\u003e\nFix resolution\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531\"\u003e\u003ccode\u003e95a07c5\u003c/code\u003e\u003c/a\u003e\nAdd wait for proxy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/get-cmake` from 4.2.3 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.3.0\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.3.0\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/b78306120111dc2522750771cfd09ee7ca723687\"\u003e\u003ccode\u003eb783061\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/9004e4575548904aeed26fb81e6a4b85d8ffa048\"\u003e\u003ccode\u003e9004e45\u003c/code\u003e\u003c/a\u003e\nMigrate to Node 24\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/6e70939585f9e200ced798068227e505a7204ef8\"\u003e\u003ccode\u003e6e70939\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc3 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/9cd6c6b338a41017c69286cb3fe8db5c4513e74c\"\u003e\u003ccode\u003e9cd6c6b\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc2 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/7697ef75dc9ed6b3272f78db9f33ab1c0283bc5c\"\u003e\u003ccode\u003e7697ef7\u003c/code\u003e\u003c/a\u003e\nBump actions/upload-artifact from 6 to 7 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/54f69bf0821bdee1b09d61998039cf2c499cd4e1\"\u003e\u003ccode\u003e54f69bf\u003c/code\u003e\u003c/a\u003e\nBump actions/download-artifact from 7 to 8 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/b9a171adf54022d8446fc53ac8397858d387ad9d\"\u003e\u003ccode\u003eb9a171a\u003c/code\u003e\u003c/a\u003e\nBump actions/upload-artifact from 5 to 6 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/2b80711d6d74d65d9c96f1d4146f0704357b8e3e\"\u003e\u003ccode\u003e2b80711\u003c/code\u003e\u003c/a\u003e\nBump actions/download-artifact from 6 to 7 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/30c1a5f5bd8c0a8962200f9a3ff5e7e933432c79\"\u003e\u003ccode\u003e30c1a5f\u003c/code\u003e\u003c/a\u003e\nBump minimatch from 3.1.2 to 3.1.5 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/238\"\u003e#238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/4f9746d71696c9c93399c56d527dcd372434c814\"\u003e\u003ccode\u003e4f9746d\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc1 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/f176ccd3f28bda569c43aae4894f06b2435a3375...b78306120111dc2522750771cfd09ee7ca723687\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to\ndisable \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository\nproperty with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and\nthe type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in\nthe repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to\ndisable improved incremental analysis. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e. This\nfeature is not yet available on GitHub Enterprise Server. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e fails on a runner — potentially due to\ninsufficient disk space — the failure is recorded in the Actions cache\nso that subsequent runs will automatically skip improved incremental\nanalysis until something changes (e.g. a larger runner is provisioned or\na new CodeQL version is released). We expect to roll this change out to\neveryone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now\nskipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry\nconnection check failures to reduce noise from workflow annotations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space\nrequirement for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions\nrunners. We expect to roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the\n\u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from\nfeature flags instead of using the linked CLI bundle version. We expect\nto roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4,\n3.32.3 and 3.32.4 are now enabled by default. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are\ngenerated for the authentication proxy that is used by the CodeQL Action\nin Default Setup when \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e. This is expected to generate more\nwidely compatible certificates and should have no impact on analyses\nwhich are working correctly already. We expect to roll this change out\nto everyone in February. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith\ndebugging enabled in Default Setup\u003c/a\u003e and \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for\nregistries\u0026quot; step will output additional diagnostic information that\ncan be used for troubleshooting. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network\ndebugging for Java programs. This will help GitHub staff support\ncustomers with troubleshooting issues in GitHub-managed CodeQL\nworkflows, such as Default Setup. This setting can only be enabled by\nGitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as\nDefault Setup, to use a \u003ca\nhref\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly\nCodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is\nused by default. This will help GitHub staff support customers whose\nanalyses for a given repository or organization require early access to\na change in an upcoming CodeQL CLI release. This setting can only be\nenabled by GitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e. This feature is not currently enabled for any\nanalysis. In the future, it may be enabled by default for Default Setup.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b1bff81932f5cdfc8695c7752dcee935dcd061c8\"\u003e\u003ccode\u003eb1bff81\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3574\"\u003e#3574\u003c/a\u003e\nfrom github/update-v4.32.7-7dd76e6bf\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e682234222f60d9549e37004a04a8f097bbd5798\"\u003e\u003ccode\u003ee682234\u003c/code\u003e\u003c/a\u003e\nAdd changelog entry for \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3570\"\u003e#3570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/95be291f41a39216811b3ce1a63a8df71d40d405\"\u003e\u003ccode\u003e95be291\u003c/code\u003e\u003c/a\u003e\nBump minor version\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/59bcb6025e4788109a6bb8f7ac4ad9c6a8d6beeb\"\u003e\u003ccode\u003e59bcb60\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.7\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7dd76e6bf79d24133aa649887a6ee01d8b063816\"\u003e\u003ccode\u003e7dd76e6\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3572\"\u003e#3572\u003c/a\u003e\nfrom github/mbg/pr-checks/eslint\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e3200e331bf51e47d45a8a5645d2a125c8a8a643\"\u003e\u003ccode\u003ee3200e3\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3563\"\u003e#3563\u003c/a\u003e\nfrom github/mbg/private-registry/oidc\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/4c356c71a28eb968dbcf4fb717211e82f406874f\"\u003e\u003ccode\u003e4c356c7\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3570\"\u003e#3570\u003c/a\u003e\nfrom github/mbg/repo-props/warn-on-unexpected-props\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b4937c19e53d395cc647fe16c4e00788a4e7ded3\"\u003e\u003ccode\u003eb4937c1\u003c/code\u003e\u003c/a\u003e\nOnly emit one message with accumulated property names\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/136b8ab3777165e3ec7a19faa7ef9732ace305da\"\u003e\u003ccode\u003e136b8ab\u003c/code\u003e\u003c/a\u003e\nRemove \u003ccode\u003ecache-dependency-path\u003c/code\u003e options as well\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/a5aba5952cd5add76ec9f971654d61461a3ac2bd\"\u003e\u003ccode\u003ea5aba59\u003c/code\u003e\u003c/a\u003e\nRemove \u003ccode\u003epackage-lock.json\u003c/code\u003e that\u0027s no longer needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...b1bff81932f5cdfc8695c7752dcee935dcd061c8\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "7e4606da87931662d66c8e3ac425eec087d17053", "tree": "11c669b9077dfad98dbc435bad7574da83eae4a1", "parents": [ "556c7ca95c6a309278c6cee98129d573827a05b4" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Thu Mar 26 17:17:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 26 17:17:43 2026" }, "message": "Roll external/abseil_cpp/ 04f3bc01d..972e4ab4a (2 commits) (#6584)\n\nhttps://github.com/abseil/abseil-cpp/compare/04f3bc01d12c...972e4ab4a076\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "556c7ca95c6a309278c6cee98129d573827a05b4", "tree": "9316130adfb048792ae73176eea8b1574d048d1d", "parents": [ "42956b77fea93fb1e1824d20169f174419e9845d" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Tue Mar 24 21:57:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 21:57:43 2026" }, "message": "spirv-dis: Add --handle-unknown-opcodes flag (#6604)\n\nThis addresses a frequent issue we have when working with new\nextensions/instructions in SPIR-V. Often, the assembler/disassembler\nwill not understand the new opcodes, so running `spirv-dis` on such a\nmodule just errors out.\n\nIn #6024 Cassie added support for `OpUnknown` to the assembler, so if\n`spirv-dis` were to emit `OpUnknown` when it finds an instruction it\ndoesn\u0027t know, we would be able to get a textual representation that can\nbe re-assembled even when there are unknown instructions. The main use\nI\u0027m thinking of here is testing. When calling `spirv-dis\n--handle-unknown-opcodes`:\n\n- Unknown opcodes: the instruction words are consumed raw and the\ninstruction is passed to the callback.\n- Unknown extended instruction numbers in semantic sets: parsing\ncontinues by treating the remaining operands as\n`SPV_OPERAND_TYPE_VARIABLE_ID`.\n- Known opcodes with unknown enum operands (`StorageClass`,\n`Capability`, `FunctionControl`, `MemoryAccess`, etc.): re-emits the\ninstruction as raw data.\n\nIn all three cases the disassembler emits:\n\n```\n OpUnknown(\u003copcode\u003e, \u003cword_count\u003e) \u003cword[1]\u003e ... \u003cword[n]\u003e\n```\n\nAdded several tests to validate that it is possible to round-trip a\nSPIR-V module containing new instructions that the assembler still does\nnot understand.\n\nThere is one limitation that is possible to fix, but it is not a big\ndeal in the use case I\u0027m considering. When the disassembler emits\n`OpUnknown` operand words as bare decimal integers, the assembler does\nnot track those integers as ID definitions. If an unknown instruction\ndefines a result ID that is larger than every ID in the rest of the\nmodule, the reassembled module\u0027s ID bound will be too low.\n\nThis is not a concern for round-trips that do not involve validation.\nThe instruction words in the reassembled binary are byte-for-byte\nidentical to the original and only the module header ID bound field may\nbe wrong. Tools that do not validate the header are unaffected.\n\nOne way to fix this would be for the disassembler to emit all\n`OpUnknown` operands as ID references instead of bare decimal integers.\nThe issue is that words which are plain integer immediates (not IDs)\nwould also be treated as ID references, causing the reassembled module\u0027s\nID bound to be larger than necessary. This would be harmless, I think.\n\nThe real problem is with string operands.\n`SPV_OPERAND_TYPE_OPTIONAL_CIV` also accepts string literals, and a\nmulti-word string packed into `uint32_t` words must be emitted as a\nquoted string token, not as `%N`. Without grammar, the disassembler\ncannot tell which words start a string. String operands are not common,\nso this may not be a big issue." }, { "commit": "42956b77fea93fb1e1824d20169f174419e9845d", "tree": "b749d4b87a13b8bf619e8ff9d7a16d7864d25a38", "parents": [ "8a13595dd4ae5049ef42d0f30297d0c427db54b5" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 24 16:46:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 16:46:53 2026" }, "message": "spirv-val: Add Vulkan Image Format check (#6597)\n\n4 years, and a 3rd try of\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/4748 and\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/5458 to get\n`VUID-StandaloneSpirv-Image-04965` in\n\nLast time this stalled on\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/766 /\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/merge_requests/302/" }, { "commit": "8a13595dd4ae5049ef42d0f30297d0c427db54b5", "tree": "7d7c65b4925b752e99b3f23771539bfad9e60498", "parents": [ "93cde4f5ce430f0f74b13dfa0e573b5105b1cfbe" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Thu Mar 19 12:46:33 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 12:46:33 2026" }, "message": "spirv-val: Allow spec constants as DebugTypeArray component counts (#6608)\n\nThis updates the validator to match the spec update in\nhttps://github.com/KhronosGroup/SPIRV-Registry/pull/371 to allow any\nconstant instruction as the component count operand of `DebugTypeArray`.\n\nIt fixes the glslang issue\nhttps://github.com/KhronosGroup/glslang/issues/4186.\n\nThe constant check now determines whether it\u0027s checking for\nOpenCL.DebugInfo.100 or NSDI. The new rule only affects NSDI." }, { "commit": "93cde4f5ce430f0f74b13dfa0e573b5105b1cfbe", "tree": "c4525759e802d6a42647304a7b2f58ff9f67fe6b", "parents": [ "26fb01b92b00e4f40452d7c89494cf72a9f68a8f" ], "author": { "name": "Nathan Gauër", "email": "brioche@google.com", "time": "Thu Mar 19 10:56:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 10:56:24 2026" }, "message": "opt: fix OpUntypedVariableKHR removed from interfaces (#6607)\n\nThe remove_unused_interface pass was unaware of the OpUntypedVariableKHR\nopcode, and thus was wrongly removing those from the listed interfaces." }, { "commit": "26fb01b92b00e4f40452d7c89494cf72a9f68a8f", "tree": "bc0718d8b3a4bcc3a3b25d58cd353bfecf648c6b", "parents": [ "8d0044201984c645ef1d048a5c5a325b77a5146e" ], "author": { "name": "Paulius Velesko", "email": "pvelesko@pglc.io", "time": "Wed Mar 18 22:06:29 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 22:06:29 2026" }, "message": "Add validation support for Intel SPIR-V extensions (#6232)\n\nThis PR adds validation support for three Intel SPIR-V extensions:\n\nOpConstantFunctionPointerINTEL: Added validation logic and test coverage\nArbitraryPrecisionIntegersINTEL: Added type validation support and tests\nOpAliasScopeDeclINTEL/OpAliasScopeListDeclINTEL: Added ID validation\nsupport and tests\n\nFixes #6034" }, { "commit": "8d0044201984c645ef1d048a5c5a325b77a5146e", "tree": "bf9d34e5c5eb9b4ea5df31e820ed540a1a4bde4b", "parents": [ "e4bceacf59fdfe742047e94e41ef65a48999a0dd" ], "author": { "name": "Nathan Gauër", "email": "brioche@google.com", "time": "Tue Mar 17 08:47:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 17 08:47:53 2026" }, "message": "opt: allow aggressive DCE to optimize untyped_pointers (#6602)\n\nThis will be required to allow DXC generating descriptor heaps code\nwhich uses untyped pointers/descriptor_heap" }, { "commit": "e4bceacf59fdfe742047e94e41ef65a48999a0dd", "tree": "bda78c7dc69071474a43dccd7ca99d5c69c2b538", "parents": [ "989e29a489ba32e451d9e23c9016999eb75378e4" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Mar 16 01:10:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 16 01:10:24 2026" }, "message": "spirv-val: Add remaining OpSpecConstantOp (#6596)\n\nMy personal final PR for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nThere is still the access chains left, but those are going to be ugly,\nand since its only a `Kernel` feature, I don\u0027t have the bandwidth to\nlook into right now. (But did left some test for the person who does in\nthe future)" }, { "commit": "989e29a489ba32e451d9e23c9016999eb75378e4", "tree": "b999ddabf5089bca02adea85fb1b0e84b0fde77d", "parents": [ "5d6745bfdd3bdb3a5e04a6016104851244e12cdb" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Sat Mar 14 02:10:49 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 14 02:10:49 2026" }, "message": "Improve constant composite validation (#6598)\n\n* Refactored a lot of repetitive code\n* Improved operand checks to disallow spec constants in regular\nconstants\n* Removed some tests that no longer trigger appropriate messages\n * replaced more generally" }, { "commit": "5d6745bfdd3bdb3a5e04a6016104851244e12cdb", "tree": "3d8258e4d8fc05d8328f33048264e454fa4906c0", "parents": [ "5a1eea1546c372a945a27d9b10e0a059db6cc651" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Fri Mar 13 13:32:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 13 13:32:53 2026" }, "message": "Improve variable pointer validation (#6595)\n\nFixes #6532\n\n* Check through types to ensure only valid pointers are allocated in\nlogical variables\n* Fix up some invalid tests" }, { "commit": "5a1eea1546c372a945a27d9b10e0a059db6cc651", "tree": "989f4d8e7cf64cbbca2fc722c3e9b0de22cd893b", "parents": [ "7eda548e509357103af154ab70f63a8ffdbb4934" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Mar 13 02:21:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 13 02:21:46 2026" }, "message": "spirv-val: Add SubpassData and TileImageEXT checks (#6591)\n\nAdds `VUID-StandaloneSpirv-SubpassData-04660` and\n`VUID-StandaloneSpirv-None-08720`" }, { "commit": "7eda548e509357103af154ab70f63a8ffdbb4934", "tree": "4da07061f273fd949e2240edf9272725fabd0460", "parents": [ "b8ad063791ad9e338f93b78e07fa5287294f43da" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 19:34:03 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 19:34:03 2026" }, "message": "spirv-val: Breakup ValidateVariable (#6592)\n\nI tried to work on `ValidateVariable` and its honestly a 800 line mess\nof a function and no clue \"where\" to add anything\n\nI tried to break it up into some more smaller functions and group things\ntogether to make it more manageable" }, { "commit": "b8ad063791ad9e338f93b78e07fa5287294f43da", "tree": "53942a5b4f63e08d65214091cec93568937f1928", "parents": [ "334a9b71795f66477d4b60f9459ac160a081d939" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 16:02:18 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 16:02:18 2026" }, "message": "spirv-val: Add missing SPV_EXT_descriptor_indexing caps (#6589)\n\n(from\nhttps://github.com/KhronosGroup/Vulkan-ValidationLayers/issues/11860)\nAdds two missing `SPV_EXT_descriptor_indexing` from being allowed in\nVulkan1.2" }, { "commit": "334a9b71795f66477d4b60f9459ac160a081d939", "tree": "7a45c57edf64560f87340a18bbf7ddf167fddcd0", "parents": [ "c75e3498595a4c1fcf67045e58c40d215a3d3901" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 15:14:40 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 15:14:40 2026" }, "message": "spirv-val: More OpSpecConstantOp (#6585)\n\nAll is left after for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564 is the\nVectorShuffle/CompositeInsert/CompositeExtract and the AccessChains,\nthese will need some more changes to passing in the operand index, so\nsaving them for last" }, { "commit": "c75e3498595a4c1fcf67045e58c40d215a3d3901", "tree": "1ba4f2461638743ec68282ba0b621d6ca101246c", "parents": [ "85dc1ee2348bd28985e40a3f60e0b8eec2aed422" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Thu Mar 12 13:52:17 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 13:52:17 2026" }, "message": "Add validation for SPV_EXT_replicated_composites (#6583)\n\nFixes #6529\n\n* OpConstantCompositeReplicateEXT\n* OpSpecConstantCompositeReplicateEXT\n* OpCompositeConstructReplicateEXT" }, { "commit": "85dc1ee2348bd28985e40a3f60e0b8eec2aed422", "tree": "f6e6255cbf6a0fa9cae66cee3eebd297bd172ee2", "parents": [ "281fecf9d669adc3aec219b6c1fe103a2915af41" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 02:14:52 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 02:14:52 2026" }, "message": "spirv-val: Add OpSpecConstantOp for Arithmetics and Bitwise (#6582)\n\nanother chunk of https://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nadds `ArithmeticsPass` and `BitwisePass`" }, { "commit": "281fecf9d669adc3aec219b6c1fe103a2915af41", "tree": "c1348e42f14310626294d51a97ca03b2fe8fbf7b", "parents": [ "6e9d60d80905f561858c2b1234bbb82bb529c044" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 02:14:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 02:14:15 2026" }, "message": "spirv-val: Label LongVector VUID (#6581)\n\nWe decided today to move these to Standalone VUID\nhttps://gitlab.khronos.org/vulkan/vulkan/-/merge_requests/8106/diffs" }, { "commit": "6e9d60d80905f561858c2b1234bbb82bb529c044", "tree": "451e4d61814e469e05c809c2240bee6601a03edc", "parents": [ "40093b5e37ff92f9b63329f9ccd701ae1a12e0d2" ], "author": { "name": "Marijn Suijten", "email": "marijns95@gmail.com", "time": "Wed Mar 11 14:55:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:55:51 2026" }, "message": "Optimize `SPV_EXT_opacity_micromap` and `SPV_EXT_shader_invocation_reorder` (#6571)\n\nIt\u0027s been a while since I last added extensions to these lists, but I\njust ran into a long-forgotten related issue again that DXC outputs\ninvalid SPIR-V before it\u0027s stripped away by `spirv-opt`:\nhttps://github.com/microsoft/DirectXShaderCompiler/issues/8210.\n\nShaders with these extensions weren\u0027t yet extensively tested but this at\nleast gets us past `spir-val` in both DXC (can also be disabled with\n`-Vd`) and the validation layers.\n\n---\n\nI\u0027m probably way out of my league to ask, but is there still much\nsignificance to `extensions_allowlist_`? It seems like a maintenance\nburden that\u0027s very easy to miss, for (currently) a single extension\nthat\u0027s specifically commented out to not be optimized.\n\nIt\u0027s also mostly duplicated but not entirely in sync across all 4 passes\neither. I even noticed that `SPV_KHR_shader_clock` which **I added** to\n`dead_code_elim_pass` in\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/4049 isn\u0027t in any other\nfile, which must have been an oversight on my part but also means that\npresence of this extension erroneously disables all the other 3 passes." }, { "commit": "40093b5e37ff92f9b63329f9ccd701ae1a12e0d2", "tree": "747f92cf222625f9a88f45ea6407b11e00e64ad1", "parents": [ "47eef7be333fe709795fd695ba4f8e58c70a0cf0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Mar 11 14:50:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:50:02 2026" }, "message": "build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 in the github-actions group (#6572)\n\nBumps the github-actions group with 1 update:\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 4.32.5 to 4.32.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/0d579ffd059c29b07949a3cce3983f0780820c98\"\u003e\u003ccode\u003e0d579ff\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3551\"\u003e#3551\u003c/a\u003e\nfrom github/update-v4.32.6-72d2d850d\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/d4c6be7cf1c47a33a06fa9183269e133e6863574\"\u003e\u003ccode\u003ed4c6be7\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.6\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/72d2d850d1f91d4e1e024f4cf4276fd16bb68462\"\u003e\u003ccode\u003e72d2d85\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3548\"\u003e#3548\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/23f983ce00d9a853697a6aaa9eae8d5abbf14849\"\u003e\u003ccode\u003e23f983c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3544\"\u003e#3544\u003c/a\u003e\nfrom github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/832e97ccad228ef72e06ffee26f6251bceeb7e5f\"\u003e\u003ccode\u003e832e97c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3545\"\u003e#3545\u003c/a\u003e\nfrom github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/5ef38c0b13c2f0f5ce928cb7706f5fb19fc97ae2\"\u003e\u003ccode\u003e5ef38c0\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3546\"\u003e#3546\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/tar-7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/80c9cda73902bba67939606c4bf3a1d9606bb150\"\u003e\u003ccode\u003e80c9cda\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f2669dd916c673b2811839169929a8ba71bb7634\"\u003e\u003ccode\u003ef2669dd\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/bd03c44cf40965f5476f66fad404194e4cb35710\"\u003e\u003ccode\u003ebd03c44\u003c/code\u003e\u003c/a\u003e\nMerge branch \u0027main\u0027 into\ndependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/102d7627b63c066871badf0743c11b2f6dd9c9e9\"\u003e\u003ccode\u003e102d762\u003c/code\u003e\u003c/a\u003e\nBump tar from 7.5.7 to 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d4.32.5\u0026new-version\u003d4.32.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "47eef7be333fe709795fd695ba4f8e58c70a0cf0", "tree": "1ffdbbfa8b4eb774a2cc61de12d86332da62f8bc", "parents": [ "c1ad8d6247520655a3debaae46be9e764402cee5" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Mar 11 14:03:07 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:03:07 2026" }, "message": "Roll external/abseil_cpp/ 3b777f679..267879b45 (1 commit) (#6569)\n\nhttps://github.com/abseil/abseil-cpp/compare/3b777f67987d...267879b45aab\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c1ad8d6247520655a3debaae46be9e764402cee5", "tree": "d7d211a0f5d1ad1801c7b2226ee75014af008128", "parents": [ "608e62007ec9d6b9ef3cf9c76fd247e623e80ea2" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 10 17:57:23 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 17:57:23 2026" }, "message": "spirv-val: Get things to cases for OpSpecConstantOp (#6579)\n\nFor the \"final prep\" for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nMade a commit per file (incase people have fun with merge conflicts) to\nmake main pass function call into smaller functions, this will allow for\nthe `OpSpecConstantOp` usage to work as well\n\nThis was a pure copy-and-paste PR" }, { "commit": "608e62007ec9d6b9ef3cf9c76fd247e623e80ea2", "tree": "065c45f049c6fa79a5332b866e19dbc6679f821f", "parents": [ "2aa281c16ca42348b2e5262c809318a8935e3989" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 10 13:54:08 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 13:54:08 2026" }, "message": "spirv-val: Add remaining Convert SpecConstantOp (#6578)\n\nspirv-val: Adds the rest of the `Convert` for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564" }, { "commit": "2aa281c16ca42348b2e5262c809318a8935e3989", "tree": "51a4b94fbe3f03e168e123411bc3a145cd203b77", "parents": [ "05ac2f3a4f962704565aa6f512801a274f7be98a" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Mar 09 21:18:00 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 21:18:00 2026" }, "message": "spirv-val: Add U/S/FConvert SpecConstantOp (#6576)\n\nFirst few of https://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nI chose `UConvert`/`SConvert`/`FConvert` as I knew they had the most\n\"needed to fix in other tests\" such that future additions are more\n\"additive\" only from here" }, { "commit": "05ac2f3a4f962704565aa6f512801a274f7be98a", "tree": "d574e3ea1061687546dd67ebeba372799cde6ea8", "parents": [ "7d8d9e58c384949f1615c069d4c9346bf51b9738" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Mar 09 21:14:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 21:14:19 2026" }, "message": "spirv-val: Label VU 11165 OpCopyMemorySized (#6577)\n\nNew error\n\n\u003e [VUID-RuntimeSpirv-Size-11165] Size must be a multiple of 4. This is\nvalid if Source (StorageBuffer) and Target (StorageBuffer) storage\nclasses both support either 8-bit or 16-bit\n\n1. This adds the VUID to be tracked in VVL\n2. The current error message didn\u0027t make it obvious **why** it must be a\nmultiple of 2 or 4" }, { "commit": "7d8d9e58c384949f1615c069d4c9346bf51b9738", "tree": "f336323b6176ee90795b33058ee5c79fdb34cdba", "parents": [ "93b56e1990705c5f78be53ad910414aa187f1095" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Sat Mar 07 12:19:10 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 07 12:19:10 2026" }, "message": ".gitignore: android_test local build artifacts (#6574)\n\nIgnore directories created during the kokoro/android build flow." }, { "commit": "93b56e1990705c5f78be53ad910414aa187f1095", "tree": "cc1e5fb7d0cfc686119a6868b02692393ea0462b", "parents": [ "69f1c0dbc881676d09527edcc9ebb7c6e683e6fa" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Fri Mar 06 22:31:54 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 06 22:31:54 2026" }, "message": "kokoro: reorg build config dirs to match their names (#6573)" }, { "commit": "69f1c0dbc881676d09527edcc9ebb7c6e683e6fa", "tree": "5762fe28dd02d2b82fed37726c7c108088ff83ae", "parents": [ "915b8a63fa303edb9d58d57ba33ba3e3a12a9681" ], "author": { "name": "alister-chowdhury", "email": "30833607+alister-chowdhury@users.noreply.github.com", "time": "Fri Mar 06 16:20:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 06 16:20:19 2026" }, "message": "spirv-opt: Adding nested reassociation rules (#6453)\n\n**ReassociateNestedGenericInt**\nReassociate integer instructions where both operands share the same\nopcode and both source instructions contain a constant.\ne.g:\n```\n (a * C0) * (C1 * b) \u003d (C0 * C1) * (a * b)\n (a ^ C0) ^ (b ^ C1) \u003d (C0 ^ C1) ^ (a ^ b)\n (C0 | a) | (b | C1) \u003d (C0 | C1) | (a | b)\n (a \u0026 C0) \u0026 (b \u0026 C1) \u003d (C0 \u0026 C1) \u0026 (a \u0026 b)\n```\n\n**ReassociateNestedMulDivFloat**\nReassociate floating point mul/div instructions, which have mul/div\ninputs, both of which contain a constant.\ne.g:\n```\n (a * C0) / (C1 / b) \u003d (C0 / C1) * (a * b)\n (C0 / a) * (b / C1) \u003d (C0 / C1) * (b / a)\n (a / C0) / (b * C1) \u003d (1 / (C0 * C1)) * (a / b)\n```\n\n**ReassociateNestedAddSub**\nReassociate add/sub instructions, which have add/sub inputs, both of\nwhich contain a constant.\ne.g:\n```\n (a + C0) - (C1 - b) \u003d (C0 - C1) + (a + b)\n (C0 - a) + (b - C1) \u003d (C0 - C1) + (b - a)\n (a - C0) - (b + C1) \u003d (-C0 - C1) + (a - b)\n```\n\n---------\n\nCo-authored-by: Steven Perron \u003cstevenperron@google.com\u003e" }, { "commit": "915b8a63fa303edb9d58d57ba33ba3e3a12a9681", "tree": "bbd4c5c1250bb31bb88aab26f2d8712f37eec5db", "parents": [ "d83d9363b0b4466b78331f73ab64550416389d95" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Mar 06 02:42:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 06 02:42:57 2026" }, "message": "spirv-val: Create functions for convert validation (#6570)\n\nFirst step towards\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564 where we need to\nfirst create separate functions instead of the huge mega function\n\nThis was a copy-and-paste change" }, { "commit": "d83d9363b0b4466b78331f73ab64550416389d95", "tree": "807f049ac324a0d83f00250cd96d5c8dc2a6ee5a", "parents": [ "46b1e005696db761fd19067cda0d6d93e4d0b63c" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Wed Mar 04 19:05:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 04 19:05:50 2026" }, "message": "val: more validation of OpTypeFloat (#6568)\n\n- add tests for too many arguments\n- check if 32-bit and 64-bit float types have an encoding arg\n- check encoding arg for 16 bit types" }, { "commit": "46b1e005696db761fd19067cda0d6d93e4d0b63c", "tree": "a128c057928c2b17c334ceabec72fac675cbd11b", "parents": [ "7108829b7bbe18a370cef91b7ce8307d57a2baa2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Mar 04 15:32:12 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 04 15:32:12 2026" }, "message": "build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 in the github-actions group (#6566)\n\nBumps the github-actions group with 1 update:\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 4.32.4 to 4.32.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to\ndisable \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository\nproperty with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and\nthe type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in\nthe repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to\ndisable improved incremental analysis. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e. This\nfeature is not yet available on GitHub Enterprise Server. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e fails on a runner — potentially due to\ninsufficient disk space — the failure is recorded in the Actions cache\nso that subsequent runs will automatically skip improved incremental\nanalysis until something changes (e.g. a larger runner is provisioned or\na new CodeQL version is released). We expect to roll this change out to\neveryone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now\nskipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry\nconnection check failures to reduce noise from workflow annotations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space\nrequirement for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions\nrunners. We expect to roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the\n\u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from\nfeature flags instead of using the linked CLI bundle version. We expect\nto roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4,\n3.32.3 and 3.32.4 are now enabled by default. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to\ndisable \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository\nproperty with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and\nthe type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in\nthe repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to\ndisable improved incremental analysis. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e. This\nfeature is not yet available on GitHub Enterprise Server. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e fails on a runner — potentially due to\ninsufficient disk space — the failure is recorded in the Actions cache\nso that subsequent runs will automatically skip improved incremental\nanalysis until something changes (e.g. a larger runner is provisioned or\na new CodeQL version is released). We expect to roll this change out to\neveryone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now\nskipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry\nconnection check failures to reduce noise from workflow annotations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space\nrequirement for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions\nrunners. We expect to roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the\n\u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from\nfeature flags instead of using the linked CLI bundle version. We expect\nto roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4,\n3.32.3 and 3.32.4 are now enabled by default. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are\ngenerated for the authentication proxy that is used by the CodeQL Action\nin Default Setup when \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e. This is expected to generate more\nwidely compatible certificates and should have no impact on analyses\nwhich are working correctly already. We expect to roll this change out\nto everyone in February. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith\ndebugging enabled in Default Setup\u003c/a\u003e and \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for\nregistries\u0026quot; step will output additional diagnostic information that\ncan be used for troubleshooting. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network\ndebugging for Java programs. This will help GitHub staff support\ncustomers with troubleshooting issues in GitHub-managed CodeQL\nworkflows, such as Default Setup. This setting can only be enabled by\nGitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as\nDefault Setup, to use a \u003ca\nhref\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly\nCodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is\nused by default. This will help GitHub staff support customers whose\nanalyses for a given repository or organization require early access to\na change in an upcoming CodeQL CLI release. This setting can only be\nenabled by GitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e. This feature is not currently enabled for any\nanalysis. In the future, it may be enabled by default for Default Setup.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registry is configured\u003c/a\u003e using a GitHub Personal Access Token\n(PAT), but no username is configured. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository\nproperties cannot successfully be retrieved. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca\nhref\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions\ndebugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names\nwhen uploading logs from the Dependabot authentication proxy as workflow\nartifacts. This ensures that the artifact names do not clash between\nmultiple jobs in a build matrix. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca\nhref\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated\nfiles\u003c/a\u003e from the analysis. This feature is not currently enabled for\nany analysis. In the future, it may be enabled by default for some\nGitHub-managed analyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL\nAction are now shorter to avoid duplicated information from appearing in\nDependabot PRs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c793b717bc78562f491db7b0e93a3a178b099162\"\u003e\u003ccode\u003ec793b71\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3523\"\u003e#3523\u003c/a\u003e\nfrom github/update-v4.32.5-ca42bf226\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/06cd615ad8b3edfe6778d58fb83174989a173272\"\u003e\u003ccode\u003e06cd615\u003c/code\u003e\u003c/a\u003e\nSoften language re overlay failures\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f5516c663089381234544cc3360963ecb4620691\"\u003e\u003ccode\u003ef5516c6\u003c/code\u003e\u003c/a\u003e\nImprove changelog\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/97519e197e39ab1f818d1cd777ebde1f36b6fc8b\"\u003e\u003ccode\u003e97519e1\u003c/code\u003e\u003c/a\u003e\nUpdate release date\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/05259a1d08a6131e0365f17225b6cdd505374c9d\"\u003e\u003ccode\u003e05259a1\u003c/code\u003e\u003c/a\u003e\nAdd more changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/01ee2f785a9e66afe909ab712595ddf300b09a62\"\u003e\u003ccode\u003e01ee2f7\u003c/code\u003e\u003c/a\u003e\nAdd changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c72d9a49330eb56ae30a094ad1542127d5971876\"\u003e\u003ccode\u003ec72d9a4\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/ca42bf226a3801a25101149fe11787e34845a41d\"\u003e\u003ccode\u003eca42bf2\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3522\"\u003e#3522\u003c/a\u003e\nfrom github/henrymercer/update-supported-versions-table\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/6704d80ac6a9b194063f79c3c9d7f67dda457e70\"\u003e\u003ccode\u003e6704d80\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3520\"\u003e#3520\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/76348c0f1239a07d2ee606be6d12e01be8aa88d1\"\u003e\u003ccode\u003e76348c0\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3521\"\u003e#3521\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/minimatch-3.1.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c793b717bc78562f491db7b0e93a3a178b099162\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d4.32.4\u0026new-version\u003d4.32.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "7108829b7bbe18a370cef91b7ce8307d57a2baa2", "tree": "033736dea701ee7ef1275b0950394713d4ea76b4", "parents": [ "c28f5937bce369dde1d645299a8c9873da43dc72" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Mar 04 14:45:48 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 04 14:45:48 2026" }, "message": "Roll external/abseil_cpp/ dee6c6283..8836ff0ba (3 commits) (#6563)\n\nhttps://github.com/abseil/abseil-cpp/compare/dee6c628372a...8836ff0ba6a0\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c28f5937bce369dde1d645299a8c9873da43dc72", "tree": "973c98a173021ddf7c4f89fa211c95e256149e82", "parents": [ "6b956f34e4f26a5e53c30935863f94d227b1e6c6" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Tue Mar 03 17:11:47 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 17:11:47 2026" }, "message": "opt: Fix build issue with gcc 16 (replaeces PR #6542) (#6567)\n\nCompiling with gcc 16 throws this error:\n\nFAILED: [code\u003d1]\nsource/opt/CMakeFiles/SPIRV-Tools-opt.dir/decoration_manager.cpp.o\n source/opt/decoration_manager.cpp: In member function\n‘spvtools::opt::analysis::DecorationManager::CloneDecorations(unsigned\nint, unsigned int)’:\n source/opt/decoration_manager.cpp:546:27: error:\n‘MEM[(unsigned int \u0026)\u0026op + 24]’ may be used uninitialized\n[-Werror\u003dmaybe-uninitialized]\n\n546 | if (op.words[0] \u003d\u003d from) { // add new pair of operands: (to,\nliteral)\n source/opt/decoration_manager.cpp:545:19: note: ‘op’ declared here\n 545 | Operand op \u003d inst-\u003eGetOperand(i);\n | ^~\n cc1plus: all warnings being treated as errors\n\nMake sure that the vector is not empty before using it.\n\nCo-authored-by: José Expósito \u003cjose.exposito89@gmail.com\u003e" }, { "commit": "6b956f34e4f26a5e53c30935863f94d227b1e6c6", "tree": "0d09b221bf0e3819f03af562e0389409d5200cdb", "parents": [ "4972c69eb50255b314fc0925ca757c4417e6b6c0" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Tue Mar 03 16:28:20 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 16:28:20 2026" }, "message": "assembler: Handle leading + in hex float literals (#6565)\n\nMake it symmetric with a leading -\n\nTest underflow to zero.\n\nBug: crbug.com/488728576" }, { "commit": "4972c69eb50255b314fc0925ca757c4417e6b6c0", "tree": "9a9749a7ce3d6810372079cdc95946f105339e33", "parents": [ "1c8c845843ca77f70a862fc94d371d36fe703498" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Fri Feb 27 23:15:00 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 23:15:00 2026" }, "message": "spirv-as: Validate bit width of float types with explicit encodings (#6562)\n\nDo this in the assembler because it\u0027s silly to let it get any farther.\n\nBug: crbug.com/465892071" }, { "commit": "1c8c845843ca77f70a862fc94d371d36fe703498", "tree": "0b086e7344d64dcbd71bc9433157601ba201e3ec", "parents": [ "eeb5282f753f7e0fdce90e16eb7853b4c2c6e2e7" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Feb 27 17:15:12 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 17:15:12 2026" }, "message": "build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions group (#6561)\n\nBumps the github-actions group with 1 update:\n[actions/upload-artifact](https://github.com/actions/upload-artifact).\n\nUpdates `actions/upload-artifact` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What\u0027s new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers\ncan set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to\nskip zipping the file during upload. Right now, we only support single\nfiles. The action will fail if the glob passed resolves to multiple\nfiles. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this\nsetting. Instead, the name of the artifact will be the name of the\nuploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages,\nwe\u0027ve upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca\nhref\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca\nhref\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made\ntheir first contribution in \u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e\nSupport direct file uploads (\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e\nUpgrade the module to ESM and bump dependencies (\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e\nfrom actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e\nAdd proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dactions/upload-artifact\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d6.0.0\u0026new-version\u003d7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "eeb5282f753f7e0fdce90e16eb7853b4c2c6e2e7", "tree": "4adb2a4b5d217c16316a1a9369deb5cad8289308", "parents": [ "ff6adfd1511c21fb92e79384bec96955c400b84c" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Fri Feb 27 16:25:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 16:25:43 2026" }, "message": "roll deps (#6554)\n\n- **Roll external/googletest/ e9907112b..a40796659 (2 commits)**\n- **Roll external/abseil_cpp/ 64c1b40d7..4dc2be8a9 (4 commits)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "ff6adfd1511c21fb92e79384bec96955c400b84c", "tree": "d352df300217bd1bd922f53d6c5ff3431c0058fa", "parents": [ "90d8e7d8ae287980dc9bda69e1bf03f072351f2f" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Fri Feb 27 15:04:44 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 15:04:44 2026" }, "message": "kokoro: use \"gcloud storage\" instead of gsutil (#6551)\n\ngsutil is deprecated" }, { "commit": "90d8e7d8ae287980dc9bda69e1bf03f072351f2f", "tree": "b1d520b285fab6c65dabd5d79a1f860924e86229", "parents": [ "05bbb6906a5b52d590adda62b9ef756e7cb13569" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Feb 27 04:22:00 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 04:22:00 2026" }, "message": "spirv-val: Add constant check to mesh execution mode (#6560)\n\nWe discussed in https://gitlab.khronos.org/vulkan/vulkan/-/issues/4694\nthat having a `SetMeshOutputsEXT` with bogus constant values should be\ndisallowed, even if never taken as it currently causes various drivers\nissues trying to lower that code\n\nI added test to ensure that with spec constants, this is only validated\nwhen they are frozen" }, { "commit": "05bbb6906a5b52d590adda62b9ef756e7cb13569", "tree": "f321cf32822ec890df846fcade4bde14290eeec6", "parents": [ "d96e27bb8583639743240d9640d808e748e7de0c" ], "author": { "name": "Pankaj Mistry", "email": "63069047+pmistryNV@users.noreply.github.com", "time": "Fri Feb 27 00:25:42 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 00:25:42 2026" }, "message": "Fix C++20 compilation: add \u0027u\u0027 suffix to 4294967295 integer literal (#6557)\n\nThe literal 4294967295 (UINT32_MAX / 0xFFFFFFFF) exceeds INT_MAX\n(2,147,483,647) on 32-bit systems. In C++20, integer literal rules are\nstricter, and the compiler may treat it as int, causing overflow and\ncompilation failure.\n\nFix by adding the \u0027u\u0027 suffix to make the literal explicitly unsigned\n(4294967295u), which:\n- Correctly represents the value as unsigned int\n- Matches the expected uint32_t key type in SpecIdToValueStrMap\n- Matches the uint32_t field type in DescriptorSetAndBinding" }, { "commit": "d96e27bb8583639743240d9640d808e748e7de0c", "tree": "621108174cfb78cd39baa231a36e2175a082093c", "parents": [ "17a2dcf8d4ae5f344019586949790ee12aa71ce4" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Thu Feb 26 22:17:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 22:17:24 2026" }, "message": "spirv-val, spirv-opt: Support versioned NSDI imports (#6555)\n\nWith https://github.com/KhronosGroup/SPIRV-Registry/pull/384\nNonSemantic.Shader.DebugInfo started using a unified versioning\nscheme where later versions use a suffixed import name (e.g.\nNonSemantic.Shader.DebugInfo.101).\n\nThis updates the parser, optimizer, and validator to treat any\nNonSemantic.Shader.DebugInfo.\u003cversion\u003e import as the known instruction\nset rather than requiring the exact string \"...100\".\n\nFor known non-semantic extension instructions, push\nSPV_OPERAND_TYPE_VARIABLE_ID before the instruction-specific operands so\nthat extra trailing operands from future NSDI versions are silently absorbed\n\nMake operand checks strict for the current known version and lenient for unknown\nfuture versions.\n\nAdd tests for forward-compatibility cases." }, { "commit": "17a2dcf8d4ae5f344019586949790ee12aa71ce4", "tree": "e4a588cd3cfd0e8e85f4b2ab7d257c8730f5a93c", "parents": [ "e63ee307a0cbcd42fd8d80aa3c716e8159ac13aa" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Feb 26 19:17:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 19:17:15 2026" }, "message": "spirv-val: Set MeshShadingPass to match other passes (#6559)\n\nI have another PR coming for Mesh, but wanted to just make\n`MeshShadingPass` not be a monolithic function and branch it out like we\ndo for other passes\n\nthis is all just copy-and-pasting and hence why made a separate MR" }, { "commit": "e63ee307a0cbcd42fd8d80aa3c716e8159ac13aa", "tree": "2775bd0d8df4e0b7767937587d8bf8e6fb86ab8c", "parents": [ "b2033ea811c6c0150982b114c3cf4d3139c65fee" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Tue Feb 24 18:56:21 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 18:56:21 2026" }, "message": "[bazel] Use \"moderate\" timeout for opt_fold_test (#6553)\n\nIt hovers around 60s on Intel-based Mac.\n\nFixed: #6552" }, { "commit": "b2033ea811c6c0150982b114c3cf4d3139c65fee", "tree": "5263b0ae8aceb9c408583823650eaeeecbb6f221", "parents": [ "54ad621f6e3fa758c1b80981489fcf0b62d2b752" ], "author": { "name": "dan sinclair", "email": "dsinclair@chromium.org", "time": "Mon Feb 23 19:38:59 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 19:38:59 2026" }, "message": "Remove SVA. (#6550)\n\nThe SVA tool has not been maintained in a long time. WebGPU does not\ningest SPIR-V so this is no longer useful in general." }, { "commit": "54ad621f6e3fa758c1b80981489fcf0b62d2b752", "tree": "42eaf2d6dd80c3d5a535c853670b1af3eeb44556", "parents": [ "e16e629d42af475f2d3853b6430b8207e258d8fd" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Mon Feb 23 16:31:59 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 16:31:59 2026" }, "message": "cmake: Fix redundant dependency for build-version.inc (#6549)\n\nThe custom command to generate build-version.inc was being depended on\nin two ways by the SPIRV-Tools-static target.\n\nThis caused issues with the Xcode \"new build system\" which does not\nallow\nthis.\n\nThis change removes the redundant dependency through the\nspirv-tools-build-version target. The dependency through the source file\nproperties on software_version.cpp is sufficient.\n\nThe spirv-tools-build-version target has also been removed since it is\nno longer used and was only a convenience target.\n\nFixes #6548" }, { "commit": "e16e629d42af475f2d3853b6430b8207e258d8fd", "tree": "499ef732db0cbd61562ca99aa8d3cc621484b903", "parents": [ "0436c4b0556fbfcff46610e888974965fd36be2a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 23 15:14:13 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 15:14:13 2026" }, "message": "build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 in the github-actions group (#6531)\n\nBumps the github-actions group with 1 update:\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 4.32.0 to 4.32.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registry is configured\u003c/a\u003e using a GitHub Personal Access Token\n(PAT), but no username is configured. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository\nproperties cannot successfully be retrieved. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registry is configured\u003c/a\u003e using a GitHub Personal Access Token\n(PAT), but no username is configured. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository\nproperties cannot successfully be retrieved. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca\nhref\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions\ndebugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names\nwhen uploading logs from the Dependabot authentication proxy as workflow\nartifacts. This ensures that the artifact names do not clash between\nmultiple jobs in a build matrix. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca\nhref\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated\nfiles\u003c/a\u003e from the analysis. This feature is not currently enabled for\nany analysis. In the future, it may be enabled by default for some\nGitHub-managed analyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL\nAction are now shorter to avoid duplicated information from appearing in\nDependabot PRs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/6bc82e05fd0ea64601dd4b465378bbcf57de0314\"\u003e\u003ccode\u003e6bc82e0\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3447\"\u003e#3447\u003c/a\u003e\nfrom github/update-v4.32.1-f52cbc830\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/42f00f2d33668fbcf1dc3dd5c3bb29d28da0e60d\"\u003e\u003ccode\u003e42f00f2\u003c/code\u003e\u003c/a\u003e\nAdd a couple of change notes\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/cedee6de9f72b4373125bf3febfbf6c602a0b2d1\"\u003e\u003ccode\u003ecedee6d\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.1\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f52cbc83091da34ce9a8ae0e3db2f977e8d4ecb2\"\u003e\u003ccode\u003ef52cbc8\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3445\"\u003e#3445\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c5aaca4bb9117e5ece543792c718f055ed6ef031\"\u003e\u003ccode\u003ec5aaca4\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3446\"\u003e#3446\u003c/a\u003e\nfrom github/mbg/ci/pin-node-packages\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/3e58739c65d3c9ec50eda6506523bacfae244e1e\"\u003e\u003ccode\u003e3e58739\u003c/code\u003e\u003c/a\u003e\nPin \u003ccode\u003e@actions/tool-cache@3\u003c/code\u003e in workflows to avoid failures\nwith \u003ccode\u003egithub-script\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/a6ccefb47c262aa74c12cd875ddb489a95683052\"\u003e\u003ccode\u003ea6ccefb\u003c/code\u003e\u003c/a\u003e\nRebuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/0e64858573fbb4884fb38ad67277bd9d10949e52\"\u003e\u003ccode\u003e0e64858\u003c/code\u003e\u003c/a\u003e\nBump fast-xml-parser from 5.3.3 to 5.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f985be5b50bd175586d44aac9ac52926adf12893\"\u003e\u003ccode\u003ef985be5\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3443\"\u003e#3443\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/tar-7.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/0c8e06dfb239195730995b6e2e320fe7e8d423c0\"\u003e\u003ccode\u003e0c8e06d\u003c/code\u003e\u003c/a\u003e\nBump tar from 7.5.6 to 7.5.7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...6bc82e05fd0ea64601dd4b465378bbcf57de0314\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d4.32.0\u0026new-version\u003d4.32.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "0436c4b0556fbfcff46610e888974965fd36be2a", "tree": "962e6f8c3c0e5a979889378850e58c824b289f83", "parents": [ "0c49637e746147bb42b1c3437e3f78e4067859fe" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Sat Feb 21 18:39:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Feb 21 18:39:19 2026" }, "message": "Roll external/abseil_cpp/ 0e5031d3c..49cd3c7a2 (1 commit) (#6530)\n\nhttps://github.com/abseil/abseil-cpp/compare/0e5031d3c00d...49cd3c7a20fb\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "0c49637e746147bb42b1c3437e3f78e4067859fe", "tree": "3f9f6710945930af4a478e7b7c8b55c97ba3c97c", "parents": [ "3173273e78edeeacaae9d752afa2151e44af5f65" ], "author": { "name": "Piers Daniell", "email": "pdaniell@nvidia.com", "time": "Fri Feb 20 19:19:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 20 19:19:51 2026" }, "message": "Allow SPV_NV_push_constant_bank to be optimized (#6547)\n\nThis is needed to continue to allow certain optimizations on shaders\nthat use SPV_NV_push_constant_bank." }, { "commit": "3173273e78edeeacaae9d752afa2151e44af5f65", "tree": "94c9ee97024ff385ec5d38b32d57620847277fe8", "parents": [ "9ade896574632f65cec0d6c8a7c9df9a5356a839" ], "author": { "name": "changhwipark-arm", "email": "chang-hwi.park@arm.com", "time": "Fri Feb 20 16:54:18 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 20 16:54:18 2026" }, "message": "spirv-val: Add OpColorAttachmentReadEXT, OpDepthAttachmentReadEXT, OpStencilAttachmentReadEXT (#6543)\n\nIssue: https://github.com/KhronosGroup/SPIRV-Tools/issues/6528\n\nThe following validations are already handled by the existing capability\nchecks, so I did not add additional logics:\n- `TileImageColorReadAccessEXT` must be declared to use\n`OpColorAttachmentReadEXT`\n- `TileImageDepthReadAccessEXT` must be declared to use\n`OpDepthAttachmentReadEXT`\n- `TileImageStencilReadAccessEXT` must be declared to use\n`OpStencilAttachmentReadEXT`\n\nThe following validations and their corresponding unit tests were added\nin `validate_image.cpp`:\n- `OpColorAttachmentReadEXT` - Result Type must be a scalar or vector of\nfloating-point type or integer type.\n- `OpColorAttachmentReadEXT` - Result Type, if a vector, must be the\ncomponent type the same as Sampled Type of the OpTypeImage\n- `OpColorAttachmentReadEXT` - Attachment must be an object whose type\nis OpTypeImage with a Dim of TileImageDataEXT\n- `OpColorAttachmentReadEXT` - Sample must be an integer type scalar.\n- `OpColorAttachmentReadEXT` - only valid in the Fragment Execution\nModel.\n- `OpDepthAttachmentReadEXT` - Result Type must be a 32-bit\nfloating-point type scalar.\n- `OpDepthAttachmentReadEXT` - Sample must be an integer type scalar.\n- `OpDepthAttachmentReadEXT` - only valid in the Fragment Execution\nModel.\n- `OpStencilAttachmentReadEXT` - Result Type must be a 32-bit\nfloating-point type scalar.\n- `OpStencilAttachmentReadEXT` - Sample must be an integer type scalar.\n- `OpStencilAttachmentReadEXT` - only valid in the Fragment Execution\nModel." }, { "commit": "9ade896574632f65cec0d6c8a7c9df9a5356a839", "tree": "67f1b7633940182d738b606a60e4e5a887e267e3", "parents": [ "64f5770f59db933d46b9cad6edc42b4186409ef4" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Feb 20 15:56:56 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 20 15:56:56 2026" }, "message": "spirv-val: Add SPV_VALVE_mixed_float_dot_product (#6546)\n\nfor `SPV_VALVE_mixed_float_dot_product` added in\nhttps://github.com/KhronosGroup/SPIRV-Registry/pull/387" }, { "commit": "64f5770f59db933d46b9cad6edc42b4186409ef4", "tree": "55d61562c6a5ec130f23d89c297dc3d2cd183f53", "parents": [ "a8fa7f5032a528c06339a58d0bd23541085fcfb2" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Wed Feb 18 15:43:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 15:43:43 2026" }, "message": "spirv-opt: Reorder access chain and multi-dim array passes (#6545)\n\nThe combine-access-chain pass leaves dead code that breaks the\nlegalization pass. Additionally, the legalize-multi-dim-arrays pass\ncreates arithmetic expressions that could be folded.\n\nThis commit moves these passes earlier in the pipeline to ensure the\ncode they create can be cleaned up. It is safe to move them earlier\nbecause they are flexible and do not depend on the later passes." }, { "commit": "a8fa7f5032a528c06339a58d0bd23541085fcfb2", "tree": "74e54421d649d9a3e7ad3a7828a662dbfb5629f0", "parents": [ "cb38b2342beedde25bcff582dc3528a135cf6e67" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Feb 17 04:38:37 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 17 04:38:37 2026" }, "message": "spirv-val: Add Pipe validation (#6540)\n\nAdds all the various `Pipe` instruction validation" }, { "commit": "cb38b2342beedde25bcff582dc3528a135cf6e67", "tree": "18ddce756bcdddbfbc1c5065831abc9efa7bcb25", "parents": [ "f139c64525c7c449c83d299a9fda4e1657bf37ab" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Wed Feb 11 14:44:41 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 11 14:44:41 2026" }, "message": "spirv-opt: Add LegalizeMultidimArrayPass (#6535)\n\nThis pass transforms multidimensional arrays of resources (e.g.,\nTexture2D g_Textures[2][3]) into single-dimensional arrays (e.g.,\nTexture2D g_Textures[6]) and updates all access chains that reference\nthem.\n\nThis transformation is required for Vulkan compatibility, as\nmultidimensional\nresource arrays are not allowed in some storage classes.\n\nSpecifically, it helps avoid:\n- VUID-StandaloneSpirv-Uniform-06807\n- VUID-StandaloneSpirv-UniformConstant-04655\n\nFixes https://github.com/microsoft/DirectXShaderCompiler/issues/7922" }, { "commit": "f139c64525c7c449c83d299a9fda4e1657bf37ab", "tree": "4a9ec23b974582a4100292bac9720d63c8c962de", "parents": [ "04d0b166dcd62e29509bf2aac3ca0c5ccdcb6929" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sun Feb 08 22:34:14 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Feb 08 22:34:14 2026" }, "message": "spirv-val: Add SPV_KHR_ray_tracing_position_fetch (#6539)\n\ncloses https://github.com/KhronosGroup/SPIRV-Tools/issues/5884" }, { "commit": "04d0b166dcd62e29509bf2aac3ca0c5ccdcb6929", "tree": "c52329d6f44a42defde4b226571d0d77d937a385", "parents": [ "f700a727ea5dfacb2ba41854f8a5c2894d322298" ], "author": { "name": "Ben Ashbaugh", "email": "ben.ashbaugh@intel.com", "time": "Sat Feb 07 22:26:47 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Feb 07 22:26:47 2026" }, "message": "add FPRoundingMode decoration checks for Kernel SPIR-V (#6537)\n\nAdds FPRoundingMode decoration checks for Kernel SPIR-V. See:\n\n\nhttps://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_Env.html#_rounding_modes_for_conversions\n\n---------\n\nSigned-off-by: Ben Ashbaugh \u003cben.ashbaugh@intel.com\u003e" }, { "commit": "f700a727ea5dfacb2ba41854f8a5c2894d322298", "tree": "2e899711c543be519e6e6dce36e00737ff7171b2", "parents": [ "a8afb0250b8498f4ccdd3851a77f6a33e43a5684" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sat Feb 07 19:09:28 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Feb 07 19:09:28 2026" }, "message": "spirv-val: Small cleanup in EvalInt32IfConst (#6538)\n\n" }, { "commit": "a8afb0250b8498f4ccdd3851a77f6a33e43a5684", "tree": "1b3ee1847135ca015fcac5b78c3b435a706d65e4", "parents": [ "447aeb0029d46de6a1d1ad6889280073d3aa6e72" ], "author": { "name": "Spencer", "email": "94135891+spencer005@users.noreply.github.com", "time": "Fri Feb 06 18:20:17 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 06 18:20:17 2026" }, "message": "spirv-opt: handle mixed-width shifts in RedundantAndShift (#6504)\n\nI encountered a crash with instruction folding enabled while using\nshaderc (reproduced in test case 15) where shaderc generated code with a\n32 shift on a 64bit int, this commit adds support for instruction\nfolding for all different cases I interpreted as valid from reading the\nspirv spec.\n\nhttps://registry.khronos.org/SPIR-V/specs/unified1/SPIRV.html 3.3.14.\nBit Instructions\n\nTo the best of my knowledge this is correct and I added tests\n\nonly supports 8/16/32/64 width since that\u0027s what I saw defined in the\nspec but should handle things like\nhttps://github.khronos.org/SPIRV-Registry/extensions/ALTERA/SPV_ALTERA_arbitrary_precision_integers.html\nfine by not folding as it did before while fixing the mixed-width shift\ncase and supporting 8/16" }, { "commit": "447aeb0029d46de6a1d1ad6889280073d3aa6e72", "tree": "cc03579c0803b0e444ccf77d3fe963681fcb51b0", "parents": [ "d9d2ec123c1b92de48c12fd084fc278cd99c6fce" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Feb 06 16:24:28 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 06 16:24:28 2026" }, "message": "spirv-val: Add ArrayStrideIdEXT zero check (#6536)\n\nHit a bug where VVL wasn\u0027t detecting `ArrayStrideIdEXT` stride was zero\nbecause the spec constant was forgotten the default was taking, crashing\nin the driver\n\nThis matches the `ArrayStride 0` check we have and confirmed VVL with\nthis will now detect it" }, { "commit": "d9d2ec123c1b92de48c12fd084fc278cd99c6fce", "tree": "45e77815dbc844e1c120f1a64c8d403f278d95a7", "parents": [ "97e05b836c6a79ff75dd761f93c88f6dbdb81c48" ], "author": { "name": "alister-chowdhury", "email": "30833607+alister-chowdhury@users.noreply.github.com", "time": "Wed Feb 04 17:20:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 04 17:20:57 2026" }, "message": "spirv-opt: Adding rule for redundant OpLogicalEqual/OpLogicalNotEqual (#6454)\n\n*RedundantLogicalEqual*\n```\n(a \u003d\u003d true) \u003d a\n(a \u003d\u003d false) \u003d !a\n(a !\u003d true) \u003d !a\n(a !\u003d false) \u003d a\n```" }, { "commit": "97e05b836c6a79ff75dd761f93c88f6dbdb81c48", "tree": "4569e02a55b4531f94d5b0a3182464c35dfc0f29", "parents": [ "cb0ba4dd475eeccb2df2e9a04eab22697c94f74e" ], "author": { "name": "alister-chowdhury", "email": "30833607+alister-chowdhury@users.noreply.github.com", "time": "Wed Feb 04 16:58:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 04 16:58:01 2026" }, "message": "spriv-opt: Adding a rule to merge select-binaryop (#6456)\n\nIt seems that things like `(a ? 1u : 0u) \u003d\u003d 1u` are surprisingly\nprevalent.\nWhen the select results are constants and a binary op is constant, we\ncan merge the result directly into the select.\nThe following cases have been added:\n```\n ((a ? C0 : C1) \u003d\u003d C2) \u003d ((a ? (C0 \u003d\u003d C2) : (C1 \u003d\u003d C2))\n ((a ? C0 : C1) !\u003d C2) \u003d ((a ? (C0 !\u003d C2) : (C1 !\u003d C2))\n ((a ? C0 : C1) \u003c C2) \u003d ((a ? (C0 \u003c C2) : (C1 \u003c C2))\n ((a ? C0 : C1) \u003c\u003d C2) \u003d ((a ? (C0 \u003c\u003d C2) : (C1 \u003c\u003d C2))\n ((a ? C0 : C1) \u003e C2) \u003d ((a ? (C0 \u003e C2) : (C1 \u003e C2))\n ((a ? C0 : C1) \u003e\u003d C2) \u003d ((a ? (C0 \u003e\u003d C2) : (C1 \u003e\u003d C2))\n ((a ? C0 : C1) || C2) \u003d ((a ? (C0 || C2) : (C1 || C2))\n ((a ? C0 : C1) \u0026\u0026 C2) \u003d ((a ? (C0 \u0026\u0026 C2) : (C1 \u0026\u0026 C2))\n ((a ? C0 : C1) + C2) \u003d ((a ? (C0 + C2) : (C1 + C2))\n ((a ? C0 : C1) - C2) \u003d ((a ? (C0 - C2) : (C1 - C2))\n ((a ? C0 : C1) * C2) \u003d ((a ? (C0 * C2) : (C1 * C2))\n ((a ? C0 : C1) / C2) \u003d ((a ? (C0 / C2) : (C1 / C2))\n ((a ? C0 : C1) \u003e\u003e C2) \u003d ((a ? (C0 \u003e\u003e C2) : (C1 \u003e\u003e C2))\n ((a ? C0 : C1) \u003c\u003c C2) \u003d ((a ? (C0 \u003c\u003c C2) : (C1 \u003c\u003c C2))\n ((a ? C0 : C1) ^ C2) \u003d ((a ? (C0 ^ C2) : (C1 ^ C2))\n ((a ? C0 : C1) | C2) \u003d ((a ? (C0 | C2) : (C1 | C2))\n ((a ? C0 : C1) \u0026 C2) \u003d ((a ? (C0 \u0026 C2) : (C1 \u0026 C2))\n```\n\nThis further opens the door to further collapses like: `(a ? true :\nfalse) \u003d a`" }, { "commit": "cb0ba4dd475eeccb2df2e9a04eab22697c94f74e", "tree": "e6608ac846fb11f9c3d36c30469600c111498b51", "parents": [ "a66a95eecf5102f2b19d6208385538c7c29aa7a1" ], "author": { "name": "Steve Urquhart", "email": "53908460+SteveUrquhart@users.noreply.github.com", "time": "Wed Feb 04 16:48:37 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 04 16:48:37 2026" }, "message": "spirv-opt: Allow exe preserve_interface to be false (#6521)\n\nThe spirv-opt.exe front-end initializes preserve_interface to true, and\nallows the user to reinitialize it to true by passing\n--preserve-interface. It should be initialized to false, so the user has\nboth options available from the command line.\n\nThe PR includes a test, but the test framework doesn\u0027t seem to exercise\nthe exe front-ends, so it passes without this commit. We can either omit\nthe test or extend the testing to allow exercising the exe\u0027s." }, { "commit": "a66a95eecf5102f2b19d6208385538c7c29aa7a1", "tree": "a1faeb6b48e0d0ef80dedf37d65bc8685c5fa83a", "parents": [ "ede19b60a859aee4e7c3ab2b9b0e2cbda1d754bb" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Feb 02 19:38:08 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 02 19:38:08 2026" }, "message": "spirv-val: Add DotProduce Capability (#6525)\n\nI realized in https://github.com/KhronosGroup/SPIRV-Tools/pull/6524 I\nforgot the validation around `DotProductInputAll`, `\nDotProductInput4x8Bit` and `DotProductInput4x8BitPacked`" }, { "commit": "ede19b60a859aee4e7c3ab2b9b0e2cbda1d754bb", "tree": "bc95bb8965ae34b522682566f8b5cafcb91253ad", "parents": [ "a9bd05ae994d66c34ee584661a9e49d2b925c562" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sun Feb 01 21:05:32 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Feb 01 21:05:32 2026" }, "message": "spirv-val: Add SPV_EXT_shader_stencil_export (#6527)\n\nAdd missing SPV_EXT_shader_stencil_export execution mode check" }, { "commit": "a9bd05ae994d66c34ee584661a9e49d2b925c562", "tree": "10767478fb0d6f355190aadc0e26f3eab77b0aac", "parents": [ "3ac12f1e37d20a6add31fa9a0f85720bdf1d4997" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sun Feb 01 20:41:31 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Feb 01 20:41:31 2026" }, "message": "spirv-val: Add SPV_KHR_post_depth_coverage (#6526)\n\nAdds the missing `PostDepthCoverage` check from\n`SPV_KHR_post_depth_coverage`" }, { "commit": "3ac12f1e37d20a6add31fa9a0f85720bdf1d4997", "tree": "9e69b7f8a202e37d8af2152f73aa33dc1e9ba299", "parents": [ "1c69c17979a1536c6ed44085c37472a030a32306" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sat Jan 31 22:57:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Jan 31 22:57:39 2026" }, "message": "spirv-val: Add SPV_KHR_integer_dot_product (#6524)\n\nWe seem to just have actually never added validation for\n`SPV_KHR_integer_dot_product` in\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/4327/ (and seems after\na few years, no one was going to do it)\n\nThis adds it" }, { "commit": "1c69c17979a1536c6ed44085c37472a030a32306", "tree": "73087194245f0a7e399e92810624f7ef67d105a6", "parents": [ "c2098b6dd2bf0e9511acee4fb9fb1d1523d48d2e" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Sat Jan 31 03:38:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Jan 31 03:38:53 2026" }, "message": "roll deps (#6505)\n\n- **Roll external/abseil_cpp/ 889ddc99e..dd3cb9eb8 (1 commit)**\n- **Roll external/spirv-headers/ babee7702..71a303c73 (2 commits)**\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c2098b6dd2bf0e9511acee4fb9fb1d1523d48d2e", "tree": "1588c0c07d41166dbe9b82beefb1f56d35680144", "parents": [ "5bb238babea148e019c6a0caaf334988b7cf7612" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Fri Jan 30 17:46:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 30 17:46:51 2026" }, "message": "Update dependencies (#6523)\n\nI update the dependencies, and fix up the bazel files to work with the\nupdated dependencies.\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "5bb238babea148e019c6a0caaf334988b7cf7612", "tree": "e3a2ff675a2fdc01ff090b0fb5ddb20ac21cbc67", "parents": [ "d4671f690ac42f196795272114daadc5088967ce" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Jan 30 16:57:36 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 30 16:57:36 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 3 updates (#6522)\n\nBumps the github-actions group with 3 updates in the / directory:\n[actions/cache](https://github.com/actions/cache),\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.2 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e\nwith the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e\nsection.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by\nupdating the \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e\nfile with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed\nand merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e\nuse the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you\nmade in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca\nhref\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version\nnumber.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags\nfor this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before\nupgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca\nhref\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e\nfrom actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e\nAdd review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e\nAdd licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e\nUpgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e\nAdd 5.0.3 builds\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/get-cmake` from 4.2.2 to 4.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.2.3\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.2.3\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md\"\u003elukka/get-cmake\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Process for get-cmake\u003c/h1\u003e\n\u003cp\u003eThis document describes the release process for the get-cmake action\nafter a new CMake or Ninja version has been merged to the\n\u003ccode\u003emain\u003c/code\u003e branch.\u003c/p\u003e\n\u003ch2\u003eOverview\u003c/h2\u003e\n\u003cp\u003eThe get-cmake action uses two key reference points for users:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003elatest\u003c/code\u003e branch\u003c/strong\u003e - Points to the most\nrecent stable release\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVersion tags\u003c/strong\u003e (e.g., \u003ccode\u003evX.Y.Z\u003c/code\u003e) - Allow\nusers to pin to specific versions\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eWhen a new CMake version is detected and merged to \u003ccode\u003emain\u003c/code\u003e\nvia automated PR, a release is performed automatically (or can be done\nmanually) to make it available to users.\u003c/p\u003e\n\u003ch2\u003eRelease Steps\u003c/h2\u003e\n\u003ch3\u003eOption 1: Automatic Release (Recommended)\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003eauto-release.yml\u003c/code\u003e workflow automatically handles\nreleases when automated CMake version PRs are merged:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen a PR with title matching \u003ccode\u003e[Automated] Adding\ncmake-vX.Y.Z\u003c/code\u003e is merged to main\u003c/li\u003e\n\u003cli\u003eThe workflow automatically:\n\u003cul\u003e\n\u003cli\u003eReads the version from \u003ccode\u003e.latest_cmake_version\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdates the \u003ccode\u003elatest\u003c/code\u003e branch to match\n\u003ccode\u003emain\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCreates and pushes the version tag (if it doesn\u0027t exist)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e\u003cstrong\u003eNo manual action needed\u003c/strong\u003e - the release happens\nautomatically!\u003c/p\u003e\n\u003ch3\u003eOption 2: Manual Release (Override/Fallback)\u003c/h3\u003e\n\u003cp\u003eIf you need to manually trigger a release or override the automatic\nprocess:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eGo to the Actions tab in GitHub\u003c/li\u003e\n\u003cli\u003eSelect \u0026quot;Sync latest branch and create release tag\u0026quot;\nworkflow\u003c/li\u003e\n\u003cli\u003eClick \u0026quot;Run workflow\u0026quot;\u003c/li\u003e\n\u003cli\u003eEnter the tag name (e.g., \u003ccode\u003ev4.2.3\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eClick \u0026quot;Run workflow\u0026quot; button\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThe workflow will:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate the tag name format\u003c/li\u003e\n\u003cli\u003eUpdate the \u003ccode\u003elatest\u003c/code\u003e branch to match\n\u003ccode\u003emain\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCreate and push the specified version tag\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOption 3: Manual Command-Line Process (Advanced)\u003c/h3\u003e\n\u003cp\u003eIf you prefer to do this manually via command line:\u003c/p\u003e\n\u003cpre lang\u003d\"bash\"\u003e\u003ccode\u003e# 1. Ensure you\u0027re on the main branch and up to\ndate\ngit checkout main\ngit pull origin main\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/f176ccd3f28bda569c43aae4894f06b2435a3375\"\u003e\u003ccode\u003ef176ccd\u003c/code\u003e\u003c/a\u003e\nAdd automated release workflows for latest branch sync and version\ntagging (#...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/e7542854e3fe0166dffaba8d1cd565da2496a902\"\u003e\u003ccode\u003ee754285\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.2.3 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/822400bf6a9ad495c9edee74e4b8c787e2afaded\"\u003e\u003ccode\u003e822400b\u003c/code\u003e\u003c/a\u003e\nBump jws from 3.2.2 to 3.2.3 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/1bfad7b462c7bdce9de8baddc4a479a586342f57\"\u003e\u003ccode\u003e1bfad7b\u003c/code\u003e\u003c/a\u003e\nBump lodash from 4.17.21 to 4.17.23 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/dc05ee1ee5ba69770230c73a6a4e947595745cab...f176ccd3f28bda569c43aae4894f06b2435a3375\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.11 to 4.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca\nhref\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions\ndebugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names\nwhen uploading logs from the Dependabot authentication proxy as workflow\nartifacts. This ensures that the artifact names do not clash between\nmultiple jobs in a build matrix. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca\nhref\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated\nfiles\u003c/a\u003e from the analysis. This feature is not currently enabled for\nany analysis. In the future, it may be enabled by default for some\nGitHub-managed analyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL\nAction are now shorter to avoid duplicated information from appearing in\nDependabot PRs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now\nlogs a warning for customers who are running v3 but could be running v4.\nFor more information, see \u003ca\nhref\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming\ndeprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003e\u003ccode\u003eb20883b\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3428\"\u003e#3428\u003c/a\u003e\nfrom github/update-v4.32.0-e3b8227a2\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b\"\u003e\u003ccode\u003ec9aa45d\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634\"\u003e\u003ccode\u003ee3b8227\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3427\"\u003e#3427\u003c/a\u003e\nfrom github/henrymercer/bump-for-new-minor-series\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064\"\u003e\u003ccode\u003e8a01181\u003c/code\u003e\u003c/a\u003e\nCompare minor version number\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae\"\u003e\u003ccode\u003e80e1425\u003c/code\u003e\u003c/a\u003e\nBump minor version for CLI v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a\"\u003e\u003ccode\u003eb748848\u003c/code\u003e\u003c/a\u003e\nBump the Action minor version number on new CodeQL minor version\nseries\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18\"\u003e\u003ccode\u003e5e767ef\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3425\"\u003e#3425\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86\"\u003e\u003ccode\u003e9752869\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e\"\u003e\u003ccode\u003ec62c214\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490\"\u003e\u003ccode\u003e25a224b\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3423\"\u003e#3423\u003c/a\u003e\nfrom github/mbg/ci/yq-windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/19b2f06db2b6f5108140aeb04014ef02b648f789...b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d4671f690ac42f196795272114daadc5088967ce", "tree": "a9fda20064da4be425692fef895d4796c11240a7", "parents": [ "0a7e28689ad1b2cd753e9341b41526613926a406" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Wed Jan 28 02:55:08 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 02:55:08 2026" }, "message": "spirv-val: Add OpGroupAsyncCopy and OpGroupWaitEvents (#6519)\n\nadds `OpGroupAsyncCopy` and `OpGroupWaitEvents` (and a test for every\nerror added)" }, { "commit": "0a7e28689ad1b2cd753e9341b41526613926a406", "tree": "b0f680326bacefaaf456ffcae2089a3c78b7ee67", "parents": [ "d3f9ef117aab877b23a266b1e7542549ea70b817" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Tue Jan 27 15:37:28 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 15:37:28 2026" }, "message": "Start v2026.2 release (#6517)\n\nUpdate CHANGES to refelec the start of the next relese. Updated the date\nfor the previous release. It should reflect the date for the last commit\nin where the tag was added. Not the release of the Vulan SDK in which\nthis release will be used." }, { "commit": "d3f9ef117aab877b23a266b1e7542549ea70b817", "tree": "849a64f928c8c3a0cf320f9e3b5fc9d8b11d4692", "parents": [ "7ad2d7bb871b7ddfd639f8b076d503f3fb89c896" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 26 16:30:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 16:30:43 2026" }, "message": "spirv-val: Add OpLifetimeStart/Stop (#6514)\n\n" }, { "commit": "7ad2d7bb871b7ddfd639f8b076d503f3fb89c896", "tree": "13d735f759bfccc67d68cdecca488f484cace72b", "parents": [ "77a096c929cefa5069fcbf9060aac6a09bd88bd5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Jan 26 16:21:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 16:21:19 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 4 updates (#6511)\n\nBumps the github-actions group with 4 updates in the / directory:\n[actions/checkout](https://github.com/actions/checkout),\n[actions/cache](https://github.com/actions/cache),\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID\nis set by \u003ca\nhref\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements\nby \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca\nhref\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca\nhref\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca\nhref\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca\nhref\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca\nhref\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca\nhref\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca\nhref\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca\nhref\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment\nvariables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca\nhref\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca\nhref\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca\nhref\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4\nupdates by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca\nhref\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable\nversion. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca\nhref\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e\nFix tag handling: preserve annotations and explicit fetch-tags (\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e\nAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is\nset (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service\nwill not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before\nupgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca\nhref\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in\ndebug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up\nfor improved performance and reliability. \u003ca\nhref\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates\nwith the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st,\n2025\u003c/strong\u003e. The legacy service will also be sunset on the same date.\nChanges in these release are \u003cstrong\u003efully backward\ncompatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We\nrecommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as\nsoon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade\ninstructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions\n\u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated\n\u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will\nfail.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e\nfrom GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e\nlicense for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e\nUpdate licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e\nBuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e\nAdd PR link to releases\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/9b8ca9f07e012351dafbf1c878e8fe2ee9a01c84\"\u003e\u003ccode\u003e9b8ca9f\u003c/code\u003e\u003c/a\u003e\nBump actions/cache to 5.0.3\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/get-cmake` from 4.2.1 to 4.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.2.2\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.2.2\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/dc05ee1ee5ba69770230c73a6a4e947595745cab\"\u003e\u003ccode\u003edc05ee1\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.2.2 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/9e07ecdcee1b12e5037e42f410b67f03e2f626e1...dc05ee1ee5ba69770230c73a6a4e947595745cab\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.31.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e\nfor more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now\nlogs a warning for customers who are running v3 but could be running v4.\nFor more information, see \u003ca\nhref\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming\ndeprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the\n\u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL\nAction 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89\"\u003e\u003ccode\u003ecdefb33\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3394\"\u003e#3394\u003c/a\u003e\nfrom github/update-v4.31.10-0fa411efd\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31\"\u003e\u003ccode\u003ecfa77c6\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.31.10\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a\"\u003e\u003ccode\u003e0fa411e\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3393\"\u003e#3393\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.23.9\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78\"\u003e\u003ccode\u003ec284324\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304\"\u003e\u003ccode\u003e83e7d00\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.23.9\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6\"\u003e\u003ccode\u003ef6a16be\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3391\"\u003e#3391\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/npm-minor-f1cdf5...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270\"\u003e\u003ccode\u003ec1f5f1a\u003c/code\u003e\u003c/a\u003e\nRebuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89\"\u003e\u003ccode\u003e1805d8d\u003c/code\u003e\u003c/a\u003e\nBump the npm-minor group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a\"\u003e\u003ccode\u003eb2951d2\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3353\"\u003e#3353\u003c/a\u003e\nfrom github/kaspersv/bump-min-cli-v-for-overlay\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f\"\u003e\u003ccode\u003e41448d9\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3287\"\u003e#3287\u003c/a\u003e\nfrom github/henrymercer/generate-mergeback-last\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...cdefb33c0f6224e58673d9004f47f7cb3e328b89\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "77a096c929cefa5069fcbf9060aac6a09bd88bd5", "tree": "4ebe09198e0641535a9d331f2a2445dbd6bc6a69", "parents": [ "f6a1f35258b7d5a5d9f9c5c8f5688ee43b5572ad" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 26 02:32:37 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 02:32:37 2026" }, "message": "spirv-val: Fix OpImageQueryLod for Kernel (#6516)\n\nas discussed in\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/908#note_586477\n\nthis seems to have just been a mistake, confirmed that `OpImageQueryLod`\nhas not special condition to allow int coordinates" }, { "commit": "f6a1f35258b7d5a5d9f9c5c8f5688ee43b5572ad", "tree": "299d4903ed2a9e68af05477170c92c9692c5abf2", "parents": [ "fbe4f3ad913c44fe8700545f8ffe35d1382b7093" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 26 02:31:55 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 02:31:55 2026" }, "message": "spirv-val: Add Basic Group checks (#6515)\n\nAdds basic checks for \n\n- OpGroupAny\n- OpGroupAll\n- OpGroupBroadcast\n- OpGroupFAdd\n- OpGroupFMax\n- OpGroupFMin\n- OpGroupIAdd\n- OpGroupUMin\n- OpGroupSMin\n- OpGroupUMax\n- OpGroupSMax" }, { "commit": "fbe4f3ad913c44fe8700545f8ffe35d1382b7093", "tree": "8a6c205a74dbd8d72cd19fd482c9de47fc7c5832", "parents": [ "20cb35fa2c2b1b6ad7a4768cbf6322e755f21b93" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Thu Jan 22 19:45:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 19:45:19 2026" }, "message": "[OPT] Process debug scope instructions of debug value instructions (#6510)\n\nWhen we create a debug value from a debug scope instruction in ADCE, we\nadd the new instruction directly to the live set. This by passes the\ncode that processes the operands of the new instructions to make sure\nthey are all live.\n\nWe do the same thing when a debug value is modify to have an undef. In\nthat case we have bespoke code to process some of this accociated code,\nbut it misses the debug scope. I replace the bespoke processing by\nadding it to the worklist.\n\nFixes #6508" }, { "commit": "20cb35fa2c2b1b6ad7a4768cbf6322e755f21b93", "tree": "4407928425ba0ae47f499ccf349f952dcf6433d7", "parents": [ "49a2371fae41ada9c5dc75fcae2d85168db14f2f" ], "author": { "name": "Steve Urquhart", "email": "53908460+SteveUrquhart@users.noreply.github.com", "time": "Thu Jan 22 19:14:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 19:14:02 2026" }, "message": "spirv-opt: Correct DebugValue placement in ADCE (#6491)\n\nWhen a DebugDeclare\u0027s variable is eliminated, it can generate multiple\nDebugValue instructions, one for each OpStore to the eliminated\nvariable. The current logic is not placing the DebugValues in the\ncorrect place. They are currently placed at the DebugDeclare location,\nand multiple DebugValues are not tested. This PR fixes the location and\nextends the DebugValue test such that a DebugDeclare is broken into\nmultiple DebugValues, and shows that the placement of both DebugValues\nis now correct." }, { "commit": "49a2371fae41ada9c5dc75fcae2d85168db14f2f", "tree": "94df4cbe21fca5ad2deadd5205f4c1be54e68874", "parents": [ "dfc5ab82cdf83c6b7ae3bc4198822c130df6f2a6" ], "author": { "name": "Nathan Gauër", "email": "brioche@google.com", "time": "Thu Jan 22 14:10:58 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 14:10:58 2026" }, "message": "Prepare release v2026.1 (#6509)\n\nPreparing the release." }, { "commit": "dfc5ab82cdf83c6b7ae3bc4198822c130df6f2a6", "tree": "dc0622edf4df67367ac90cde7df1d5bc171013b3", "parents": [ "28a45f81ab674ab9ade048a61aa8be5ad1e8b243" ], "author": { "name": "Steve Urquhart", "email": "53908460+SteveUrquhart@users.noreply.github.com", "time": "Thu Jan 22 02:11:33 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 02:11:33 2026" }, "message": "spirv-opt: Also remap DebugScope instructions (#6501)\n\nThe canonicalize-ids pass does not remap DebugScope instructions. This\ncan lead to outputting invalid SPIR-V when DebugScope instructions are\npresent, as the test shader demonstrates. This also seems to fix\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/4018." }, { "commit": "28a45f81ab674ab9ade048a61aa8be5ad1e8b243", "tree": "884413f573375d6790be4077a4c30eee3659b924", "parents": [ "c2cf37e46552dd71f5cfe3f53330853cf081c066" ], "author": { "name": "Piers Daniell", "email": "pdaniell@nvidia.com", "time": "Thu Jan 22 00:14:28 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 00:14:28 2026" }, "message": "Add support for SPV_NV_push_constant_bank (#6507)\n\n" }, { "commit": "c2cf37e46552dd71f5cfe3f53330853cf081c066", "tree": "0c2b8af8f9694fa025d0651868e4b20d648b8f60", "parents": [ "2e570450355c2daaa32015df261c0e4beeab771b" ], "author": { "name": "Chow", "email": "Shaochi.Zhou@amd.com", "time": "Wed Jan 21 22:32:47 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 21 22:32:47 2026" }, "message": "Implement SPV_EXT_descriptor_heap (#6503)\n\nSupport SPV_EXT_descriptor_heap in SPIRV validatoin level.\n\n---------\n\nCo-authored-by: spencer-lunarg \u003cspencer@lunarg.com\u003e\nCo-authored-by: Alan Baker \u003calanbaker@google.com\u003e" }, { "commit": "2e570450355c2daaa32015df261c0e4beeab771b", "tree": "5b037c0590fc0b479049de8b5669f7e40f83d4b7", "parents": [ "0920dc2673554d79e49a8bf068b911ce987bdb60" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Wed Jan 21 20:27:35 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 21 20:27:35 2026" }, "message": "Update SPIRV-Headers deps (#6506)\n\n* Fix tests due to promotion of SPV_NV_shader_subgroup_partitioned to\nSPV_EXT_shader_subgroup_partitioned" }, { "commit": "0920dc2673554d79e49a8bf068b911ce987bdb60", "tree": "6797d645abde9a7982ef2fe8d7f8670debba4972", "parents": [ "4c1ae3cd6f9076271cd64acde8cbef1d1287f27f" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Jan 21 15:05:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 21 15:05:02 2026" }, "message": "roll deps (#6485)\n\n- **Roll external/googletest/ 7d7e75085..5554fcaab (1 commit)**\n- **Roll external/abseil_cpp/ 6d8e1a5cf..17f673bb6 (5 commits)**\n- **Roll external/spirv-headers/ 0a7f626a6..babee7702 (1 commit)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "4c1ae3cd6f9076271cd64acde8cbef1d1287f27f", "tree": "c797174935e673355d297b0b63b797b2797a2925", "parents": [ "8ac4c4f80c5e338c7341152f7f0fa1bd2dc907d3" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Tue Jan 20 16:31:16 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 20 16:31:16 2026" }, "message": "Fix crash in array length validation (#6500)\n\nFixes: https://crbug.com/ossfuzz/476507591\n\n* Don\u0027t get the bitwidth until the type is checked" }, { "commit": "8ac4c4f80c5e338c7341152f7f0fa1bd2dc907d3", "tree": "52e22cb65ed4640addc0b10217dc8699c8ff22a3", "parents": [ "58224f51529f1e1122d2bb70234ca48a2e0351af" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 19 01:24:58 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 19 01:24:58 2026" }, "message": "spirv-val: Combine Image Coordinate checks (#6494)\n\nThis originally came out of\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/905 where we found a\ndriver that crashed passing it 16-bit floats as the coordinate\n\nI tried to combine the logic and went through each type ... I am not\nsure why/if there is a difference between Vulkan/OpenCL with respect to\nallowing Float vs Int (but found 1 that we have active tests for\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/908) ... the other is\n`OpImageRead`/`OpImageWrite`, those were being validated incorrectly\naccording to the spec" }, { "commit": "58224f51529f1e1122d2bb70234ca48a2e0351af", "tree": "f5d1e6f26d62c352512f469d1c7a180aef556024", "parents": [ "660eff0326c9ca446a4bc891e7a34c1c49a56fd5" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 19 01:20:00 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 19 01:20:00 2026" }, "message": "spirv-val: Add missing LOD non-zero MS (#6496)\n\ncloses https://github.com/KhronosGroup/SPIRV-Tools/issues/6482" }, { "commit": "660eff0326c9ca446a4bc891e7a34c1c49a56fd5", "tree": "5b9cbcfd9978007f3244d223a120a2b4839a736c", "parents": [ "c62299ab1792fb8b04da6b3a1189fc3813f445b3" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Thu Jan 15 22:40:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 15 22:40:51 2026" }, "message": "val: add missing relational ops to InvalidTypePass (#6495)\n\n" }, { "commit": "c62299ab1792fb8b04da6b3a1189fc3813f445b3", "tree": "3782504bcd31f7563146b7a995523660a7546458", "parents": [ "a1eace9772ea3b5f727359db14305baeaf16a7d7" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Jan 15 22:21:54 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 15 22:21:54 2026" }, "message": "spirv-val: Fix crash with bad OpUntypedArrayLengthKHR (#6493)\n\nworking on the internal extension (and being new to Untyped Pointers\nstill) I accidentally set the `OpUntypedArrayLengthKHR` Pointer ID to be\n`OpTypeUntypedPointerKHR` and it just crashed in `spirv-val`... so now\nit doesn\u0027t crash and provides hopefully a likely good answer for the\nnext person like me\n\n... the issue is `pointer` and `type` are really easy to mix up...\n`OpTypeUntyped` will always be my favorite thing to explain to those new\nto SPIR-V :smile:" }, { "commit": "a1eace9772ea3b5f727359db14305baeaf16a7d7", "tree": "92108402b2257eeb81151d83912e45fddd86db68", "parents": [ "65b2ace21293057714b7fa1e87bd764d3dcef305" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Wed Jan 14 21:26:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 14 21:26:24 2026" }, "message": "Handle OpTypeVectorIdEXT in validate_interfaces.cpp (#6492)\n\nVectorId can be used in input/output storage classes as long as it has a\nnon-specconstant component count. Handle the type and add a couple\ntests." }, { "commit": "65b2ace21293057714b7fa1e87bd764d3dcef305", "tree": "f64f67488028e1cebdcb4905165be984d610eb3c", "parents": [ "074db614c6d854ad5c3322739a9b4375d293b606" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 12 16:14:10 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 12 16:14:10 2026" }, "message": "spirv-val: Add width to IsFloatScalarType (#6489)\n\nMakes `IsFloatScalarType` like `IsIntScalarType` where you can pass in\nthe width" }, { "commit": "074db614c6d854ad5c3322739a9b4375d293b606", "tree": "069078d3aae7d44120f7a47d947107728545a9bd", "parents": [ "539a11dff0ef8d8fbc4fe4c85a4cc4765b543859" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Jan 12 16:12:47 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 12 16:12:47 2026" }, "message": "spirv-val: Label VUID 10823 (#6488)\n\nAdds the `VUID-StandaloneSpirv-OpTypeFloat-10823` VUID label" }, { "commit": "539a11dff0ef8d8fbc4fe4c85a4cc4765b543859", "tree": "996bf8b17ac759af1362ee90fcaada19dab5fdcb", "parents": [ "149ec1650ca471b0daba279959c13a472e010a77" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Jan 09 19:45:13 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 19:45:13 2026" }, "message": "spirv-val: Validate ImageQuerySizeLod is 32-bit (#6479)\n\nsimilar to https://github.com/KhronosGroup/SPIRV-Tools/pull/6477 but\nthis one was used the Kernel code in the tests so could separate it as a\nnew PR" }, { "commit": "149ec1650ca471b0daba279959c13a472e010a77", "tree": "cb435c366feb98e68d0f575811333835f3d7268f", "parents": [ "31a9403f7a96336545467fc7949fe4a67678179f" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Jan 09 19:44:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 19:44:50 2026" }, "message": "spirv-val: Use validation_state.cpp helpers (#6478)\n\ntwo spots found not using the helpers" }, { "commit": "31a9403f7a96336545467fc7949fe4a67678179f", "tree": "44da34aae75bc577a48e1e8674f4e4f243a7be73", "parents": [ "6a1c3fe937dc7334a6703dafae6dae8d38408c07" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Jan 08 20:07:22 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 08 20:07:22 2026" }, "message": "Validate floats/int Image Operands are 32-bit (#6477)\n\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6476 showed we are\nmissing validation around checking various Image Operands are 32-bit or\nnot\n\nWent through the list and added checks/tests for them\n\nAdded a final commit to cleanup and use the `IsIntScalarType` correctly\neverywhere" }, { "commit": "6a1c3fe937dc7334a6703dafae6dae8d38408c07", "tree": "ff7fe4eb9db705e07e95925fb9d4daab2e8fba8d", "parents": [ "b7b1ef1b633cbba97d78acfd83561ca0576453fa" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Wed Jan 07 18:49:21 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 07 18:49:21 2026" }, "message": "Enable UseMultiToolTask for msbuild performance (#6472)\n\nBuild time on my 32-core system.\n\n```\nbefore:\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d Rebuild started at 4:58 PM and took 03:26.384 minutes \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nafter:\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d Rebuild started at 5:08 PM and took 01:33.794 minutes \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n```" }, { "commit": "b7b1ef1b633cbba97d78acfd83561ca0576453fa", "tree": "321ed6436bde62a5e99e475ab65357991afd208a", "parents": [ "5f4b62de998d161ee01e6f7706da2d855f8fcdc8" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Jan 07 17:53:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 07 17:53:01 2026" }, "message": "roll deps (#6484)\n\n- **Roll external/googletest/ 9156d4caa..7d7e75085 (2 commits)**\n- **Roll external/abseil_cpp/ 7599e36e7..6d8e1a5cf (6 commits)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" } ], "next": "5f4b62de998d161ee01e6f7706da2d855f8fcdc8" }