)]}' { "log": [ { "commit": "96545708d0fb060ec6d1e67e85de593bcf24dd21", "tree": "ab8094a959c50201c1f3e4a8a7ea52841cabedfa", "parents": [ "252d7d584c1ed8c069623c5a1b0dd994d0b363f4" ], "author": { "name": "Ignacio Castaño", "email": "castano@gmail.com", "time": "Tue Jun 02 19:13:06 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jun 02 19:13:06 2026" }, "message": "spirv-opt: Avoid duplicate decorations on unrolled loops. (#6690)\n\nFixes issue: https://github.com/KhronosGroup/SPIRV-Tools/issues/6689\n\nAlso adds a test to reproduce and validate the result.\n\n*This PR is sponsored by [Ludicon](https://ludicon.com)*" }, { "commit": "252d7d584c1ed8c069623c5a1b0dd994d0b363f4", "tree": "73bc71d3694867dd36ee092149c27af6a4b2d1df", "parents": [ "605a0154c7743ed4239c0eb7f3c61f17ffde4fd0" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Tue Jun 02 17:33:04 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jun 02 17:33:04 2026" }, "message": "optimizer: avoid writing instructions that have too many words (#6722)\n\nIf an instruction has too many words, in violation of the SPIR-V spec,\nthen when converting to a binary:\n- in a debug build, assert out\n- in a release build, write a nonsense instruction that has a word count\nof 0.\n\ncrbug.com/513916669" }, { "commit": "605a0154c7743ed4239c0eb7f3c61f17ffde4fd0", "tree": "a095360676e59f374407b77c22d7c5d18e941dc4", "parents": [ "b38c4f83024546d4000b2db8e2294cf81b7f26e0" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Tue Jun 02 14:41:13 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jun 02 14:41:13 2026" }, "message": "spirv-opt: fix handling of replicated TensorARM constants (#6721)\n\nType::NumberOfComponents() does not support TensorARM types and cannot\neasily because a TensorARM only stores the ID of the shape definition\ninstruction and Type does not have access to the IR context.\n\nThis change adds a special case for TensorARM to calculate the number of\ncomponents in the ConstantManager code directly.\n\nAlso add tests for all these cases as well as tensor types whose shape\nis defined with a replicated composite.\n\nCo-authored-by: Davide Grohmann \u003cdavide.grohmann@arm.com\u003e\nCo-authored-by: Kevin Petit \u003ckevin.petit@arm.com\u003e\n\nSigned-off-by: Davide Grohmann \u003cdavide.grohmann@arm.com\u003e\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e\nCo-authored-by: Davide Grohmann \u003cdavide.grohmann@arm.com\u003e" }, { "commit": "b38c4f83024546d4000b2db8e2294cf81b7f26e0", "tree": "84b385bd968c622f3cb3c092ea400a3216205323", "parents": [ "39813baec458ada43263749757b15fbfbd6be107" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Mon Jun 01 13:15:03 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 01 13:15:03 2026" }, "message": "Add ArmExperimentalMLOperations instruction set (#6692)" }, { "commit": "39813baec458ada43263749757b15fbfbd6be107", "tree": "71313dcf557e789209f12127e71bc86b320ec9f9", "parents": [ "af15c1bd0e5ec2c3da9e6439bc262cd73c0d79f4" ], "author": { "name": "Song Li", "email": "sl5807@columbia.edu", "time": "Sun May 31 22:41:14 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 31 22:41:14 2026" }, "message": "fix: skip ParseInstruction for retried-as-unknown instructions (#6675)\n\n## Summary\n\nFixes #6664.\n\n`spvBinaryToText` with `FRIENDLY_NAMES` + `HANDLE_UNKNOWN_OPCODES` reads\npast the instruction buffer at `name_mapper.cpp:268` when the module\ncontains a malformed known instruction (e.g. `OpTypePointer` with\ndeclared word count 3 and an invalid `StorageClass` enum 42). The\n`HANDLE_UNKNOWN_OPCODES` retry path (`emitAsUnknown`) bypasses the\nparser\u0027s mandatory-operand completeness check and dispatches the\ninstruction to `FriendlyNameMapper::ParseInstruction` with\n`inst.num_operands \u003d\u003d 0`, but the opcode switch arms unconditionally\nindex `inst.words[N]`.\n\n## Root cause\n\nWhen `parseOperand` fails on an invalid enum and\n`HANDLE_UNKNOWN_OPCODES` is set, `parseInstruction` retries via\n`emitAsUnknown()` (binary.cpp ~409-412). `emitAsUnknown` repopulates raw\nwords but clears the operand array and sets `inst.num_operands \u003d 0`\n(binary.cpp ~367-371) before invoking the callback.\n`FriendlyNameMapper::ParseInstruction` then enters its opcode switch\nwith a known opcode but no decoded operands, and direct `inst.words[N]`\nreads go out of bounds.\n\nThis affects not just `OpTypePointer` but all opcode arms that do direct\nword indexing: `OpTypeInt`, `OpTypeFloat`, `OpTypeVector`,\n`OpTypeMatrix`, `OpTypeArray`, `OpDecorate`, `OpTypeRuntimeArray`,\n`OpTypeNodePayloadArrayAMDX`, `OpTypeUntypedPointerKHR`, `OpTypePipe`,\netc.\n\n## Fix\n\nGuard `ParseInstruction` to return early when `inst.num_operands \u003d\u003d 0`:\n\n```cpp\nif (inst.num_operands \u003d\u003d 0) return SPV_SUCCESS;\n```\n\n`num_operands \u003d\u003d 0` is the parser\u0027s marker for instructions emitted via\nthe retry-as-unknown path. These instructions have no decoded operand\nmetadata and their raw word arrays may be truncated, so the mapper has\nnothing useful to extract from them. The early return lets the mapper\u0027s\ninternal parse continue past the instruction, so friendly names are\nstill collected from subsequent valid instructions.\n\nThis is a single central guard that covers all current and future opcode\narms, rather than per-case bounds checks scattered across the switch.\n\n## Previous iterations\n\nv1 added per-case `inst.num_words` bounds checks in the `OpTypePointer`\narm of `ParseInstruction`:\n\n```diff\n// source/name_mapper.cpp — v1\n case spv::Op::OpTypePointer: {\n- const auto storage_class \u003d spv::StorageClass(inst.words[2]);\n+ const auto storage_class \u003d inst.num_words \u003e 2\n+ ? spv::StorageClass(inst.words[2]) : spv::StorageClass::Max;\n ...\n- SaveName(result_id, ...);\n+ if (inst.num_words \u003e 3) SaveName(result_id, ...);\n+ else SaveName(result_id, \"unknown_pointer\");\n }\n```\n\nAs @alan-baker pointed out, this fixed one type but left ~12 other cases\nexposed through the same `emitAsUnknown` path.\n\nv2 masked `HANDLE_UNKNOWN_OPCODES` from the `FriendlyNameMapper`\nconstruction in `disassemble.cpp`:\n\n```diff\n// source/disassemble.cpp — v2\n if (options \u0026 SPV_BINARY_TO_TEXT_OPTION_FRIENDLY_NAMES) {\n+ const uint32_t mapper_options \u003d\n+ options \u0026 ~SPV_BINARY_TO_TEXT_OPTION_HANDLE_UNKNOWN_OPCODES;\n friendly_mapper \u003d MakeUnique\u003cFriendlyNameMapper\u003e(\n- context, code, wordCount, options);\n+ context, code, wordCount, mapper_options);\n }\n```\n\nThis covered all cases centrally but introduced a regression: the\nmapper\u0027s pre-parse could no longer continue past legitimate unknown\nopcodes, so IDs declared after an unknown instruction lost their\nfriendly names (fell back to `%6`, `%7` instead of `%uint`, `%v2uint`).\n\nThe current fix uses the parser\u0027s own invariant (`emitAsUnknown` sets\n`num_operands \u003d 0`) to skip only the dangerous instructions while\nkeeping `HANDLE_UNKNOWN_OPCODES` active for the mapper\u0027s pre-parse. This\ncovers all cases like v2, but without the friendly-name regression.\n\n## Regression risk\n\nThe fix does not mask any disassembler options and does not change the\nmapper\u0027s pre-parse behavior for legitimate unknown opcodes.\n`HANDLE_UNKNOWN_OPCODES` remains active in the mapper\u0027s\n`spvBinaryParseWithOptions` call, so when the binary contains a genuine\nunknown opcode (e.g. a future extension), the parser retries it as\nunknown, `ParseInstruction` skips it (since `num_operands \u003d\u003d 0`), and\nparsing continues normally. Friendly names for IDs declared after the\nunknown opcode are preserved.\n\nTested by injecting unknown opcode 65000 between valid type definitions\nand verifying output:\n\n```\nOpUnknown(65000, 1)\n%void \u003d OpTypeVoid\n%uint \u003d OpTypeInt 32 0\n%v2uint \u003d OpTypeVector %uint 2\n```\n\nAll friendly names (`%void`, `%uint`, `%v2uint`) are present after the\nunknown instruction, identical to the unpatched baseline.\n\n## Verification\n\nTested with ASan-instrumented build (`-fsanitize\u003daddress`,\n`detect_leaks\u003d1`):\n- Before: `ERROR: AddressSanitizer: heap-buffer-overflow` at\n`name_mapper.cpp:268:47` in `FriendlyNameMapper::ParseInstruction`\n- After: no heap-buffer-overflow. Malformed instruction emitted as\n`OpUnknown(32, 3)` by the main disassembly path\n\nValgrind memcheck on post-patch binary: `ERROR SUMMARY: 0 errors`, all\nheap blocks freed.\n\nPost-patch process exits non-zero due to a pre-existing LeakSanitizer\nreport (74 bytes in `spvDiagnosticCreate`). This leak exists before and\nafter the patch and is unrelated to the OOB fix.\n\nValid SPIR-V sample disassembly: identical output pre/post patch." }, { "commit": "af15c1bd0e5ec2c3da9e6439bc262cd73c0d79f4", "tree": "bdea786de409a7266759b4fc4e01a32159c7e942", "parents": [ "5b418e58bd952be2bb13ec613359da64f1ed04ba" ], "author": { "name": "Song Li", "email": "songtli@outlook.com", "time": "Sat May 30 23:34:41 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat May 30 23:34:41 2026" }, "message": "fix: SEGV in OrderBlocks via empty CFG when OpFunctionEnd has no preceding OpLabel (#6676)\n\n## Summary\n\nFixes #6663.\n\n`spvBinaryToText` with `REORDER_BLOCKS` or `NESTED_INDENT` crashes\n(SEGV, write to address `0x50`) at `source/disassemble.cpp:416` when the\ninput contains `OpFunctionEnd` with no preceding `OpLabel`. In deferred\nCFG mode, `Disassembler::HandleInstruction` unconditionally calls\n`EmitCFG()` on `OpFunctionEnd`, which forwards an empty\n`current_function_cfg_.blocks` to `OrderBlocks`. `OrderBlocks` then\nwrites to `cfg.blocks[0].nest_level` on an empty vector, hitting a\nNULL-region address.\n\n## Root cause\n\nIn deferred CFG mode (`nested_indent_ || reorder_blocks_`),\n`HandleInstruction` only accumulates blocks after seeing `OpLabel`. The\nPoC has `OpFunctionEnd` (opcode 56) without any prior `OpLabel`, so\n`current_function_cfg_.blocks` stays empty.\n\nI added some fprintf probes to trace the state transition and got:\n1. `HandleInstruction` entered with `opcode\u003d56` (OpFunctionEnd),\n`blocks\u003d0`\n2. `OpFunctionEnd` path called `EmitCFG` with `blocks\u003d0`\n3. `EmitCFG` entered with `blocks\u003d0`\n4. `BuildControlFlowGraph` entered/exited with `blocks\u003d0` and\n`id_to_index\u003d0`\n5. `OrderBlocks` consumed empty `cfg.blocks` and ASan SEGV fired\n\nASan points to `disassemble.cpp:416:28` in `OrderBlocks`, SEGV write to\naddress `0x50`.\n\nSo the actual problem is on the producer side: `HandleInstruction`\u0027s\n`OpFunctionEnd` case just forwards the empty CFG into `EmitCFG` without\nchecking. `OrderBlocks` is only consuming the bad state.\n\n## Fix\n\nAdded a guard in `HandleInstruction`\u0027s `OpFunctionEnd` case\n(`source/disassemble.cpp`): only call `EmitCFG()` when\n`!current_function_cfg_.blocks.empty()`. `OpFunctionEnd` still gets\nemitted through the existing `[[fallthrough]]` to the `default` path.\n\n## Why this approach\n\nI looked at three places to put the fix:\n- **Guard in `OrderBlocks`** (crash site): this just masks the symptom.\nIt would return an empty ordering on invalid state and could silently\nhide bugs in the future. Didn\u0027t go with this.\n- **Guard in `EmitCFG` entry**: would work, but it\u0027s one layer below\nwhere the problem actually starts.\n- **Guard at `HandleInstruction` `OpFunctionEnd`** (went with this):\nthis is where the empty CFG first gets forwarded. It\u0027s consistent with\nhow the deferred-mode contract already works, where non-block\ninstructions get emitted directly via the `default` path. No new error\nhandling needed since `OpFunctionEnd` still goes through\n`[[fallthrough]]`.\n\n## Verification\n\nTested with ASan-instrumented build (`-fsanitize\u003daddress`,\n`detect_leaks\u003d0`):\n- **Before**: `SUMMARY: AddressSanitizer: SEGV\n/src/spirv-tools/source/disassemble.cpp:416:28 in OrderBlocks` (both\n`--reorder-blocks` and `--nested-indent`, exit\u003d1)\n- **After**: no SEGV, both modes exit cleanly (exit\u003d0)\n\nControl path (no CFG options) produces valid disassembly output pre- and\npost-patch (exit\u003d0).\n\n---------\n\nCo-authored-by: SongTonyLi \u003csongtonyli@users.noreply.github.com\u003e" }, { "commit": "5b418e58bd952be2bb13ec613359da64f1ed04ba", "tree": "a4c0dd379760171c0932ee1a737f8e05b3fa72c9", "parents": [ "7fa421b3cb2db75c9c8a241fe674f467dd4d240b" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Fri May 29 23:23:06 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 23:23:06 2026" }, "message": "spirv-opt: fix handling of non-semantic instructions that succeed graphs (#6719)\n\nThey were moved to before graphs in modules with no functions which\nbroke round-trippability with no changes and also introduced illegal\nforward references.\n\nThe changes in ir_loader.cpp are mostly if/else nesting changes to\nreduce the number of nesting levels, improve readability and keep the\nlogic to handle non semantic instructions in one place.\n\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e" }, { "commit": "7fa421b3cb2db75c9c8a241fe674f467dd4d240b", "tree": "6342040c2a6bf980ec1f7ef6c252b7305a0ebbab", "parents": [ "ffc5ea44c47d7ac363b0824fb3d6fba7a9523d30" ], "author": { "name": "ZZKQcom", "email": "zhikzhen@qti.qualcomm.com", "time": "Fri May 29 13:43:56 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 13:43:56 2026" }, "message": "spirv-val: Add remaining VUID check and unit tests for VK_QCOM_tile_s… (#6660)\n\n# VUID check\n- `VUID-StandaloneSpirv-TileImageEXT-08723`\n- `VUID-StandaloneSpirv-TileAttachmentQCOM-10689`\n- `VUID-TileApronSizeQCOM-TileApronSizeQCOM-10632`\n- `VUID-TileApronSizeQCOM-TileApronSizeQCOM-10633`\n- `VUID-TileApronSizeQCOM-TileApronSizeQCOM-10634`\n- `VUID-TileOffsetQCOM-TileOffsetQCOM-10626`\n- `VUID-TileOffsetQCOM-TileOffsetQCOM-10627`\n- `VUID-TileOffsetQCOM-TileOffsetQCOM-10628`\n- `VUID-TileDimensionQCOM-TileDimensionQCOM-10629`\n- `VUID-TileDimensionQCOM-TileDimensionQCOM-10630`\n- `VUID-TileDimensionQCOM-TileDimensionQCOM-10631`\n- `VUID-WorkgroupSize-TileShadingRateQCOM-10635`\n\n# Unit tests\n`VUID-08723`\n`VUID-10633`\n`VUID-10634`\n`VUID-10627`\n`VUID-10628`\n`VUID-10630`\n`VUID-10631`\n\n# VUID check failed to reach, blocked by other VUID check\n`VUID-10689`\n`VUID-10632`\n`VUID-10626`\n`VUID-10629`\n`VUID-10635`" }, { "commit": "ffc5ea44c47d7ac363b0824fb3d6fba7a9523d30", "tree": "501152a5922534d38bd3034856593bcabca5fa5a", "parents": [ "d344926654a5bcf837479e9a7417b58a3ea19c74" ], "author": { "name": "V-Sarthou", "email": "valentin.sarthou@gmail.com", "time": "Fri May 29 13:15:59 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 13:15:59 2026" }, "message": "enum_set: Bucket operator\u003d\u003d() link errors with Visual Studio 15 2017 (#6687)\n\nWith Visual Studio 2017, I\u0027m getting these link errors:\n```\nSPIRV-Tools-opt.lib(feature_manager.obj) : error LNK2019: unresolved external symbol \"bool __cdecl operator\u003d\u003d(struct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026)\" (??8@YA_NAEBUBucket@?$EnumSet@W4Extension@spvtools@@@spvtools@@0@Z) referenced in function \"public: bool __cdecl std::equal_to\u003cvoid\u003e::operator()\u003cstruct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026\u003e(struct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spvtools::Extension\u003e::Bucket const \u0026)const \" (??$?RAEBUBucket@?$EnumSet@W4Extension@spvtools@@@spvtools@@AEBU012@@?$equal_to@X@std@@QEBA_NAEBUBucket@?$EnumSet@W4Extension@spvtools@@@spvtools@@0@Z)\nSPIRV-Tools-opt.lib(feature_manager.obj) : error LNK2019: unresolved external symbol \"bool __cdecl operator\u003d\u003d(struct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026)\" (??8@YA_NAEBUBucket@?$EnumSet@W4Capability@spv@@@spvtools@@0@Z) referenced in function \"public: bool __cdecl std::equal_to\u003cvoid\u003e::operator()\u003cstruct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026\u003e(struct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026,struct spvtools::EnumSet\u003cenum spv::Capability\u003e::Bucket const \u0026)const \" (??$?RAEBUBucket@?$EnumSet@W4Capability@spv@@@spvtools@@AEBU012@@?$equal_to@X@std@@QEBA_NAEBUBucket@?$EnumSet@W4Capability@spv@@@spvtools@@0@Z)\n```\nIt looks like a compiler issue because these errors are not raised using\nmore recent versions of Visual Studio.\nNonetheless, changing the operator\u003d\u003d() from a friend function to a\nmember method fixes the issue, which is what this patch does." }, { "commit": "d344926654a5bcf837479e9a7417b58a3ea19c74", "tree": "f7891805105ff9a2eec7a01acc856b14b485b353", "parents": [ "d8cc2f82f8a1984e2ae7c24e133ac3847a88df56" ], "author": { "name": "changhwipark-arm", "email": "chang-hwi.park@arm.com", "time": "Thu May 28 20:02:32 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 28 20:02:32 2026" }, "message": "spirv-val: Check for image declaration with TileImageEXT storage class (#6662)\n\nAddressing a missing check mentioned [here and\ncloses](https://github.com/KhronosGroup/SPIRV-Tools/issues/6593).\n\u003e The TileImageEXT Storage Class must only be used for declaring tile\nimage variables" }, { "commit": "d8cc2f82f8a1984e2ae7c24e133ac3847a88df56", "tree": "fd7ab2c4203903f330187f7ee8e13ddbed73b128", "parents": [ "b3d6ad90f5154b61764cddec32450640ec7d1f92" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Thu May 28 18:48:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 28 18:48:01 2026" }, "message": "spirv-opt: add support for tensor constants (#6684)\n\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e" }, { "commit": "b3d6ad90f5154b61764cddec32450640ec7d1f92", "tree": "e03aea70990249c2866c258066cd8ba23046b6ad", "parents": [ "5b52551d80abd9c513b5e76bffee576ea5df6b8c" ], "author": { "name": "Ben Ashbaugh", "email": "ben.ashbaugh@intel.com", "time": "Wed May 27 20:48:11 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 27 20:48:11 2026" }, "message": "update validator for SPV_INTEL_rounded_divide_sqrt (#6717)\n\nThe SPV_INTEL_rounded_divide_sqrt extension allows an FPRoundingMode\ndecoration on divide and square root instructions. This PR updates the\nvalidator so SPIR-V modules using this extension are not considered\ninvalid.\n\n---------\n\nSigned-off-by: Ben Ashbaugh \u003cben.ashbaugh@intel.com\u003e" }, { "commit": "5b52551d80abd9c513b5e76bffee576ea5df6b8c", "tree": "6ccf70650a0ec41bb890ce9354ddf0c6780412c7", "parents": [ "6cb64651ccd4ee8a1002b1f31fa7fc85acb31253" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 27 20:40:14 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 27 20:40:14 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 2 updates (#6715)\n\nBumps the github-actions group with 2 updates in the / directory:\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `lukka/get-cmake` from 4.3.2 to 4.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.3.3\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.3.3\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/591817e96fcad43505fb4eae36172462abb3a42e\"\u003e\u003ccode\u003e591817e\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/f7930c8b220c781c656b68f5a370361d0fb3c9ac\"\u003e\u003ccode\u003ef7930c8\u003c/code\u003e\u003c/a\u003e\nfix: upgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5 to remove url.parse()\ndeprecation warning\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/7bfc9baacbbdcb5e37957ad05c3546b3e222be3c...591817e96fcad43505fb4eae36172462abb3a42e\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.3 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle\nversion to 2.19.4. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action\nare generated to avoid duplication across bundles and reduce the size of\nthe repository by around 70%. This should have no effect on the runtime\nbehaviour of the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e will now only be enabled on a pull request when\ndiff-informed analysis is also enabled for that run. If diff-informed\nanalysis is unavailable (for example, because the PR diff ranges could\nnot be computed), the action will fall back to a full analysis. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal\n\u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will\nbe enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for\nGitHub-internal use only, and may change without notice at any time. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning\nanalysis for a PR with \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have\na cached overlay-base database for the configured languages. This speeds\nup analysis for a repository when there is not yet a cached overlay-base\ndatabase for the latest CLI version. We expect to roll this change out\nto everyone in May. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle\nversion to 2.19.4. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action\nare generated to avoid duplication across bundles and reduce the size of\nthe repository by around 70%. This should have no effect on the runtime\nbehaviour of the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e will now only be enabled on a pull request when\ndiff-informed analysis is also enabled for that run. If diff-informed\nanalysis is unavailable (for example, because the PR diff ranges could\nnot be computed), the action will fall back to a full analysis. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal\n\u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will\nbe enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for\nGitHub-internal use only, and may change without notice at any time. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning\nanalysis for a PR with \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have\na cached overlay-base database for the configured languages. This speeds\nup analysis for a repository when there is not yet a cached overlay-base\ndatabase for the latest CLI version. We expect to roll this change out\nto everyone in May. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for\ncustomers using CodeQL version 2.19.3 and earlier. These versions of\nCodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise\nServer 3.15, and will be unsupported by the next minor release of the\nCodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP\nOIDC are now accepted. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use\n\u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better\ncompatibility with various registry implementations. For NuGet feeds,\nthe test is now always performed against the service index. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same\nmillisecond could overwrite each other on disk, causing one of them to\nbe lost. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled\nusing the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment\nvariable is deprecated and will be removed in May 2026. If you are\naffected by this, we recommend disabling TRAP caching by passing the\n\u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis\nnow only applies to repositories that contain submodules. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library,\nrelying instead on models of the standard library. This should result in\nsignificantly faster extraction and analysis times, while the effect on\nalerts should be minimal. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private\nregistries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e\nfrom github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e\nfrom github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e\nUpdate excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e\nfrom github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e\nCI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e\nRevert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "6cb64651ccd4ee8a1002b1f31fa7fc85acb31253", "tree": "de6ee3859bc41f5d6b2cad10547386e24b23bd77", "parents": [ "236bf64c0853d024b5739b16e1da294e3e672067" ], "author": { "name": "Guang-035", "email": "xuguang035@gmail.com", "time": "Wed May 27 03:02:11 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 27 03:02:11 2026" }, "message": "spirv-val: Allow ArrayStrideIdEXT on structs with descriptors (#6705)\n\nPer `SPV_EXT_descriptor_heap`, `ArrayStrideIdEXT` must be allowed on\narrays containing descriptor types. This includes composites that\ncontain descriptors, not only arrays whose element type is directly a\ndescriptor.\n\n**Root Cause**:\nThe validator only checked whether the array element type itself was a\ndescriptor type.\nFor\n[RuntimeArray\u003cMaterial\u003e](https://github.com/KhronosGroup/glslang/pull/4272/changes#diff-3142250076641bab8379f6637d480636190a14c9f31e0f7915cb4e76fc1d840e),\nthe direct element type is `OpTypeStruct`, so validation rejected it\neven though `Material` contains `OpTypeBufferEXT`.\n\n**Solution**:\nRecursively inspect the array element type when validating\n`ArrayStrideIdEXT`, so structs and other composites containing\ndescriptor types are accepted.\n\n**Test**:\nAdded a validator regression test covering a runtime array of a struct\ncontaining `OpTypeBufferEXT`.\n\nCo-authored-by: guangxu2 \u003cguangxu2@amd.com\u003e" }, { "commit": "236bf64c0853d024b5739b16e1da294e3e672067", "tree": "37c8eeadf3292ac5976681b33d2ef8e24b8e3200", "parents": [ "bf3ad6e795df95455c206452ce78a6c0277a5dd3" ], "author": { "name": "Dmitry Sidorov", "email": "dmitrii.s.sidorov@gmail.com", "time": "Tue May 26 20:48:34 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 26 20:48:34 2026" }, "message": "Allow OpPoisonKHR as a constituent (#6713)\n\nSpec change:\nhttps://github.com/KhronosGroup/SPIRV-Registry/pull/417" }, { "commit": "bf3ad6e795df95455c206452ce78a6c0277a5dd3", "tree": "be590dc849b4582aa16d79709896b309e390fa3f", "parents": [ "2e40a1133e73686d84c39482346a713bfd7234f9" ], "author": { "name": "Ricardo Garcia", "email": "47594367+rg3igalia@users.noreply.github.com", "time": "Thu May 21 18:55:33 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 18:55:33 2026" }, "message": "spirv-val: Make it legal to use OpInBoundsAccessChain with ray queries (#6710)\n\nWe had allowed OpAccessChain in the past but missed the\nOpInBoundsAccessChain case.\n\nThis will be needed for some upcoming CTS tests." }, { "commit": "2e40a1133e73686d84c39482346a713bfd7234f9", "tree": "76bc32b96a378a31b14227a9d66a39451345d27c", "parents": [ "c2bafae51eb16d0c71cc08e296690f4002ca7307" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu May 21 13:18:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 13:18:57 2026" }, "message": "spirv-val: Fix OffsetIdEXT not checking if in struct (#6708)\n\nPulled the `OffsetIdEXT` part out of\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/6701 until I resolve\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/937\n\nThis is mainly because people are bringing up `SPV_EXT_descriptor_heap`\nin dxc/slang and want to not have this waste time hitting the \"driver\nbug\" which is actually [not a driver\nbug](https://gitlab.khronos.org/Tracker/vk-gl-cts/-/issues/6505)" }, { "commit": "c2bafae51eb16d0c71cc08e296690f4002ca7307", "tree": "45f5736e0e253725fb0b31da9c4a5508ac1de6e0", "parents": [ "21c81e0a649fdfc14f35a3eb243e42adff9e40bf" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Thu May 21 13:16:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 13:16:19 2026" }, "message": "Treat version and operand_kinds as optional in generate_language_headers (#6706)\n\nGrammars such as NonSemantic.Graph.DebugInfo omit operand_kinds and\nversion. Match SPIRV-Headers optional-field handling so GN header\ngeneration succeeds.\n\nThis should fix the CI error I\u0027m seeing here:\nhttps://github.com/KhronosGroup/glslang/pull/4275\n```\npython3 ../../External/spirv-tools/utils/generate_language_headers.py --extinst-grammar ../../External/spirv-tools/external/spirv-headers/include/spirv/unified1/extinst.nonsemantic.graph.debuginfo.grammar.json --extinst-output-path gen/External/spirv-tools/NonSemanticGraphDebugInfo.h\nTraceback (most recent call last):\n File \"/tmpfs/src/github/glslang/out/Default-hlsl-false/../../External/spirv-tools/utils/generate_language_headers.py\", line 185, in \n main()\n File \"/tmpfs/src/github/glslang/out/Default-hlsl-false/../../External/spirv-tools/utils/generate_language_headers.py\", line 176, in main\n operand_kinds \u003d grammar_json[\u0027operand_kinds\u0027],\n ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^\nKeyError: \u0027operand_kinds\u0027\n```\n\nThis change was mostly debugged/written using Cursor." }, { "commit": "21c81e0a649fdfc14f35a3eb243e42adff9e40bf", "tree": "8762fd619a0d356cef7df3c8367d1c389ac6608b", "parents": [ "5418da0861732e64024033f479161de99ff648da" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Wed May 20 19:01:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 19:01:43 2026" }, "message": "val: Detect additional unsupported arithmetic ops in invalid_type_pass (#6707)\n\n@0cc4m reported OpMatrixTimesScalar with bf16 coopmat slipping through\nthe cracks. I asked codex to fill any remaining gaps in the arithmetic\ninstructions." }, { "commit": "5418da0861732e64024033f479161de99ff648da", "tree": "7dc68d447dc4f5cf6bc6feda2e0be523ba24746b", "parents": [ "2acb87f86d6906847d5f4c0c805c54604abb1b01" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue May 19 13:17:14 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 13:17:14 2026" }, "message": "spirv-val: Remove std::move of DiagnosticStream (#6704)\n\nJust the nit fixes I found in\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/6702\n\nBasically calling\n\n```c++\nDiagnosticStream ds \u003d std::move(...);\nreturn ds;\n```\n\ndoesn\u0027t an implicit clear and would not print the ShaderDebugInfo out\nand it was very subtle and annoying to debug, so rather just upstream\nthis small fix first" }, { "commit": "2acb87f86d6906847d5f4c0c805c54604abb1b01", "tree": "5a9a852cb009f23abcd686de4eebf7f48937d5cc", "parents": [ "3c042c509786feb4c7aa7164f2c7c224d386ebfc" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sun May 17 18:31:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 17 18:31:15 2026" }, "message": "spirv-val: Add DebugInfo to ReturnValue/FunctionParameter (#6698)\n\nPart of https://github.com/KhronosGroup/SPIRV-Tools/issues/6617\n\nFor things like `OpReturnValue` and `OpFunctionParameter` it is valuable\nto print both the line it occured and the function definition as its\nrelated\n\n```\n --\u003e a.comp:4:0\n |\n4 | return 4;\n |\n --\u003e a.comp:3:0\n |\n3 | uint foo() {\n |\n```" }, { "commit": "3c042c509786feb4c7aa7164f2c7c224d386ebfc", "tree": "f290ca86a22fd29ff8cb4b9cf3ee26fcc9c316de", "parents": [ "6aa5c1df74d682618e857f55203d786d656251d6" ], "author": { "name": "Dmitry Sidorov", "email": "dsidorov@amd.com", "time": "Sun May 17 18:28:59 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 17 18:28:59 2026" }, "message": "Allow OpPoisonKHR definition on the top of the module (#6699)\n\nCurrently it\u0027s not allowed by the spec, but it\u0027s arguably a\nspecification bug." }, { "commit": "6aa5c1df74d682618e857f55203d786d656251d6", "tree": "eb9b2f0801e3738efafea7e3fb1ae17f8fc74964", "parents": [ "2d7060be5d8e529ce74e07cba03e13887c9126aa" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Fri May 15 20:25:52 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 15 20:25:52 2026" }, "message": "Add validation for Vulkan standalone env rules for SPV_ARM_graph (#6694)\n\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e" }, { "commit": "2d7060be5d8e529ce74e07cba03e13887c9126aa", "tree": "57f55ba61b3a7b830619a20ff7034f87d2973ecd", "parents": [ "8b5f796733ba5385832a13757d0c67cba601a0a5" ], "author": { "name": "Jeff Bolz", "email": "jbolz@nvidia.com", "time": "Fri May 15 20:21:31 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 15 20:21:31 2026" }, "message": "Validate SPV_NV_cooperative_matrix_decode_vector (#6693)" }, { "commit": "8b5f796733ba5385832a13757d0c67cba601a0a5", "tree": "113e22058a8e24acbcc52821da856874fcfe4cf0", "parents": [ "860c90a8bbd9b4233daadb3667d81f69d20f7541" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri May 15 20:09:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 15 20:09:39 2026" }, "message": "spirv-val: Add ShaderDebugInfo EntryPoint (#6691)\n\nPart of #6617 \n\n- Add proper `DebugNoLine` support\n- For things that point to the Entry point functions, print the\nfunctions out\n\n```\nerror: 6: Local Size execution mode must not have a product of zero (X \u003d 0, Y \u003d 1, Z \u003d 1).\n OpExecutionMode %2 LocalSize 0 1 1\n\n --\u003e a.comp:3:0\n |\n3 | void main() {\n |\n\nerror: 5: [VUID-StandaloneSpirv-None-04633] OpEntryPoint Entry Point \u003cid\u003e \u00272[%2]\u0027s function return type is not void.\n OpEntryPoint GLCompute %2 \"main\"\n\n --\u003e a.comp:3:0\n |\n3 | void main() {\n |\n```" }, { "commit": "860c90a8bbd9b4233daadb3667d81f69d20f7541", "tree": "3888fef46df488a6785f31519dc78efb40afa3b0", "parents": [ "83876d92207829cc16f1c93d7354ee376d9c8241" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu May 14 19:59:42 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 14 19:59:42 2026" }, "message": "build: Fix Build.gn with Graph.DebugInfo (#6688)\n\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/6666#issuecomment-4453463445\nis breaking the `build.gn` for VVL... I just grabbed the commit before,\nso VVL is good\n\nI tried to copy-and-paste a fix, zero idea how to actually test it, but\nseems like it should work for someone who knows GN better" }, { "commit": "83876d92207829cc16f1c93d7354ee376d9c8241", "tree": "18b269a70162a4c1b2009d4157dbb0b36ffaebec", "parents": [ "18b08af19b08515d5a1749adbdb05bc4369a57ed" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Wed May 13 19:35:00 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 13 19:35:00 2026" }, "message": "Add NonSemantic.Graph.DebugInfo instruction set (#6666)\n\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e" }, { "commit": "18b08af19b08515d5a1749adbdb05bc4369a57ed", "tree": "68f037875a9fcc5a269334a282f1e6954d51d8b5", "parents": [ "4548962b331f085ab117023e9448477e40c1ff80" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue May 12 23:41:25 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 12 23:41:25 2026" }, "message": "spirv-val: Print OpFunctionCall with ShaderDebugInfo (#6686)\n\nNext part of #6617 \n\n- Creates a common util for function lines\n- Have way to print two sections\n- Add `OpFunctionCall`\n\n```\nerror: 54: OpFunctionCall Argument \u003cid\u003e \u002741[%41]\u0027s type does not match Function \u003cid\u003e \u002728[%_ptr_Function_int]\u0027s parameter type.\n %47 \u003d OpFunctionCall %int %48 %41\n\n --\u003e file_b.comp:4:0\n |\n4 | int y \u003d foo(\n5 | x\n6 | );\n |\n --\u003e file_a.comp:2:0\n |\n2 | int foo(int z) {\n |\n```" }, { "commit": "4548962b331f085ab117023e9448477e40c1ff80", "tree": "7cad496344e8f3cade08471299f4e6cfa4957273", "parents": [ "0bb521870594a00a7079381e119da2b4e1a2f859" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue May 12 21:27:04 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 12 21:27:04 2026" }, "message": "spirv-val: Print DebugLocalVariable in error message (#6685)\n\nnext part of #6617 \n\nwill print \n\n```\nerror: 42: Variables must have a function[7] storage class inside of a function\n %37 \u003d OpVariable %_ptr_Function_uint Uniform\n\n --\u003e a.comp:4:0\n |\n4 | uint x \u003d 0;\n |\n```\n\n... Next goal will be how to combine it so when you have an error on the\n`OpLoad`/`OpStore` it can print **both** the line the access occured and\nthe variable declaration" }, { "commit": "0bb521870594a00a7079381e119da2b4e1a2f859", "tree": "8144695044596dbc6e797694a51556d9ba892042", "parents": [ "c58415dca6892d16543c4a043bbd2d7198844b51" ], "author": { "name": "Ryan Harrison", "email": "rharrison@chromium.org", "time": "Mon May 11 21:23:12 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 21:23:12 2026" }, "message": "Make sure that locations don\u0027t roll over in spirv-val (#6680)\n\nFixes #6436" }, { "commit": "c58415dca6892d16543c4a043bbd2d7198844b51", "tree": "189e4f73a85e2b76a060748f23b049153abbfed0", "parents": [ "5cdb96fdca05cd131ff5361cfe7e95da97db7106" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon May 11 21:19:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 21:19:39 2026" }, "message": "spirv-val: Add DebugGlobalVariable to spirv-val messages (#6681)\n\nnext small step for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6617\n\nIf the error is an `OpVariable` will look like\n\n```\nerror: 46: Storage class must match result type storage class\n %3 \u003d OpVariable %_ptr_Uniform__struct_13 StorageBuffer\n\n --\u003e a.comp:2:0\n |\n2 | layout(set \u003d 0, binding \u003d 1, std430) buffer SSBO {\n |\n```\n\nGoal was to make the `PrintShaderDebugInfoSource` they could both share.\nView as a very small step forward" }, { "commit": "5cdb96fdca05cd131ff5361cfe7e95da97db7106", "tree": "b35c59e4e423d794f2f94ecf3d49b980ccda9099", "parents": [ "5be1e19fc008803df7d60c5c21b31160362ea43f" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Mon May 11 20:51:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 20:51:53 2026" }, "message": "roll deps (#6658)\n\n- **Roll external/abseil_cpp/ 351086314..892f51328 (2 commits)**\n- **Roll external/mimalloc/ b1963961a..fef6b0dd7 (38 commits)**\n- **Roll external/spirv-headers/ 1a22b1670..58006c901 (4 commits)**\n\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e\nCo-authored-by: Steven Perron \u003cstevenperron@google.com\u003e" }, { "commit": "5be1e19fc008803df7d60c5c21b31160362ea43f", "tree": "1d0f25673e9ff2e60fb3263d0218d61e07eb5ae9", "parents": [ "b66e3be043c77296582a2488423b2080a5f0c09b" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon May 11 19:04:56 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 19:04:56 2026" }, "message": "spirv-val: Print source line in Validation message (#6648)\n\npart 1 of https://github.com/KhronosGroup/SPIRV-Tools/issues/6617\n\nThis just adds line number, next will look into adding columns and\nthings like `OpType*` or `OpVariable` (want to plumb in the whole\nShaderDebugInfo stuff first)\n\nCurrent output looks like\n\n```\nerror: 34: OpAccessChain reached non-composite type while indexes still remain to be traversed.\n %25 \u003d OpAccessChain %_ptr_StorageBuffer_v4float %6 %int_0 %int_0 %int_0\n\n --\u003e a.comp:7:0\n |\n7 | data \u003d vec4(0.0);\n |\n```\n\nand \n\n```\nerror: 41: OpAccessChain reached non-composite type while indexes still remain to be traversed.\n %32 \u003d OpAccessChain %_ptr_StorageBuffer_v4float %9 %int_0 %int_0 %int_0\n\n --\u003e a.comp:6:0\n |\n6 | void main() {\n7 | data \u003d vec4(0.0);\n8 | }\n |\n```" }, { "commit": "b66e3be043c77296582a2488423b2080a5f0c09b", "tree": "ebb837bdf551dcd7c4e6b44078d201d3a17f8282", "parents": [ "999eb5fa9f853ef3cff65616a67303ec38ce74cb" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon May 11 15:54:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 15:54:46 2026" }, "message": "build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-actions group across 1 directory (#6667)\n\nBumps the github-actions group with 1 update in the / directory:\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 4.35.2 to 4.35.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for\ncustomers using CodeQL version 2.19.3 and earlier. These versions of\nCodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise\nServer 3.15, and will be unsupported by the next minor release of the\nCodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP\nOIDC are now accepted. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use\n\u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better\ncompatibility with various registry implementations. For NuGet feeds,\nthe test is now always performed against the service index. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same\nmillisecond could overwrite each other on disk, causing one of them to\nbe lost. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for\ncustomers using CodeQL version 2.19.3 and earlier. These versions of\nCodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise\nServer 3.15, and will be unsupported by the next minor release of the\nCodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP\nOIDC are now accepted. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use\n\u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better\ncompatibility with various registry implementations. For NuGet feeds,\nthe test is now always performed against the service index. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same\nmillisecond could overwrite each other on disk, causing one of them to\nbe lost. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled\nusing the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment\nvariable is deprecated and will be removed in May 2026. If you are\naffected by this, we recommend disabling TRAP caching by passing the\n\u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis\nnow only applies to repositories that contain submodules. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library,\nrelying instead on models of the standard library. This should result in\nsignificantly faster extraction and analysis times, while the effect on\nalerts should be minimal. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private\nregistries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e\ndue to issues with a small percentage of Actions and JavaScript\nanalyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e is enabled, since improved incremental analysis\nsupersedes TRAP caching. This will improve performance and reduce\nActions cache usage. We expect to roll this change out to everyone in\nMarch. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses\nthat use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be\ncomplete by the end of April 2026. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7\"\u003e\u003ccode\u003ee46ed2c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3867\"\u003e#3867\u003c/a\u003e\nfrom github/update-v4.35.3-8c6e48dbe\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a\"\u003e\u003ccode\u003eb73d1d1\u003c/code\u003e\u003c/a\u003e\nAdd changelog entry for \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b\"\u003e\u003ccode\u003e24e0bb0\u003c/code\u003e\u003c/a\u003e\nReorder changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62\"\u003e\u003ccode\u003eec298da\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.35.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46\"\u003e\u003ccode\u003e8c6e48d\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3865\"\u003e#3865\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2\"\u003e\u003ccode\u003e7190983\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445\"\u003e\u003ccode\u003e2bb2095\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698\"\u003e\u003ccode\u003e7851e55\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3850\"\u003e#3850\u003c/a\u003e\nfrom github/mbg/private-registry/cloudsmith-gcp\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751\"\u003e\u003ccode\u003e262a15f\u003c/code\u003e\u003c/a\u003e\nAdd generic non-printable chars test for OIDC configs\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd\"\u003e\u003ccode\u003ea6109b1\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e\nfrom github/mbg/start-proxy/improved-checks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...e46ed2cbd01164d986452f91f178727624ae40d7\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "999eb5fa9f853ef3cff65616a67303ec38ce74cb", "tree": "d8c1ab32cdbde11891b0d8871c4bc95fd4e18cde", "parents": [ "6337eb62cadd7d124ac6789bf39c0f71148f0a73" ], "author": { "name": "janharaldfredriksen-arm", "email": "jan-harald.fredriksen@arm.com", "time": "Mon May 11 14:24:48 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 11 14:24:48 2026" }, "message": "Allow no derivative layout for SPV_NV_compute_shader_derivatives (#6678)\n\nWhile adding glslang support for GL_KHR_compute_shader_derivatives I ran\ninto some compatibility issues with the prior NV version of this\nextension.\n\nThe KHR SPIR-V spec differs from the NV version in that is requires one\nof the DerivativeGroup*KHR modes to be set, while the NV spec says they\ndon\u0027t need to be specified:\n\u003e DerivativeGroup*NV execution mode that was specified for the entry\npoint. If neither derivative group mode was specified, the derivatives\nreturn zero.\n\n(From\nhttps://github.com/KhronosGroup/SPIRV-Registry/blob/main/extensions/NV/SPV_NV_compute_shader_derivatives.asciidoc)\n \nThe issue raised in https://github.com/KhronosGroup/glslang/issues/4239\nshows that there are GLSL shaders using the NV extension that assume\nthat the modes don\u0027t have to be set.\n\nI modified glslang to allow this behavior for the NV extension in\nhttps://github.com/KhronosGroup/glslang/pull/4247, but the generated\nSPIR-V fails validation.\n\n-- \n\nFor this PR, I\u0027ve made the execution mode check dependent on the KHR\nextension. (The execution and capability tokens are aliased between the\nKHR and NV extensions.)\n\nThat change caused a unit test regression. AFAICT, that test has never\nbeen valid since it uses explicit derivatives in a compute shader\nwithout enabling any extensions. I turned that into a test for the KHR\nextension." }, { "commit": "6337eb62cadd7d124ac6789bf39c0f71148f0a73", "tree": "c054fa88ccd7f1311c86ce04448b4cd4148b8d8f", "parents": [ "c98fc83591a0b01d68f929478b59d3bdd7f00fc6" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Tue May 05 17:36:34 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 05 17:36:34 2026" }, "message": "kokoro: use NDK r29 (#6669)\n\nBug: crbug.com/507146491" }, { "commit": "c98fc83591a0b01d68f929478b59d3bdd7f00fc6", "tree": "2ceb784f7cda230981adfc744f07343a82b2ca20", "parents": [ "4c2ec2a09b7fbeff1dc64cb9f857d77403a3c25f" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Mon May 04 18:57:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 04 18:57:15 2026" }, "message": "Update abseil (#6668)\n\nFor test_c_interface_shared, avoid linking against effcee. Linking\neffcee pulls in abseil, which will have been compiled with conflicting\nC++ Runtime options (shared vs. static)." }, { "commit": "4c2ec2a09b7fbeff1dc64cb9f857d77403a3c25f", "tree": "55dcf5604fa75dac163a40e0e8e26080e361396f", "parents": [ "c8bda961df8dcdc07cdd6fc59dac3b35a4b73739" ], "author": { "name": "Yury Plyakhin", "email": "yury.plyakhin@intel.com", "time": "Sun May 03 18:33:54 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 03 18:33:54 2026" }, "message": "spirv-val: add validation for SPV_INTEL_predicated_io (#6665)\n\nAdd spirv-val validation for `OpPredicatedLoadINTEL` and\n`OpPredicatedStoreINTEL` instructions introduced by the\n`SPV_INTEL_predicated_io` extension\n(https://github.com/KhronosGroup/SPIRV-Registry/commit/7be4570407df8c1cbad64d7ef29277f16c10df55):\n- Result/Object type must be scalar or vector of numerical type\n- Predicate must be a Boolean scalar\n- Default Value type must match Result Type (for load)\n- Pointer type must match Result/Object type (for typed pointers)\n- Volatile memory operand is not allowed\n\nCo-Authored-By: Claude (commercial)" }, { "commit": "c8bda961df8dcdc07cdd6fc59dac3b35a4b73739", "tree": "90966b8eb161349d42066b8087866409815252da", "parents": [ "4cce3565d16a298efff96c0b172c44fea409036b" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Fri May 01 22:20:55 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 22:20:55 2026" }, "message": "kokoro: use GCC 15 (#6659)\n\nGoogle internal bug 506281797" }, { "commit": "4cce3565d16a298efff96c0b172c44fea409036b", "tree": "cc70a3da2901496867c93ca12f5534cc371f7b98", "parents": [ "e152004278370f50894885d430c56f2993e00a75" ], "author": { "name": "Russell Liu", "email": "ginshio78@gmail.com", "time": "Fri May 01 16:15:11 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 16:15:11 2026" }, "message": "spirv-val: Interpolation functions with half (#6653)\n\nThe SPV_AMD_gpu_shader_half_float extension allows us to use half type\nin interpolation functions. If this extension is declared in the SPIR-V,\ninterpolation functions with half are considered valid. Other cases are\nstill invalid." }, { "commit": "e152004278370f50894885d430c56f2993e00a75", "tree": "0848f491653ca4975123778f5c20ca51a5b8cfc0", "parents": [ "2ec8457ab33d539b6f1fecc998360c0b8b05ed4f" ], "author": { "name": "Russell Liu", "email": "ginshio78@gmail.com", "time": "Fri May 01 16:03:40 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 16:03:40 2026" }, "message": "spirv-val: Derivative instructions with half (#6652)\n\nGL_AMD_gpu_shader_half_float allows us to use half type in derivative\ninstructions. But the corresponding extension of SPIR-V appears to only\nexplicitly allow half type for interpolation function, doesn\u0027t mention\nderivative functions.\n\nRecently, one PR in SPIRV-Registry was updated this extension, and\nupdated spec to match the behavior of GLSLang.\n\nGLSLang extension:\n\nhttps://registry.khronos.org/OpenGL/extensions/AMD/AMD_gpu_shader_half_float.txt\n\nExtension update:\nhttps://github.com/KhronosGroup/SPIRV-Registry/pull/403" }, { "commit": "2ec8457ab33d539b6f1fecc998360c0b8b05ed4f", "tree": "71935e02ec8950c908ed613a2ebf2b41da7bee9b", "parents": [ "0539c81f69a3daeb706fd3477dca61435b475156" ], "author": { "name": "alelenv", "email": "40001162+alelenv@users.noreply.github.com", "time": "Wed Apr 29 22:51:06 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 29 22:51:06 2026" }, "message": "Update tools for spirv issue 373. (#6650)\n\nIssue : https://github.com/KhronosGroup/SPIRV-Registry/issues/373" }, { "commit": "0539c81f69a3daeb706fd3477dca61435b475156", "tree": "4cb77a6eced2e1030f0623badfa05b2ab7d089fb", "parents": [ "3605cce5b11f6a085107fd400f1721cd2a59c49e" ], "author": { "name": "Alan Harrison", "email": "33062996+AlanHarrisonAMD@users.noreply.github.com", "time": "Wed Apr 29 17:02:58 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 29 17:02:58 2026" }, "message": "Handle OpAbortKHR in spvOpcodeIsAbort (#6661)" }, { "commit": "3605cce5b11f6a085107fd400f1721cd2a59c49e", "tree": "f4a88e304f6d9d4823a13c45db6d0e55facb90c9", "parents": [ "5f7bbe754b40741c4be4f618d37ef3adbfd26f4f" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Mon Apr 27 13:50:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 13:50:02 2026" }, "message": "kokoro: linux uses clang-18 (#6656)\n\nGoogle-internal bug 393437270" }, { "commit": "5f7bbe754b40741c4be4f618d37ef3adbfd26f4f", "tree": "0f184c1a16528711301620fc4ba63aee48395459", "parents": [ "3a49d67b15d3ebbb0cb31e9fd2ca58903959a140" ], "author": { "name": "Jordan Robinson", "email": "34017385+Jmangles@users.noreply.github.com", "time": "Mon Apr 27 13:46:42 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 13:46:42 2026" }, "message": "Remove redundant iterations from inliner passes (#6639)\n\nImplemented in both the exhaustive/opaque inliner even though it appears\nthe opaque one is not fully functional.\n\nIn my benchmark tests I found it reduced the time needed to run the\nexhaustive pass by 50% on average with the shaders I was testing with.\n\nAlso fixes two bugs in the opaque inliner. One is from not updating the\nparent of each new block and the other for debug. These could be split\ninto another PR if desired but it\u0027s still pretty small overall.\n\n---------\n\nCo-authored-by: Steven Perron \u003cstevenperron@google.com\u003e" }, { "commit": "3a49d67b15d3ebbb0cb31e9fd2ca58903959a140", "tree": "cdb048da47bb609551d3bf286214d487d165481c", "parents": [ "7f586c9b065d76341ba9477f374daf1836a464e5" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Mon Apr 27 13:07:04 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 13:07:04 2026" }, "message": "Roll external/abseil_cpp/ f58ee2660..351086314 (6 commits) (#6655)\n\nhttps://github.com/abseil/abseil-cpp/compare/f58ee266044d...351086314d46\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "7f586c9b065d76341ba9477f374daf1836a464e5", "tree": "4a9818943d1aca9a474188166df1b46d7bf47618", "parents": [ "c1cb30bb04e2bf911755a40df1242cc6e3d83e26" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Fri Apr 24 19:08:44 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 24 19:08:44 2026" }, "message": "Roll external/abseil_cpp/ 8a6b6ae90..f58ee2660 (2 commits) (#6651)\n\nhttps://github.com/abseil/abseil-cpp/compare/8a6b6ae902ac...f58ee266044d\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c1cb30bb04e2bf911755a40df1242cc6e3d83e26", "tree": "4d6fa79ab3a8f07be70e02ac718d488ac225a630", "parents": [ "aee3d20c3f083465f566fd6075a81822c3c4ae90" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Fri Apr 24 14:20:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 24 14:20:46 2026" }, "message": "Prepare for v2026.2 release (#6654)" }, { "commit": "aee3d20c3f083465f566fd6075a81822c3c4ae90", "tree": "5be0e53b0daeee8b090c14ae0f5b3525060ef312", "parents": [ "b1c899180b03cae9ff276ac8c2359e56f14d1758" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Apr 23 19:59:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 19:59:57 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 2 updates (#6649)\n\nBumps the github-actions group with 2 updates in the / directory:\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `lukka/get-cmake` from 4.3.1 to 4.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.3.2\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.3.2\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/7bfc9baacbbdcb5e37957ad05c3546b3e222be3c\"\u003e\u003ccode\u003e7bfc9ba\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.3.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/ea83089aa35e08e459464341fe24ad024ee2466f...7bfc9baacbbdcb5e37957ad05c3546b3e222be3c\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled\nusing the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment\nvariable is deprecated and will be removed in May 2026. If you are\naffected by this, we recommend disabling TRAP caching by passing the\n\u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis\nnow only applies to repositories that contain submodules. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library,\nrelying instead on models of the standard library. This should result in\nsignificantly faster extraction and analysis times, while the effect on\nalerts should be minimal. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private\nregistries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled\nusing the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment\nvariable is deprecated and will be removed in May 2026. If you are\naffected by this, we recommend disabling TRAP caching by passing the\n\u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis\nnow only applies to repositories that contain submodules. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library,\nrelying instead on models of the standard library. This should result in\nsignificantly faster extraction and analysis times, while the effect on\nalerts should be minimal. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private\nregistries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e\ndue to issues with a small percentage of Actions and JavaScript\nanalyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e is enabled, since improved incremental analysis\nsupersedes TRAP caching. This will improve performance and reduce\nActions cache usage. We expect to roll this change out to everyone in\nMarch. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses\nthat use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be\ncomplete by the end of April 2026. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003e\u003ccode\u003e95e58e9\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3824\"\u003e#3824\u003c/a\u003e\nfrom github/update-v4.35.2-d2e135a73\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/6f31bfe060e817d81e938dbec767969d20031e25\"\u003e\u003ccode\u003e6f31bfe\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.35.2\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/d2e135a73a39154e3a231aeb49163c4661c5b8b1\"\u003e\u003ccode\u003ed2e135a\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3823\"\u003e#3823\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/60abb65df09fcf213c398e064c8a80db1f15cdaf\"\u003e\u003ccode\u003e60abb65\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/5a0a562209255e956ad8aafcee303294e64eefa2\"\u003e\u003ccode\u003e5a0a562\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/65216971a11ded447a6b76263d5a144519e5eee1\"\u003e\u003ccode\u003e6521697\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3820\"\u003e#3820\u003c/a\u003e\nfrom github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/3c45af2dd258e1623af1898da5c86545b514e028\"\u003e\u003ccode\u003e3c45af2\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3821\"\u003e#3821\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/npm-minor-345b93...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f1c339364c12f922998186ed897e45e3b4ae8874\"\u003e\u003ccode\u003ef1c3393\u003c/code\u003e\u003c/a\u003e\nRebuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/1024fc496c87e944a93e98d8cf2c09e2c7602a30\"\u003e\u003ccode\u003e1024fc4\u003c/code\u003e\u003c/a\u003e\nRebuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/9dd4cfed96030ccdfe1af4daf7a7964322704fed\"\u003e\u003ccode\u003e9dd4cfe\u003c/code\u003e\u003c/a\u003e\nBump the npm-minor group across 1 directory with 6 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "b1c899180b03cae9ff276ac8c2359e56f14d1758", "tree": "40c014db0cb44802dc7596b8b6cceaf6f6413c97", "parents": [ "78b881bcf4697e31f248d5545d771ee9ea9a0087" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Thu Apr 23 19:21:55 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 19:21:55 2026" }, "message": "Roll external/abseil_cpp/ 04b6110da..b9536c952 (1 commit) (#6638)\n\nhttps://github.com/abseil/abseil-cpp/compare/04b6110da90b...b9536c952c6f\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "78b881bcf4697e31f248d5545d771ee9ea9a0087", "tree": "c325e984c347e43047db6cfa4842d491028955e2", "parents": [ "ff5c50339cc1e9f34f04cb440a3e5fe89db0161d" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Thu Apr 23 18:36:49 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 18:36:49 2026" }, "message": "opt: Fold OpCompositeExtract feeding from OpCopyLogical or OpLoad (#6614)\n\n- CopyLogicalFeedingExtract: Hoist OpCompositeExtract before\nOpCopyLogical.\n If the input to an OpCompositeExtract is an OpCopyLogical, we can\n extract from the original composite and then copy the result.\n- LoadFeedingExtract: Change OpLoad + OpCompositeExtract to\nOpAccessChain + OpLoad.\n If the input to an OpCompositeExtract is an OpLoad, we can load the\n specific element instead of the entire composite. This is restricted\n to non-Function/Private storage classes to avoid interfering with\n local-access-chain-convert.\n\nUpdated fold_test.cpp with 8 new test cases and updated existing tests\nto use SPV_ENV_UNIVERSAL_1_5.\n\nFixes #6611" }, { "commit": "ff5c50339cc1e9f34f04cb440a3e5fe89db0161d", "tree": "5e6f7a43856e912a49a8a5cb0b8fd26cc3a4f7d4", "parents": [ "6c0666ec2000ba74ed12df5f6e807a7f721402a1" ], "author": { "name": "Arseniy Obolenskiy", "email": "arseniy.obolenskiy@amd.com", "time": "Wed Apr 22 14:10:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 14:10:57 2026" }, "message": "spirv-val: Add validation for 4-bit integer types (#6644)\n\nAllow 4-bit integers with Int4TypeINTEL\n\nRequired for test in LLVM tree:\nhttps://github.com/llvm/llvm-project/blob/6b0d268fe544b25fd1f82aad4e246f8a74e260ed/llvm/test/CodeGen/SPIRV/legalization/icmp_extended_int.ll\n\nExtension ref:\nhttps://github.com/KhronosGroup/SPIRV-Registry/blob/main/extensions/INTEL/SPV_INTEL_int4.asciidoc" }, { "commit": "6c0666ec2000ba74ed12df5f6e807a7f721402a1", "tree": "be777bc9506b2f75e7eb79d2222d4b8f52ab5043", "parents": [ "8b3a3c79b6ecaae7bd11ff20261aea532ce268c2" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Apr 21 20:49:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 20:49:39 2026" }, "message": "build: Fix BUILD.gn for NonSemanticShaderDebugInfo (#6647)\n\nFix for @y-novikov\n(https://github.com/KhronosGroup/SPIRV-Tools/pull/6635#issuecomment-4283010149)" }, { "commit": "8b3a3c79b6ecaae7bd11ff20261aea532ce268c2", "tree": "e223b9f0b69d6b3c69cbc610b83dae4dfba6c306", "parents": [ "706f1dc8558316213eac02b0611f9cde6fd3d9c5" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Apr 21 16:32:25 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 16:32:25 2026" }, "message": "spirv-val: Handle OpSpecConstantDataKHR (#6646)\n\n@alan-baker this adds the `spirv-val` to handle `OpSpecConstantDataKHR`\n\nI took out of `opcode.h` because it was only used in `spirv-val` in that\none spot. The next (and hopefully final) PR after this is to fix all the\n`spirv-opt` passes to handle this \"joy to use\" spec constant instruction\ncorrectly\n\n----\n\n**Edit:** - Just added the `CreateSetSpecConstantDefaultValuePass` and\n`CreateFreezeSpecConstantValuePass` pass as well" }, { "commit": "706f1dc8558316213eac02b0611f9cde6fd3d9c5", "tree": "e552cef46ba910548fbc3a782bf91d4ee1619c3b", "parents": [ "5278681115c9099ca33183cbf91f3726ee962616" ], "author": { "name": "Jay Kwak", "email": "82421531+jkwak-work@users.noreply.github.com", "time": "Mon Apr 20 23:28:27 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 23:28:27 2026" }, "message": "Add DebugBuildIdentifier to the live worklist during initialization (#6626)\n\nDebugBuildIdentifier was missing from the set of NonSemantic debug\ninstructions added to the worklist in\nInitializeModuleScopeLiveInstructions. Instead it was handled in\nProcessGlobalValues (after the worklist is exhausted) using\nlive_insts_.Set() on its direct operands.\n\nlive_insts_.Set() marks an instruction live but does not enqueue it, so\ntransitive operand dependencies are never visited. In shaders where the\nonly use of a type (e.g. OpTypeInt) is through a constant that is itself\nonly referenced by DebugBuildIdentifier\u0027s flags argument, the type\ninstruction is not marked live and is incorrectly killed by ADCE.\n\nThe surviving constant then references a deleted type, producing invalid\nSPIR-V. Any subsequent pass that rebuilds the DefUseManager (e.g. CCP)\nwill fail with \"Definition is not registered.\"\n\nFix: include NonSemanticShaderDebugInfo100DebugBuildIdentifier in the\nworklist loop alongside the other always-live debug instructions. The\nworklist\u0027s transitive closure correctly marks all operand dependencies\nlive before global-value cleanup runs. The existing special-case code in\nProcessGlobalValues becomes unreachable for this opcode (IsLive returns\ntrue, so the early continue fires) and is now dead; it is left in\nplacefor safety.\n\n---------\n\nCo-authored-by: Claude Sonnet 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "5278681115c9099ca33183cbf91f3726ee962616", "tree": "39aa7ba6c68377d07e09f10bf7f7c2a08e0bd1eb", "parents": [ "878ba274712e077474118a721e8edef4f6951a47" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sat Apr 18 15:20:41 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 15:20:41 2026" }, "message": "spirv-val: Validate OpConstantDataKHR (#6643)\n\n(based on https://github.com/KhronosGroup/SPIRV-Tools/pull/6642)\n\nadds the missing validation for `OpConstantDataKHR`" }, { "commit": "878ba274712e077474118a721e8edef4f6951a47", "tree": "131619965c565ae14296438aacce300ad466b97f", "parents": [ "7f88e7df21e7e6d8bf0a9bd684e5b70c427db013" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Fri Apr 17 20:54:27 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 20:54:27 2026" }, "message": "Fix crash in shuffle validation (#6645)\n\nRefs https://crbug.com/oss-fuzz/502697533\n\n* Fix a crash if a typeless instruction id is used as a vector operand" }, { "commit": "7f88e7df21e7e6d8bf0a9bd684e5b70c427db013", "tree": "585743389d8ef4bbff7e9baa4101239b8b209dfc", "parents": [ "2e8b5e20ee8d9bdb37a6416508247955087a3453" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Apr 17 12:15:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 12:15:51 2026" }, "message": "spirv-as: Fix OpConstantDataKHR new grammar (#6642)\n\nTalked to David at F2F and we decided for now, to just get a fix in to\n`OpConstantDataKHR` from\nhttps://github.com/KhronosGroup/SPIRV-Headers/commit/ad9184e76a66b1001c29db9b0a3e87f646c64de0\n\nin the future, we can apply the \"joy to use\" `UTFEncodedKHR` decoration\nto allow `spirv-as`/`spirv-dis` to handle strings" }, { "commit": "2e8b5e20ee8d9bdb37a6416508247955087a3453", "tree": "2fcbd56ffd44575f9cac95b0e8e284539ef05a7a", "parents": [ "d6f49d73881c76d2824bda1b2406a41845f193fd" ], "author": { "name": "Steve Urquhart", "email": "53908460+SteveUrquhart@users.noreply.github.com", "time": "Thu Apr 16 16:09:57 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 16:09:57 2026" }, "message": "spirv-opt: Fix DebugValue placements (#6599)\n\nThis PR fixes several problems with DebugDeclare and DebugValue\ninstructions created during optimization. Together, they address the\ndebug info problems reported in\nhttps://github.com/microsoft/DirectXShaderCompiler/issues/8112.\n\nThe DebugInfoManager changes correct a problem that can occur when\ncloning a previous instruction. The given insert_pos from the\noptimization may not be dominated by the cloned operands. We now now\ndetect this and insert safely after the debug instruction.\n\nThe inline pass was creating invalid SPIR-V when an OpAccessChain was\nreferencing dynamic values. The indices of a DebugDecalre or DebugValue\nfollow the same rules as OpAccessChain, which requires constant values\nwhen indexing into a structure. Since there is no valid way to represent\nthis DebugDeclare following optimization, we kill it.\n\nThe change to instruction.cpp handles the case where a user invoked\n--fixup-opextinst-opcodes prior to optimization.\n\nThe scalar replacement pass was relocating DebugValue\u0027s and creating\ninvalid SPIR-V.\n\nTogether, these changes allow the 1st shader reported in\nhttps://github.com/microsoft/DirectXShaderCompiler/issues/8112 to\ncompile and validate cleanly. There are still one or more problems with\nthe 2nd shader in the ticket, but I fixed all the debug info problems\nthat I saw." }, { "commit": "d6f49d73881c76d2824bda1b2406a41845f193fd", "tree": "076308195b327e9f110a0f3e8af105f33495ead6", "parents": [ "8d245e02504488aaa51ab561cfd8725b7916c91d" ], "author": { "name": "Arseniy Obolenskiy", "email": "arseniy.obolenskiy@amd.com", "time": "Thu Apr 16 11:56:59 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 11:56:59 2026" }, "message": "Only run autoroll workflow on upstream repository (#6640)\n\nAvoid creating \u0027roll deps\u0027 PRs in forks" }, { "commit": "8d245e02504488aaa51ab561cfd8725b7916c91d", "tree": "789be7256a2783a64e586568986d0910f9c6d93c", "parents": [ "4b3bd66f3806ee0b67d9fe7c591d8f29ca535ccd" ], "author": { "name": "David Neto", "email": "dneto@google.com", "time": "Wed Apr 15 15:18:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 15:18:39 2026" }, "message": "Test spvtools::TextToBinaryTestBase::MaybeFlipWords (#6637)\n\nMaybeFlipWords is used in the tests for parsing\nbinaries in both endiannesses." }, { "commit": "4b3bd66f3806ee0b67d9fe7c591d8f29ca535ccd", "tree": "5d00578cc380daa5bb83320f44c6d2eb4a6e2f9d", "parents": [ "5d7c08d0cde5ba67e540ba379b2ef0ee2fc92fa9" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Wed Apr 15 07:14:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 07:14:02 2026" }, "message": "Add validation for NSDI 101 (#6635)\n\nThis is the next step in implementing NSDI 101\n(https://github.com/KhronosGroup/SPIRV-Registry/pull/390)).\n\nThis PR updates SPIRV-Tools to validate NSDI.101 modules:\n\n- DEPS: Update `spirv_headers_revision` to the NSDI.101 SPIRV-Headers\nchanges.\n- Change build system files to use the version-agnostic headers and\ngrammar files. In `utils/ggt.py`, I added a special case to map\n`SPV_EXT_INST_TYPE_NONSEMANTIC_SHADER_DEBUGINFO` back to\n`SPV_EXT_INST_TYPE_NONSEMANTIC_SHADER_DEBUGINFO_100`. I didn\u0027t want to\nmake an API breaking change here.\n- Since we are now including the unified version header, all the\nembedded `100` strings can be removed. I updated all references across\n`source/opt/` and `source/val/`. The numeric values are identical; none\nof these symbols are part of the public API.\n- Finally, the actual validator changes:\n\n1. `GetNSDIVersion` parses the declared version from the\n`OpExtInstImport` string (e.g., `NonSemantic.Shader.DebugInfo.101`\nreturns `101`).\n2. `kNSDIKnownVersion` is set to `NonSemanticShaderDebugInfoVersion` (\u003d\n101). A `has_optional_at(n)` lambda replaces the previous `num_words \u003d\u003d\nn` checks for optional trailing operands. It accepts the optional\noperand when the module declares a version newer than\n`kNSDIKnownVersion` or when the word count is exactly `n`.\n3. Added a new helper\n`ValidateUint32ConstOrSpecConstOperandForDebugInfo` and macro\n`CHECK_CONST_OR_SPEC_UINT_OPERAND`. This accepts both constants and spec\nconstants.\n4. Two new cases in the `vulkanDebugInfo` branch of `ValidateExtInst`:\n - `DebugTypeVectorIdEXT`\n - `DebugTypeCooperativeMatrixKHR`\n5. `DebugTypeBasic` validation is updated to accept the new optional\n`FPEncoding` operand.\n6. Added new tests for the validator for all the new opcodes." }, { "commit": "5d7c08d0cde5ba67e540ba379b2ef0ee2fc92fa9", "tree": "99a0b1d473b79ed6c3a94fcd49f35d838d8d1b0d", "parents": [ "5c00fbc68c0428cee0ea38aafe19341708b9c913" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 14 14:37:19 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 14:37:19 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 2 updates (#6636)\n\nBumps the github-actions group with 2 updates in the / directory:\n[actions/cache](https://github.com/actions/cache) and\n[actions/upload-artifact](https://github.com/actions/upload-artifact).\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca\nhref\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e\nwith the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e\nsection.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by\nupdating the \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e\nfile with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed\nand merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e\nuse the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you\nmade in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca\nhref\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version\nnumber.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags\nfor this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar\npatterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb\nprotection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e\nfrom actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e\nlicensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e\nnpm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e\nUpdate ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca\nhref\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca\nhref\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca\nhref\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e\nfrom actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e\nInclude changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e\nReadme: bump all the example versions to v7 (\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e\nUpdate the readme with direct upload details (\u003ca\nhref\u003d\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "5c00fbc68c0428cee0ea38aafe19341708b9c913", "tree": "6a7d6d0ba20f710397a80737f4208836a7da5940", "parents": [ "af662dddb957564fdabe61b40c6f2731d8d2e0d1" ], "author": { "name": "mjkrol", "email": "mjkrol@gmail.com", "time": "Tue Apr 14 14:21:29 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 14:21:29 2026" }, "message": "spirv-val: Check output location uniqueness per-stream for GeometryStreams (#6630)\n\nThe VK_EXT_transform_feedback extension exists specifically to support\ntranslation layers from other 3D APIs. In D3D\u0027s stream output model, all\nfour geometry streams share the same 32 output registers. When a vertex\nis emitted on any stream, the current register values go to that\nstream\u0027s buffer and all registers become undefined.\n\nSPIR-V\u0027s current location uniqueness rule prevents this by requiring\nglobally-unique locations across all output variables, forcing\ntranslation layers to use unique locations per stream. This exhausts\nmaxGeometryOutputComponents (typically 128) at just eight vec4\u0027s per\nstream instead of the 32 that D3D supports.\n\nRelax the location uniqueness check for geometry shader outputs when\nGeometryStreams capability is present, allowing variables on different\nstreams to share the same location. This matches the D3D hardware model\nwhere streams alias the same register file.\n\nAdd tests for per-stream output location uniqueness:\n- Different streams at the same location pass.\n- Same stream at the same location still conflicts (VUID 08722).\n- Component-sharing across streams is allowed.\n- Without the GeometryStreams capability, duplicate output locations\n in a Geometry shader still conflict.\n- Input variables in a Geometry+GeometryStreams entry point still\n require unique locations (VUID 08721).\n\n---------\n\nSigned-off-by: Michal Krol \u003cmichal.krol@broadcom.com\u003e" }, { "commit": "af662dddb957564fdabe61b40c6f2731d8d2e0d1", "tree": "085524dd53500700e64a0be75c70e143fc0767a8", "parents": [ "ef36b6395e11a9821c78735bb1a91d8687539844" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Tue Apr 14 13:55:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 13:55:46 2026" }, "message": "roll deps (#6631)\n\n- **Roll external/abseil_cpp/ 884282e28..9034b9ca6 (1 commit)**\n- **Roll external/spirv-headers/ 6dd7ba990..ce9dfb014 (1 commit)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "ef36b6395e11a9821c78735bb1a91d8687539844", "tree": "6396486e7e522b8130dc4d8a249d3fd90d835949", "parents": [ "31f2d2e644d0432b6749262b9d58bb0b5e00b300" ], "author": { "name": "Ralph Potter", "email": "ralph@rendering.io", "time": "Tue Apr 14 11:59:11 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 11:59:11 2026" }, "message": "Add support for SPV_KHR_abort and SPV_KHR_constant_data (#6625)\n\nSupersedes #6624\n\nBuilds on original contribution by @archimedus.\n\n* Corrects invalid SPIR-V in various tests\n* Expands validation to cover operand compatibility\n* Validates the OpAbortKHR terminates a block\n* Relocates text to binary tests\n* Removes unnecessary changes to test_fixture.h\n\n---------\n\nCo-authored-by: Boris Zanin \u003cboris.zanin@amd.com\u003e\nCo-authored-by: Craig Graham \u003ccraig.graham@samsung.com\u003e" }, { "commit": "31f2d2e644d0432b6749262b9d58bb0b5e00b300", "tree": "a0fb1d53898359f37003f6313a4927217441e35c", "parents": [ "a52828d672ab1622c308d0a6fc99630b79561609" ], "author": { "name": "Arseniy Obolenskiy", "email": "arseniy.obolenskiy@amd.com", "time": "Mon Apr 13 15:51:09 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 15:51:09 2026" }, "message": "spirv-val: Do not require type on untyped def instructions (#6634)\n\nThe \"requires a type\" check in IdPass only considered whether the using\ninstruction expects typed operands, not whether the def instruction is\nlegitimately untyped. Instructions like OpAliasScopeListDeclINTEL,\nOpAliasScopeDeclINTEL, and OpAliasDomainDeclINTEL intentionally have no\nresult type, so they should not trigger the error when referenced by\nother instructions\n\nRequired for 2 tests in\nhttps://github.com/llvm/llvm-project/issues/190736 (IR is legit, but\nspirv-val rejects it):\n-\nhttps://github.com/llvm/llvm-project/blob/6dbf9d1ac5e68ec6811e6b05c67f12fda07f62e3/llvm/test/CodeGen/SPIRV/extensions/SPV_INTEL_memory_access_aliasing/alias-load-store-struct.ll\n-\nhttps://github.com/llvm/llvm-project/blob/6dbf9d1ac5e68ec6811e6b05c67f12fda07f62e3/llvm/test/CodeGen/SPIRV/extensions/SPV_INTEL_memory_access_aliasing/alias-load-store.ll" }, { "commit": "a52828d672ab1622c308d0a6fc99630b79561609", "tree": "82b7359a05d4c36f36ffe811f60dc386352f2c99", "parents": [ "9fc4e611ff6af82ff01ef48cdf14df895b3fb9ad" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Apr 09 14:37:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 14:37:39 2026" }, "message": "spirv-val: Fix newline not marked as a line for DebugShaderInfo (#6623)\n\nfollow up of the issues @Keenuts was finding in\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/5986\n\nsummary is the following\n\n```\n%24 \u003d OpString \"-with-source-test -fcgl %s -spirv | FileCheck %s ; line 1\n ; line2\n\" ; line3\n```\n\nwas not counting `line 3` as a zero-length, empty line and it would\ncause an off-by-1 later below it\n\n(should fix the failing DXC CI as well)" }, { "commit": "9fc4e611ff6af82ff01ef48cdf14df895b3fb9ad", "tree": "4f9353d31e093103a22252f4894cd215293e1a0f", "parents": [ "34bc8ea6f3f84d5ed7739daa66b01e7273aed458" ], "author": { "name": "Steven Perron", "email": "stevenperron@google.com", "time": "Thu Apr 09 14:35:29 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 14:35:29 2026" }, "message": "spirv-opt: Add extensions to the allow list (#6629)\n\nAdds SPV_EXT_shader_atomic_float16_add, SPV_KHR_abort, and\nSPV_KHR_constant_data to the allow lists.\n\nFixes #6486" }, { "commit": "34bc8ea6f3f84d5ed7739daa66b01e7273aed458", "tree": "0eb00c5623853a9501845c643c4c4efb877352a3", "parents": [ "64edccb611c8adbc74572349cccd75c716cab7b6" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Apr 08 16:49:32 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 16:49:32 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 2 updates (#6621)\n\nBumps the github-actions group with 2 updates in the / directory:\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `lukka/get-cmake` from 4.3.0 to 4.3.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/ea83089aa35e08e459464341fe24ad024ee2466f\"\u003e\u003ccode\u003eea83089\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.3.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/b78306120111dc2522750771cfd09ee7ca723687...ea83089aa35e08e459464341fe24ad024ee2466f\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.34.1 to 4.35.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis\nnow only applies to repositories that contain submodules. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library,\nrelying instead on models of the standard library. This should result in\nsignificantly faster extraction and analysis times, while the effect on\nalerts should be minimal. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e\ndue to issues with a small percentage of Actions and JavaScript\nanalyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e is enabled, since improved incremental analysis\nsupersedes TRAP caching. This will improve performance and reduce\nActions cache usage. We expect to roll this change out to everyone in\nMarch. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses\nthat use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be\ncomplete by the end of April 2026. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to\ndisable \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository\nproperty with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and\nthe type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in\nthe repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to\ndisable improved incremental analysis. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e. This\nfeature is not yet available on GitHub Enterprise Server. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e fails on a runner — potentially due to\ninsufficient disk space — the failure is recorded in the Actions cache\nso that subsequent runs will automatically skip improved incremental\nanalysis until something changes (e.g. a larger runner is provisioned or\na new CodeQL version is released). We expect to roll this change out to\neveryone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c10b8064de6f491fea524254123dbe5e09572f13\"\u003e\u003ccode\u003ec10b806\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3782\"\u003e#3782\u003c/a\u003e\nfrom github/update-v4.35.1-d6d1743b8\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c5ffd0683786820677d054e3505e1c5bb4b8c227\"\u003e\u003ccode\u003ec5ffd06\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.35.1\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/d6d1743b8ec7ecd94f78ad1ce4cb3d8d2ba58001\"\u003e\u003ccode\u003ed6d1743\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3781\"\u003e#3781\u003c/a\u003e\nfrom github/henrymercer/update-git-minimum-version\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/65d2efa7333ad65f97cc54be40f4cd18630f884c\"\u003e\u003ccode\u003e65d2efa\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/2437b20ab31021229573a66717323dd5c6ce9319\"\u003e\u003ccode\u003e2437b20\u003c/code\u003e\u003c/a\u003e\nUpdate minimum git version for overlay to 2.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/ea5f71947c021286c99f61cc426a10d715fe4434\"\u003e\u003ccode\u003eea5f719\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3775\"\u003e#3775\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/node-forge-1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/45ceeea896ba2293e10982f871198d1950ee13d6\"\u003e\u003ccode\u003e45ceeea\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3777\"\u003e#3777\u003c/a\u003e\nfrom github/mergeback/v4.35.0-to-main-b8bb9f28\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/24448c98434f429f901d27db7ddae55eec5cc1c4\"\u003e\u003ccode\u003e24448c9\u003c/code\u003e\u003c/a\u003e\nRebuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7c510606312e5c68ac8b27c009e5254f226f5dfa\"\u003e\u003ccode\u003e7c51060\u003c/code\u003e\u003c/a\u003e\nUpdate changelog and version after v4.35.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b8bb9f28b8d3f992092362369c57161b755dea45\"\u003e\u003ccode\u003eb8bb9f2\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3776\"\u003e#3776\u003c/a\u003e\nfrom github/update-v4.35.0-0078ad667\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/38697555549f1db7851b81482ff19f1fa5c4fedc...c10b8064de6f491fea524254123dbe5e09572f13\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "64edccb611c8adbc74572349cccd75c716cab7b6", "tree": "14ce4a9f49647b2406f2efa692bcdb4343bbd499", "parents": [ "d8030391e8ed342f74df92f27bbfc993055dd4b4" ], "author": { "name": "Kévin Petit", "email": "kevin.petit@arm.com", "time": "Wed Apr 08 15:51:20 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 15:51:20 2026" }, "message": "spirv-opt: add missing OpConstantCompositeReplicateEXT support to constant manager (#6616)\n\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e\nSigned-off-by: Mohammadreza Ameri Mahabadian\n\u003cmohammadreza.amerimahabadian@arm.com\u003e\n\nSigned-off-by: Mohammadreza Ameri Mahabadian \u003cmohammadreza.amerimahabadian@arm.com\u003e\nSigned-off-by: Kevin Petit \u003ckevin.petit@arm.com\u003e" }, { "commit": "d8030391e8ed342f74df92f27bbfc993055dd4b4", "tree": "81dc6fe120b00d44b30f938e9aa4341792850517", "parents": [ "2d14d2e76aa7de72404b17078eda15c20a6a0389" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Apr 08 15:48:48 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 15:48:48 2026" }, "message": "Roll external/abseil_cpp/ 5c01794f7..ed2114e8f (2 commits) (#6627)\n\nhttps://github.com/abseil/abseil-cpp/compare/5c01794f7902...ed2114e8ff2e\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "2d14d2e76aa7de72404b17078eda15c20a6a0389", "tree": "abf28b5764a7187ea159f90342cffbf9ced665b2", "parents": [ "c6e04520cc3093a4e0cf7ba2817581e279eec3ed" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Fri Apr 03 02:27:35 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 02:27:35 2026" }, "message": "roll deps (#6620)\n\n- **Roll external/googletest/ 015950a93..246174399 (1 commit)**\n- **Roll external/abseil_cpp/ 0093ac6ca..d2910b037 (1 commit)**\n- **Roll external/spirv-headers/ 00898b201..39e5d40a3 (1 commit)**\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c6e04520cc3093a4e0cf7ba2817581e279eec3ed", "tree": "8470b385e43eb1cde173025b07616081458d9839", "parents": [ "d7ba8c9fc218830544008cb71e4618adb1c56e12" ], "author": { "name": "Arseniy Obolenskiy", "email": "gooddoog@student.su", "time": "Thu Apr 02 14:40:16 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 14:40:16 2026" }, "message": "spirv-val: Add vector support for OpConvertPtrToU/OpConvertUToPtr with SPV_INTEL_masked_gather_scatter extension (#6575)\n\nAdd missing support for vector operands in `OpConvertPtrToU` and\n`OpConvertUToPtr` when\n[SPV_INTEL_masked_gather_scatter](https://github.com/KhronosGroup/SPIRV-Registry/blob/278044a51fee280bfc91322cdb55b51357db5cb8/extensions/INTEL/SPV_INTEL_masked_gather_scatter.asciidoc)\nextension is enabled" }, { "commit": "d7ba8c9fc218830544008cb71e4618adb1c56e12", "tree": "109f116a5c536552c9abfc5d815ae2a6dc6c7579", "parents": [ "2c75d08e3b31a673726ce6be80ab528250247064" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 31 01:03:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 01:03:46 2026" }, "message": "spirv-val: Slightly improve 04965 error message (#6622)\n\nrelated to https://gitlab.khronos.org/vulkan/vulkan/-/issues/4766\n\nmainly wanted to just improve the error message and add the 2 VVL tests\nhere I had" }, { "commit": "2c75d08e3b31a673726ce6be80ab528250247064", "tree": "22014f183e4ad1fe34fc692b3b02c2faea563ac7", "parents": [ "669844c5e47f1d764a90f9117f6c9bba726a942d" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Sat Mar 28 03:44:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 28 03:44:51 2026" }, "message": "Roll external/abseil_cpp/ b7c61d35e..0093ac6ca (2 commits) (#6615)\n\nhttps://github.com/abseil/abseil-cpp/compare/b7c61d35e6c7...0093ac6cac89\n\nCreated with:\n roll-dep external/abseil_cpp\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "669844c5e47f1d764a90f9117f6c9bba726a942d", "tree": "bbfddee3ca50b3705cdbe600c5fdbc1c20e82806", "parents": [ "4743e69a64255650ac902d87dc51022b6604c607" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Sat Mar 28 00:32:34 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 28 00:32:34 2026" }, "message": "spirv-val: Check DebugLine Line/Column are valid (#5986)\n\nI had to raise issue in Glslang because it would generate\n`Line`/`Column` that didn\u0027t actually point to any valid spot in the\n`DebugSource`\u0027s text\n\nThis adds some validation where if there is a `DebugSource` with `Text`\nthen any `Line`/`Column` must be correct, otherwise every other consume\ntool (like Validation Layers) need to do this before trying to print out\nthe snippet in the source code" }, { "commit": "4743e69a64255650ac902d87dc51022b6604c607", "tree": "5a0120b6b0df98e3faa4d6c06fa48843daf94f5a", "parents": [ "7e4606da87931662d66c8e3ac425eec087d17053" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Mar 26 18:04:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 26 18:04:01 2026" }, "message": "build(deps): bump the github-actions group across 1 directory with 3 updates (#6610)\n\nBumps the github-actions group with 3 updates in the / directory:\n[actions/cache](https://github.com/actions/cache),\n[lukka/get-cmake](https://github.com/lukka/get-cmake) and\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.3 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not\ncontain permissions by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by\n\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca\nhref\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca\nhref\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca\nhref\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made\ntheir first contribution in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made\ntheir first contribution in \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e\nwith the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e\nsection.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by\nupdating the \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e\nfile with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed\nand merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e\nuse the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you\nmade in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca\nhref\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version\nnumber.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags\nfor this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar\npatterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb\nprotection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e\nfrom actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e\nUpdate RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e\nAdd licenses\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e\nUpdate dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e\nfrom RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e\nFix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b\"\u003e\u003ccode\u003eb7e8d49\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1701\"\u003e#1701\u003c/a\u003e\nfrom actions/Link-/fix-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1\"\u003e\u003ccode\u003e984a21b\u003c/code\u003e\u003c/a\u003e\nAdd traffic sanity check step\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba\"\u003e\u003ccode\u003eacf2f1f\u003c/code\u003e\u003c/a\u003e\nFix resolution\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531\"\u003e\u003ccode\u003e95a07c5\u003c/code\u003e\u003c/a\u003e\nAdd wait for proxy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/get-cmake` from 4.2.3 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/releases\"\u003elukka/get-cmake\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCMake v4.3.0\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003eget-cmake\u003c/code\u003e action downloads and caches CMake and\nNinja on your workflows. Versions can be specified using \u003ca\nhref\u003d\"https://docs.npmjs.com/about-semantic-versioning\"\u003esemantic\nversioning ranges\u003c/a\u003e using \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L13\"\u003e\u003ccode\u003ecmakeVersion\u003c/code\u003e\u003c/a\u003e\nand \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/blob/latest/action.yml#L16\"\u003e\u003ccode\u003eninjaVersion\u003c/code\u003e\u003c/a\u003e\ninputs.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elatest\u003c/code\u003e is now using CMake version \u003ccode\u003ev4.3.0\u003c/code\u003e,\nuse this one-liner e.g.:\n\u003ccode\u003euses: lukka/get-cmake@latest\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnjoy!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/b78306120111dc2522750771cfd09ee7ca723687\"\u003e\u003ccode\u003eb783061\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/9004e4575548904aeed26fb81e6a4b85d8ffa048\"\u003e\u003ccode\u003e9004e45\u003c/code\u003e\u003c/a\u003e\nMigrate to Node 24\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/6e70939585f9e200ced798068227e505a7204ef8\"\u003e\u003ccode\u003e6e70939\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc3 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/9cd6c6b338a41017c69286cb3fe8db5c4513e74c\"\u003e\u003ccode\u003e9cd6c6b\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc2 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/7697ef75dc9ed6b3272f78db9f33ab1c0283bc5c\"\u003e\u003ccode\u003e7697ef7\u003c/code\u003e\u003c/a\u003e\nBump actions/upload-artifact from 6 to 7 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/54f69bf0821bdee1b09d61998039cf2c499cd4e1\"\u003e\u003ccode\u003e54f69bf\u003c/code\u003e\u003c/a\u003e\nBump actions/download-artifact from 7 to 8 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/b9a171adf54022d8446fc53ac8397858d387ad9d\"\u003e\u003ccode\u003eb9a171a\u003c/code\u003e\u003c/a\u003e\nBump actions/upload-artifact from 5 to 6 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/2b80711d6d74d65d9c96f1d4146f0704357b8e3e\"\u003e\u003ccode\u003e2b80711\u003c/code\u003e\u003c/a\u003e\nBump actions/download-artifact from 6 to 7 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/30c1a5f5bd8c0a8962200f9a3ff5e7e933432c79\"\u003e\u003ccode\u003e30c1a5f\u003c/code\u003e\u003c/a\u003e\nBump minimatch from 3.1.2 to 3.1.5 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/238\"\u003e#238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/commit/4f9746d71696c9c93399c56d527dcd372434c814\"\u003e\u003ccode\u003e4f9746d\u003c/code\u003e\u003c/a\u003e\nNew CMake version(s): cmake-rc-v4.3.0-rc1 (\u003ca\nhref\u003d\"https://redirect.github.com/lukka/get-cmake/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/lukka/get-cmake/compare/f176ccd3f28bda569c43aae4894f06b2435a3375...b78306120111dc2522750771cfd09ee7ca723687\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip\ncollecting file coverage information on pull requests to improve\nanalysis performance. File coverage information will still be computed\non non-PR analyses. Pull request analyses will log a warning about this\nupcoming change. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a\ncustom repository property with the name\n\u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type\n\u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in\nthe repository\u0027s settings. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e.\nAlternatively, if you are using an advanced setup workflow, you can set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch\nto an advanced setup workflow and set the\n\u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to\n\u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set\nthe \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable\nto \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea\nbug\u003c/a\u003e which caused the CodeQL Action to fail loading repository\nproperties if a \u0026quot;Multi select\u0026quot; repository property was\nconfigured for the repository. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom\nrepository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the\ncustomization of features such as\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only\navailable on GitHub.com. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e can be configured with OIDC-based authentication\nfor organizations, the CodeQL Action will now be able to accept such\nconfigurations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would\nfail with the error \u0026quot;Response body object should not be disturbed\nor locked\u0026quot;. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository\nproperty whose name suggests that it relates to the CodeQL Action, but\nwhich is not one of the properties recognised by the current version of\nthe CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the\n\u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to\ndisable \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository\nproperty with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and\nthe type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in\nthe repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to\ndisable improved incremental analysis. For more information, see \u003ca\nhref\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging\ncustom properties for repositories in your organization\u003c/a\u003e. This\nfeature is not yet available on GitHub Enterprise Server. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e fails on a runner — potentially due to\ninsufficient disk space — the failure is recorded in the Actions cache\nso that subsequent runs will automatically skip improved incremental\nanalysis until something changes (e.g. a larger runner is provisioned or\na new CodeQL version is released). We expect to roll this change out to\neveryone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now\nskipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry\nconnection check failures to reduce noise from workflow annotations. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space\nrequirement for \u003ca\nhref\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved\nincremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions\nrunners. We expect to roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the\n\u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from\nfeature flags instead of using the linked CLI bundle version. We expect\nto roll this change out to everyone in March. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4,\n3.32.3 and 3.32.4 are now enabled by default. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are\ngenerated for the authentication proxy that is used by the CodeQL Action\nin Default Setup when \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e. This is expected to generate more\nwidely compatible certificates and should have no impact on analyses\nwhich are working correctly already. We expect to roll this change out\nto everyone in February. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith\ndebugging enabled in Default Setup\u003c/a\u003e and \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for\nregistries\u0026quot; step will output additional diagnostic information that\ncan be used for troubleshooting. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network\ndebugging for Java programs. This will help GitHub staff support\ncustomers with troubleshooting issues in GitHub-managed CodeQL\nworkflows, such as Default Setup. This setting can only be enabled by\nGitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as\nDefault Setup, to use a \u003ca\nhref\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly\nCodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is\nused by default. This will help GitHub staff support customers whose\nanalyses for a given repository or organization require early access to\na change in an upcoming CodeQL CLI release. This setting can only be\nenabled by GitHub staff. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca\nhref\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate\npackage registries\u003c/a\u003e. This feature is not currently enabled for any\nanalysis. In the future, it may be enabled by default for Default Setup.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b1bff81932f5cdfc8695c7752dcee935dcd061c8\"\u003e\u003ccode\u003eb1bff81\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3574\"\u003e#3574\u003c/a\u003e\nfrom github/update-v4.32.7-7dd76e6bf\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e682234222f60d9549e37004a04a8f097bbd5798\"\u003e\u003ccode\u003ee682234\u003c/code\u003e\u003c/a\u003e\nAdd changelog entry for \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3570\"\u003e#3570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/95be291f41a39216811b3ce1a63a8df71d40d405\"\u003e\u003ccode\u003e95be291\u003c/code\u003e\u003c/a\u003e\nBump minor version\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/59bcb6025e4788109a6bb8f7ac4ad9c6a8d6beeb\"\u003e\u003ccode\u003e59bcb60\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.7\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/7dd76e6bf79d24133aa649887a6ee01d8b063816\"\u003e\u003ccode\u003e7dd76e6\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3572\"\u003e#3572\u003c/a\u003e\nfrom github/mbg/pr-checks/eslint\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e3200e331bf51e47d45a8a5645d2a125c8a8a643\"\u003e\u003ccode\u003ee3200e3\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3563\"\u003e#3563\u003c/a\u003e\nfrom github/mbg/private-registry/oidc\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/4c356c71a28eb968dbcf4fb717211e82f406874f\"\u003e\u003ccode\u003e4c356c7\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3570\"\u003e#3570\u003c/a\u003e\nfrom github/mbg/repo-props/warn-on-unexpected-props\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b4937c19e53d395cc647fe16c4e00788a4e7ded3\"\u003e\u003ccode\u003eb4937c1\u003c/code\u003e\u003c/a\u003e\nOnly emit one message with accumulated property names\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/136b8ab3777165e3ec7a19faa7ef9732ace305da\"\u003e\u003ccode\u003e136b8ab\u003c/code\u003e\u003c/a\u003e\nRemove \u003ccode\u003ecache-dependency-path\u003c/code\u003e options as well\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/a5aba5952cd5add76ec9f971654d61461a3ac2bd\"\u003e\u003ccode\u003ea5aba59\u003c/code\u003e\u003c/a\u003e\nRemove \u003ccode\u003epackage-lock.json\u003c/code\u003e that\u0027s no longer needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...b1bff81932f5cdfc8695c7752dcee935dcd061c8\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "7e4606da87931662d66c8e3ac425eec087d17053", "tree": "11c669b9077dfad98dbc435bad7574da83eae4a1", "parents": [ "556c7ca95c6a309278c6cee98129d573827a05b4" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Thu Mar 26 17:17:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 26 17:17:43 2026" }, "message": "Roll external/abseil_cpp/ 04f3bc01d..972e4ab4a (2 commits) (#6584)\n\nhttps://github.com/abseil/abseil-cpp/compare/04f3bc01d12c...972e4ab4a076\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "556c7ca95c6a309278c6cee98129d573827a05b4", "tree": "9316130adfb048792ae73176eea8b1574d048d1d", "parents": [ "42956b77fea93fb1e1824d20169f174419e9845d" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Tue Mar 24 21:57:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 21:57:43 2026" }, "message": "spirv-dis: Add --handle-unknown-opcodes flag (#6604)\n\nThis addresses a frequent issue we have when working with new\nextensions/instructions in SPIR-V. Often, the assembler/disassembler\nwill not understand the new opcodes, so running `spirv-dis` on such a\nmodule just errors out.\n\nIn #6024 Cassie added support for `OpUnknown` to the assembler, so if\n`spirv-dis` were to emit `OpUnknown` when it finds an instruction it\ndoesn\u0027t know, we would be able to get a textual representation that can\nbe re-assembled even when there are unknown instructions. The main use\nI\u0027m thinking of here is testing. When calling `spirv-dis\n--handle-unknown-opcodes`:\n\n- Unknown opcodes: the instruction words are consumed raw and the\ninstruction is passed to the callback.\n- Unknown extended instruction numbers in semantic sets: parsing\ncontinues by treating the remaining operands as\n`SPV_OPERAND_TYPE_VARIABLE_ID`.\n- Known opcodes with unknown enum operands (`StorageClass`,\n`Capability`, `FunctionControl`, `MemoryAccess`, etc.): re-emits the\ninstruction as raw data.\n\nIn all three cases the disassembler emits:\n\n```\n OpUnknown(\u003copcode\u003e, \u003cword_count\u003e) \u003cword[1]\u003e ... \u003cword[n]\u003e\n```\n\nAdded several tests to validate that it is possible to round-trip a\nSPIR-V module containing new instructions that the assembler still does\nnot understand.\n\nThere is one limitation that is possible to fix, but it is not a big\ndeal in the use case I\u0027m considering. When the disassembler emits\n`OpUnknown` operand words as bare decimal integers, the assembler does\nnot track those integers as ID definitions. If an unknown instruction\ndefines a result ID that is larger than every ID in the rest of the\nmodule, the reassembled module\u0027s ID bound will be too low.\n\nThis is not a concern for round-trips that do not involve validation.\nThe instruction words in the reassembled binary are byte-for-byte\nidentical to the original and only the module header ID bound field may\nbe wrong. Tools that do not validate the header are unaffected.\n\nOne way to fix this would be for the disassembler to emit all\n`OpUnknown` operands as ID references instead of bare decimal integers.\nThe issue is that words which are plain integer immediates (not IDs)\nwould also be treated as ID references, causing the reassembled module\u0027s\nID bound to be larger than necessary. This would be harmless, I think.\n\nThe real problem is with string operands.\n`SPV_OPERAND_TYPE_OPTIONAL_CIV` also accepts string literals, and a\nmulti-word string packed into `uint32_t` words must be emitted as a\nquoted string token, not as `%N`. Without grammar, the disassembler\ncannot tell which words start a string. String operands are not common,\nso this may not be a big issue." }, { "commit": "42956b77fea93fb1e1824d20169f174419e9845d", "tree": "b749d4b87a13b8bf619e8ff9d7a16d7864d25a38", "parents": [ "8a13595dd4ae5049ef42d0f30297d0c427db54b5" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 24 16:46:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 16:46:53 2026" }, "message": "spirv-val: Add Vulkan Image Format check (#6597)\n\n4 years, and a 3rd try of\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/4748 and\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/5458 to get\n`VUID-StandaloneSpirv-Image-04965` in\n\nLast time this stalled on\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/issues/766 /\nhttps://gitlab.khronos.org/spirv/SPIR-V/-/merge_requests/302/" }, { "commit": "8a13595dd4ae5049ef42d0f30297d0c427db54b5", "tree": "7d7c65b4925b752e99b3f23771539bfad9e60498", "parents": [ "93cde4f5ce430f0f74b13dfa0e573b5105b1cfbe" ], "author": { "name": "Diego Novillo", "email": "dnovillo@nvidia.com", "time": "Thu Mar 19 12:46:33 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 12:46:33 2026" }, "message": "spirv-val: Allow spec constants as DebugTypeArray component counts (#6608)\n\nThis updates the validator to match the spec update in\nhttps://github.com/KhronosGroup/SPIRV-Registry/pull/371 to allow any\nconstant instruction as the component count operand of `DebugTypeArray`.\n\nIt fixes the glslang issue\nhttps://github.com/KhronosGroup/glslang/issues/4186.\n\nThe constant check now determines whether it\u0027s checking for\nOpenCL.DebugInfo.100 or NSDI. The new rule only affects NSDI." }, { "commit": "93cde4f5ce430f0f74b13dfa0e573b5105b1cfbe", "tree": "c4525759e802d6a42647304a7b2f58ff9f67fe6b", "parents": [ "26fb01b92b00e4f40452d7c89494cf72a9f68a8f" ], "author": { "name": "Nathan Gauër", "email": "brioche@google.com", "time": "Thu Mar 19 10:56:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 10:56:24 2026" }, "message": "opt: fix OpUntypedVariableKHR removed from interfaces (#6607)\n\nThe remove_unused_interface pass was unaware of the OpUntypedVariableKHR\nopcode, and thus was wrongly removing those from the listed interfaces." }, { "commit": "26fb01b92b00e4f40452d7c89494cf72a9f68a8f", "tree": "bc0718d8b3a4bcc3a3b25d58cd353bfecf648c6b", "parents": [ "8d0044201984c645ef1d048a5c5a325b77a5146e" ], "author": { "name": "Paulius Velesko", "email": "pvelesko@pglc.io", "time": "Wed Mar 18 22:06:29 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 22:06:29 2026" }, "message": "Add validation support for Intel SPIR-V extensions (#6232)\n\nThis PR adds validation support for three Intel SPIR-V extensions:\n\nOpConstantFunctionPointerINTEL: Added validation logic and test coverage\nArbitraryPrecisionIntegersINTEL: Added type validation support and tests\nOpAliasScopeDeclINTEL/OpAliasScopeListDeclINTEL: Added ID validation\nsupport and tests\n\nFixes #6034" }, { "commit": "8d0044201984c645ef1d048a5c5a325b77a5146e", "tree": "bf9d34e5c5eb9b4ea5df31e820ed540a1a4bde4b", "parents": [ "e4bceacf59fdfe742047e94e41ef65a48999a0dd" ], "author": { "name": "Nathan Gauër", "email": "brioche@google.com", "time": "Tue Mar 17 08:47:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 17 08:47:53 2026" }, "message": "opt: allow aggressive DCE to optimize untyped_pointers (#6602)\n\nThis will be required to allow DXC generating descriptor heaps code\nwhich uses untyped pointers/descriptor_heap" }, { "commit": "e4bceacf59fdfe742047e94e41ef65a48999a0dd", "tree": "bda78c7dc69071474a43dccd7ca99d5c69c2b538", "parents": [ "989e29a489ba32e451d9e23c9016999eb75378e4" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Mon Mar 16 01:10:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 16 01:10:24 2026" }, "message": "spirv-val: Add remaining OpSpecConstantOp (#6596)\n\nMy personal final PR for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nThere is still the access chains left, but those are going to be ugly,\nand since its only a `Kernel` feature, I don\u0027t have the bandwidth to\nlook into right now. (But did left some test for the person who does in\nthe future)" }, { "commit": "989e29a489ba32e451d9e23c9016999eb75378e4", "tree": "b999ddabf5089bca02adea85fb1b0e84b0fde77d", "parents": [ "5d6745bfdd3bdb3a5e04a6016104851244e12cdb" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Sat Mar 14 02:10:49 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 14 02:10:49 2026" }, "message": "Improve constant composite validation (#6598)\n\n* Refactored a lot of repetitive code\n* Improved operand checks to disallow spec constants in regular\nconstants\n* Removed some tests that no longer trigger appropriate messages\n * replaced more generally" }, { "commit": "5d6745bfdd3bdb3a5e04a6016104851244e12cdb", "tree": "3d8258e4d8fc05d8328f33048264e454fa4906c0", "parents": [ "5a1eea1546c372a945a27d9b10e0a059db6cc651" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Fri Mar 13 13:32:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 13 13:32:53 2026" }, "message": "Improve variable pointer validation (#6595)\n\nFixes #6532\n\n* Check through types to ensure only valid pointers are allocated in\nlogical variables\n* Fix up some invalid tests" }, { "commit": "5a1eea1546c372a945a27d9b10e0a059db6cc651", "tree": "989f4d8e7cf64cbbca2fc722c3e9b0de22cd893b", "parents": [ "7eda548e509357103af154ab70f63a8ffdbb4934" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Fri Mar 13 02:21:46 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 13 02:21:46 2026" }, "message": "spirv-val: Add SubpassData and TileImageEXT checks (#6591)\n\nAdds `VUID-StandaloneSpirv-SubpassData-04660` and\n`VUID-StandaloneSpirv-None-08720`" }, { "commit": "7eda548e509357103af154ab70f63a8ffdbb4934", "tree": "4da07061f273fd949e2240edf9272725fabd0460", "parents": [ "b8ad063791ad9e338f93b78e07fa5287294f43da" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 19:34:03 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 19:34:03 2026" }, "message": "spirv-val: Breakup ValidateVariable (#6592)\n\nI tried to work on `ValidateVariable` and its honestly a 800 line mess\nof a function and no clue \"where\" to add anything\n\nI tried to break it up into some more smaller functions and group things\ntogether to make it more manageable" }, { "commit": "b8ad063791ad9e338f93b78e07fa5287294f43da", "tree": "53942a5b4f63e08d65214091cec93568937f1928", "parents": [ "334a9b71795f66477d4b60f9459ac160a081d939" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 16:02:18 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 16:02:18 2026" }, "message": "spirv-val: Add missing SPV_EXT_descriptor_indexing caps (#6589)\n\n(from\nhttps://github.com/KhronosGroup/Vulkan-ValidationLayers/issues/11860)\nAdds two missing `SPV_EXT_descriptor_indexing` from being allowed in\nVulkan1.2" }, { "commit": "334a9b71795f66477d4b60f9459ac160a081d939", "tree": "7a45c57edf64560f87340a18bbf7ddf167fddcd0", "parents": [ "c75e3498595a4c1fcf67045e58c40d215a3d3901" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 15:14:40 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 15:14:40 2026" }, "message": "spirv-val: More OpSpecConstantOp (#6585)\n\nAll is left after for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564 is the\nVectorShuffle/CompositeInsert/CompositeExtract and the AccessChains,\nthese will need some more changes to passing in the operand index, so\nsaving them for last" }, { "commit": "c75e3498595a4c1fcf67045e58c40d215a3d3901", "tree": "1ba4f2461638743ec68282ba0b621d6ca101246c", "parents": [ "85dc1ee2348bd28985e40a3f60e0b8eec2aed422" ], "author": { "name": "alan-baker", "email": "alanbaker@google.com", "time": "Thu Mar 12 13:52:17 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 13:52:17 2026" }, "message": "Add validation for SPV_EXT_replicated_composites (#6583)\n\nFixes #6529\n\n* OpConstantCompositeReplicateEXT\n* OpSpecConstantCompositeReplicateEXT\n* OpCompositeConstructReplicateEXT" }, { "commit": "85dc1ee2348bd28985e40a3f60e0b8eec2aed422", "tree": "f6e6255cbf6a0fa9cae66cee3eebd297bd172ee2", "parents": [ "281fecf9d669adc3aec219b6c1fe103a2915af41" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 02:14:52 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 02:14:52 2026" }, "message": "spirv-val: Add OpSpecConstantOp for Arithmetics and Bitwise (#6582)\n\nanother chunk of https://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nadds `ArithmeticsPass` and `BitwisePass`" }, { "commit": "281fecf9d669adc3aec219b6c1fe103a2915af41", "tree": "c1348e42f14310626294d51a97ca03b2fe8fbf7b", "parents": [ "6e9d60d80905f561858c2b1234bbb82bb529c044" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Thu Mar 12 02:14:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 12 02:14:15 2026" }, "message": "spirv-val: Label LongVector VUID (#6581)\n\nWe decided today to move these to Standalone VUID\nhttps://gitlab.khronos.org/vulkan/vulkan/-/merge_requests/8106/diffs" }, { "commit": "6e9d60d80905f561858c2b1234bbb82bb529c044", "tree": "451e4d61814e469e05c809c2240bee6601a03edc", "parents": [ "40093b5e37ff92f9b63329f9ccd701ae1a12e0d2" ], "author": { "name": "Marijn Suijten", "email": "marijns95@gmail.com", "time": "Wed Mar 11 14:55:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:55:51 2026" }, "message": "Optimize `SPV_EXT_opacity_micromap` and `SPV_EXT_shader_invocation_reorder` (#6571)\n\nIt\u0027s been a while since I last added extensions to these lists, but I\njust ran into a long-forgotten related issue again that DXC outputs\ninvalid SPIR-V before it\u0027s stripped away by `spirv-opt`:\nhttps://github.com/microsoft/DirectXShaderCompiler/issues/8210.\n\nShaders with these extensions weren\u0027t yet extensively tested but this at\nleast gets us past `spir-val` in both DXC (can also be disabled with\n`-Vd`) and the validation layers.\n\n---\n\nI\u0027m probably way out of my league to ask, but is there still much\nsignificance to `extensions_allowlist_`? It seems like a maintenance\nburden that\u0027s very easy to miss, for (currently) a single extension\nthat\u0027s specifically commented out to not be optimized.\n\nIt\u0027s also mostly duplicated but not entirely in sync across all 4 passes\neither. I even noticed that `SPV_KHR_shader_clock` which **I added** to\n`dead_code_elim_pass` in\nhttps://github.com/KhronosGroup/SPIRV-Tools/pull/4049 isn\u0027t in any other\nfile, which must have been an oversight on my part but also means that\npresence of this extension erroneously disables all the other 3 passes." }, { "commit": "40093b5e37ff92f9b63329f9ccd701ae1a12e0d2", "tree": "747f92cf222625f9a88f45ea6407b11e00e64ad1", "parents": [ "47eef7be333fe709795fd695ba4f8e58c70a0cf0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Mar 11 14:50:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:50:02 2026" }, "message": "build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 in the github-actions group (#6572)\n\nBumps the github-actions group with 1 update:\n[github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 4.32.5 to 4.32.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/0d579ffd059c29b07949a3cce3983f0780820c98\"\u003e\u003ccode\u003e0d579ff\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3551\"\u003e#3551\u003c/a\u003e\nfrom github/update-v4.32.6-72d2d850d\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/d4c6be7cf1c47a33a06fa9183269e133e6863574\"\u003e\u003ccode\u003ed4c6be7\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.6\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/72d2d850d1f91d4e1e024f4cf4276fd16bb68462\"\u003e\u003ccode\u003e72d2d85\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3548\"\u003e#3548\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/23f983ce00d9a853697a6aaa9eae8d5abbf14849\"\u003e\u003ccode\u003e23f983c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3544\"\u003e#3544\u003c/a\u003e\nfrom github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/832e97ccad228ef72e06ffee26f6251bceeb7e5f\"\u003e\u003ccode\u003e832e97c\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3545\"\u003e#3545\u003c/a\u003e\nfrom github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/5ef38c0b13c2f0f5ce928cb7706f5fb19fc97ae2\"\u003e\u003ccode\u003e5ef38c0\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3546\"\u003e#3546\u003c/a\u003e\nfrom github/dependabot/npm_and_yarn/tar-7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/80c9cda73902bba67939606c4bf3a1d9606bb150\"\u003e\u003ccode\u003e80c9cda\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/f2669dd916c673b2811839169929a8ba71bb7634\"\u003e\u003ccode\u003ef2669dd\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/bd03c44cf40965f5476f66fad404194e4cb35710\"\u003e\u003ccode\u003ebd03c44\u003c/code\u003e\u003c/a\u003e\nMerge branch \u0027main\u0027 into\ndependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/102d7627b63c066871badf0743c11b2f6dd9c9e9\"\u003e\u003ccode\u003e102d762\u003c/code\u003e\u003c/a\u003e\nBump tar from 7.5.7 to 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d4.32.5\u0026new-version\u003d4.32.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "47eef7be333fe709795fd695ba4f8e58c70a0cf0", "tree": "1ffdbbfa8b4eb774a2cc61de12d86332da62f8bc", "parents": [ "c1ad8d6247520655a3debaae46be9e764402cee5" ], "author": { "name": "github-actions[bot]", "email": "41898282+github-actions[bot]@users.noreply.github.com", "time": "Wed Mar 11 14:03:07 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 11 14:03:07 2026" }, "message": "Roll external/abseil_cpp/ 3b777f679..267879b45 (1 commit) (#6569)\n\nhttps://github.com/abseil/abseil-cpp/compare/3b777f67987d...267879b45aab\n\nCreated with:\n roll-dep external/abseil_cpp\n\n---------\n\nCo-authored-by: GitHub Actions[bot] \u003c\u003e" }, { "commit": "c1ad8d6247520655a3debaae46be9e764402cee5", "tree": "d7d211a0f5d1ad1801c7b2226ee75014af008128", "parents": [ "608e62007ec9d6b9ef3cf9c76fd247e623e80ea2" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 10 17:57:23 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 17:57:23 2026" }, "message": "spirv-val: Get things to cases for OpSpecConstantOp (#6579)\n\nFor the \"final prep\" for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564\n\nMade a commit per file (incase people have fun with merge conflicts) to\nmake main pass function call into smaller functions, this will allow for\nthe `OpSpecConstantOp` usage to work as well\n\nThis was a pure copy-and-paste PR" }, { "commit": "608e62007ec9d6b9ef3cf9c76fd247e623e80ea2", "tree": "065c45f049c6fa79a5332b866e19dbc6679f821f", "parents": [ "2aa281c16ca42348b2e5262c809318a8935e3989" ], "author": { "name": "Spencer Fricke", "email": "115671160+spencer-lunarg@users.noreply.github.com", "time": "Tue Mar 10 13:54:08 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 13:54:08 2026" }, "message": "spirv-val: Add remaining Convert SpecConstantOp (#6578)\n\nspirv-val: Adds the rest of the `Convert` for\nhttps://github.com/KhronosGroup/SPIRV-Tools/issues/6564" } ], "next": "2aa281c16ca42348b2e5262c809318a8935e3989" }